Cybersecurity News


Microsoft Patch Tuesday, May 2021 Edition

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft's Internet Explorer (IE) web browser.
11 May 2021

Wormable Windows Bug Opens Door to DoS, RCE

Wormable Windows Bug Opens Door to DoS, RCE Microsoft's May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities.
11 May 2021

GitHub Prepares to Move Beyond Passwords

GitHub Prepares to Move Beyond Passwords GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords.
11 May 2021

Cartoon Caption Winner: Greetings, Earthlings

Cartoon Caption Winner: Greetings, Earthlings And the winner of Dark Reading's April cartoon caption contest is ...
11 May 2021

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.
11 May 2021

E-commerce Payment Security: A Perspective from Brazil

 

It has been more than a year since the outbreak of the COVID-19 global pandemic which has had a significant impact on health, lifestyles, and the way business is done. In the world of payments, many businesses have had to reinvent themselves and adapt to remote transactions and the world of e-commerce (in many cases on the cloud). On this blog, we discuss the challenges of e-commerce on payment security in Brazil with Carlos Caetano, Associate Regional Director, Brazil for the PCI Security Standards Council (PCI SSC) and Gerson Rolim, Antifraud and Internet Payments Steering Committees Coordinator, Camara-e.net. Camara-e.net is a member of the PCI Brazil Regional Engagement Board (REB), a board that represents the perspectives of PCI Participating Organizations and PCI constituents in Brazil, advising and providing feedback and guidance to the PCI SSC on standards and programs development and adoption in Brazil.

11 May 2021

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack An ingenious attack on Android devices self-propagates, with the potential for a range of damage.
11 May 2021

3 Cybersecurity Myths to Bust

Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
11 May 2021

A Closer Look at the DarkSide Ransomware Gang

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here's a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.
11 May 2021

Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud

Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud Aamir Lakhani, researcher at FortiGuard Labs, discusses leading-edge threats related to edge access/browsers/IoT, and the COVID-19 vaccine, as a way of getting into larger organizations.
11 May 2021

200K Veterans’ Medical Records Likely Stolen by Ransomware Gang

200K Veterans’ Medical Records Likely Stolen by Ransomware Gang Analyst finds ransomware evidence, despite a contractor's denial of compromise.
11 May 2021

DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack

DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack Statement by the ransomware gang suggests that the incident that crippled a major U.S. oil pipeline may not have exactly gone to plan for overseas threat actors.
11 May 2021

Critical Infrastructure Under Attack

Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
11 May 2021

WhatsApp will limit features for users who don’t accept new data‑sharing rules

Your account won’t be deleted, but here's what you may want to be aware of if not even repeated reminders do the trick

The post WhatsApp will limit features for users who don’t accept new data‑sharing rules appeared first on WeLiveSecurity

11 May 2021

Colonial Pipeline ransomware attack: Everything you need to know

Updated: DarkSide has claimed responsibility for the catastrophic ransomware outbreak.
11 May 2021

Everything you need to know about the Colonial Pipeline ransomware attack

DarkSide has claimed responsibility for the catastrophic ransomware outbreak.
11 May 2021

GitHub shifts away from passwords with security key support for SSH Git operations

Support has been added to bolster defense against account compromise.
11 May 2021

Virtual Private Networks

Virtual Private Networks (VPN) create encrypted tunnels when you connect to the Internet. They are a fantastic way to protect your privacy and data, especially when traveling and connecting to untrusted or unknown networks, such as at hotels or coffee shops. Use a VPN whenever possible, both for work and personal use.
11 May 2021

Colonial Pipeline Cyberattack: What Security Pros Need to Know

As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.
10 May 2021

Tulsa Deals with Aftermath of Ransomware Attack

Weekend attack shuts down several city sites and service.
10 May 2021