Cybersecurity News


The Taxman Cometh for ID Theft Victims

The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn't abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year.
29 January 2021

Industrial Gear at Risk from Fuji Code-Execution Bugs

Industrial Gear at Risk from Fuji Code-Execution Bugs Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.
29 January 2021

Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System

Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits.
29 January 2021

Week in security with Tony Anscombe

Law enforcement disrupts Emotet – Wormable Android malware spreading via WhatsApp – Three iOS zero-day bugs squashed

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

29 January 2021

Paving the way: Inspiring Women in Payments - A Q&A featuring Sheryl Benedict

 

After seeing the 1983 film WarGames as a child, Sheryl Benedict became fascinated by computer technology. In this edition of our blog, Sheryl explains how the thought of protecting organizations from the bad guys inspired her to achieve great things in cybersecurity.

29 January 2021

Is the Web Supply Chain Next in Line for State-Sponsored Attacks?

Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
29 January 2021

Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher

Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with ‘Comebacker’ malware.
29 January 2021

2020 Marked a Renaissance in DDoS Attacks

Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around.
29 January 2021

Electronic health records provider Athena to pay $18m settlement in kickback lawsuit

Athena was accused of paying under the table to push athenaClinicals software.
29 January 2021

Google bans another misbehaving CA from Chrome

Digital certificates issued by Spanish certificate authority Camerfirma will stop working in Chrome 90, in April.
29 January 2021

Google researcher discovers new iOS security system

iOS 14 shipped with BlastDoor, a new sandbox system for processing iMessages data.
28 January 2021

Law Enforcement Aims to Take Down Netwalker Ransomware

The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.
28 January 2021

Rocke Group’s Malware Now Has Worm Capabilities

Rocke Group’s Malware Now Has Worm Capabilities The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics.
28 January 2021

Utah Ponders Making Online ‘Catfishing’ a Crime

Utah Ponders Making Online ‘Catfishing’ a Crime Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow.
28 January 2021

PCI SSC Executive Director Discusses New Board and 2021 Priorities


With the start of a new year, PCI SSC Executive Director Lance Johnson welcomes the new 2021-2022 Board of Advisors, provides an update on the Council’s top priorities, and offers insight into what stakeholders can expect in 2021.

28 January 2021

LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages

LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages A phishing kit has been found running on at least 700 domains - and mimicking services via false SharePoint, OneDrive and Office 365 login portals.
28 January 2021

Hezbollah's cyber unit hacked into telecoms and ISPs

Security firm Clearsky said they identified at least 250 servers hacked by Lebanese Cedar, a hacking group linked to the Hezbollah militant group.
28 January 2021

Breach Data Highlights a Pivot to Orgs Over Individuals

In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds.
28 January 2021

Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball

Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack.
28 January 2021

Digital Identity Is the New Security Control Plane

Simplifying the management of security systems helps provide consistent protection for the new normal.
28 January 2021