Cybersecurity News
The Importance of Properly Scoping Cloud Environments
PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) recently released a joint industry threat bulletin highlighting the importance of properly scoping cloud environments. In this blog, the PCI SSC and CSA share guidance and best practices for properly scoping cloud environments.
Why Supply Chain Attacks Are Destined to Escalate
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.Ransomware Gangs and the Name Game Distraction
It's nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don't go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years. Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one's demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere. Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members -- such as which types of victims aren't allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network.There's been a rise in stalkerware. And the tech abuse problem goes beyond smartphones
No matter how stalkerware is marketed, it is part of a wider problem: the use of technology in coercive control.Why cloud security is the key to unlocking value from hybrid working
How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats?
The post Why cloud security is the key to unlocking value from hybrid working appeared first on WeLiveSecurity
‘I’m Calling About Your Car Warranty’, aka PII Hijinx
Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms
A researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities.
Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch
If that job offer looks too good to be true, something else may be afoot.Black Hat: Let’s All Help Cyber-Immunize Each Other
We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity.
Bob had a bad night: IoT mischief takes neighbourly revenge to the next level in a capsule hotel
When you hand over control of capsule bedrooms to guests, you also offer them the means to troll others.The Graph Foundation launches bug bounty program
Bugs in scope include RCE and those leading to the loss of user funds.Black Hat 2021 – non‑virtual edition
How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?
The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity
Phishing Campaign Dangles SharePoint File-Shares
Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.
We COVID-Clicked on Garbage, Report Finds: Podcast
Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020.
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam
Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.
Ransomware Volumes Hit Record Highs as 2021 Wears On
The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.
Back-to-Basics: Keep Software Patched
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on keeping software patched.
Raccoon Stealer Bundles Malware, Propagates Via Google SEO
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
‘DeadRinger’ Targeted Exchange Servers Long Before Discovery
Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.