Cybersecurity News


Microsoft Patch Tuesday, December 2021 Edition

Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month's Patch Tuesday is being overshadowed by the "Log4Shell" 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.
14 December 2021

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery December's Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.
14 December 2021

400 Banks’ Customers Targeted with Anubis Trojan

400 Banks’ Customers Targeted with Anubis Trojan The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.
14 December 2021

Paving the way: Inspiring Women in Payments - featuring Amanda Andrews


As a young attorney just starting out, Amanda Andrews’ career path would lead her in a direction she never imagined. In this month’s blog series, Andrews’ describes how her experience with Visa Inc. led her into a cybersecurity career with The Walt Disney Company and why you should never take “no” for an answer.

14 December 2021

What the Log4Shell Bug Means for SMBs: Experts Weigh In

What the Log4Shell Bug Means for SMBs: Experts Weigh In An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what's vulnerable, what an attack looks like and to how to remediate.
14 December 2021

How to Buy Precious Patching Time as Log4j Exploits Fly

How to Buy Precious Patching Time as Log4j Exploits Fly Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.
14 December 2021

‘Seedworm’ Attackers Target Telcos in Asia, Middle East

‘Seedworm’ Attackers Target Telcos in Asia, Middle East The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.
14 December 2021

5 warning signs your identity has been stolen

By spotting these early warning signs of identity theft, you can minimize the impact on you and your family

The post 5 warning signs your identity has been stolen appeared first on WeLiveSecurity

14 December 2021

Inside Ireland’s Public Healthcare Ransomware Scare

The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland's public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousand of outdated Windows 7 systems, and that the health system's IT administrators failed to respond to multiple warning signs that a massive attack was imminent.
13 December 2021

Kronos Ransomware Outage Drives Widespread Payroll Chaos

Kronos Ransomware Outage Drives Widespread Payroll Chaos Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses ands vacation tracking.
13 December 2021

Log4Shell vulnerability: What we know so far

The critical flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what we know so far

The post Log4Shell vulnerability: What we know so far appeared first on WeLiveSecurity

13 December 2021

Q&A with Ralph Spencer Poore

 

After more than 10 years working at PCI Security Standards Council (PCI SSC), Ralph Poore, Director, Emerging Standards, retires at the end of the year. In this blog, we interview Ralph about his career in cryptography, security and the payments industry, the most rewarding aspects of his career, and how he plans to stay involved with the PCI SSC as well as his retirement plans.

13 December 2021

Where the Latest Log4Shell Attacks Are Coming From

Where the Latest Log4Shell Attacks Are Coming From Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
13 December 2021

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Malicious PyPI Code Packages Rack Up Thousands of Downloads The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.
13 December 2021

Log4Shell Is Spawning Even Nastier Mutations

Log4Shell Is Spawning Even Nastier Mutations The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.
13 December 2021

The new PPI? Claims firms turn their fire on data breaches

The new PPI? Claims firms turn their fire on data breaches

People are being told they are entitled to compensation as more companies move into the industry

Claims companies and law firms looking for the next bonanza in payouts are targeting people who have been the victim of a data breach, with some telling those affected they could be entitled to thousands of pounds in compensation.

A Google search for the term “data breach claim” results in a long list of firms – the vast majority of them no-win, no-fee solicitors – and there are more moving into this space all the time. Meanwhile, adverts for firms are increasingly appearing in Instagram feeds.

Continue reading...
11 December 2021

Next-Gen Maldocs & How to Solve the Human Vulnerability

Next-Gen Maldocs & How to Solve the Human Vulnerability Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.
10 December 2021

‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets

‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets Scammers are using fake job listings to empty the wallets of young, hopeful victims looking to break into the gaming industry.
10 December 2021

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”
10 December 2021

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.
10 December 2021