Cybersecurity News


The Importance of Properly Scoping Cloud Environments


PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) recently released a joint industry threat bulletin highlighting the importance of properly scoping cloud environments. In this blog, the PCI SSC and CSA share guidance and best practices for properly scoping cloud environments.

05 August 2021

Why Supply Chain Attacks Are Destined to Escalate

In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
05 August 2021

Ransomware Gangs and the Name Game Distraction

It's nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don't go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years. Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one's demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere. Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members -- such as which types of victims aren't allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network.
05 August 2021

There's been a rise in stalkerware. And the tech abuse problem goes beyond smartphones

No matter how stalkerware is marketed, it is part of a wider problem: the use of technology in coercive control.
05 August 2021

Why cloud security is the key to unlocking value from hybrid working

How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats?

The post Why cloud security is the key to unlocking value from hybrid working appeared first on WeLiveSecurity

05 August 2021

‘I’m Calling About Your Car Warranty’, aka PII Hijinx

‘I’m Calling About Your Car Warranty’, aka PII Hijinx Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
04 August 2021

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms A researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities.
04 August 2021

Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch

If that job offer looks too good to be true, something else may be afoot.
04 August 2021

Black Hat: Let’s All Help Cyber-Immunize Each Other

Black Hat: Let’s All Help Cyber-Immunize Each Other We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity.
04 August 2021

Bob had a bad night: IoT mischief takes neighbourly revenge to the next level in a capsule hotel

When you hand over control of capsule bedrooms to guests, you also offer them the means to troll others.
04 August 2021

The Graph Foundation launches bug bounty program

Bugs in scope include RCE and those leading to the loss of user funds.
04 August 2021

Black Hat 2021 – non‑virtual edition

How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?

The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity

04 August 2021

Phishing Campaign Dangles SharePoint File-Shares

Phishing Campaign Dangles SharePoint File-Shares Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.
04 August 2021

We COVID-Clicked on Garbage, Report Finds: Podcast

We COVID-Clicked on Garbage, Report Finds: Podcast Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020.
04 August 2021

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.
03 August 2021

Ransomware Volumes Hit Record Highs as 2021 Wears On

Ransomware Volumes Hit Record Highs as 2021 Wears On The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.
03 August 2021

Back-to-Basics: Keep Software Patched

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on keeping software patched.

03 August 2021

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

Raccoon Stealer Bundles Malware, Propagates Via Google SEO An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
03 August 2021

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.
03 August 2021

Raccoon stealer-as-a-service will now try to grab your cryptocurrency

The malware has been upgraded to target even more financial information.
03 August 2021