Cybersecurity News
Microsoft Patch Tuesday, December 2021 Edition
Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month's Patch Tuesday is being overshadowed by the "Log4Shell" 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
December's Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.
400 Banks’ Customers Targeted with Anubis Trojan
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.
Paving the way: Inspiring Women in Payments - featuring Amanda Andrews
As a young attorney just starting out, Amanda Andrews’ career path would lead her in a direction she never imagined. In this month’s blog series, Andrews’ describes how her experience with Visa Inc. led her into a cybersecurity career with The Walt Disney Company and why you should never take “no” for an answer.
What the Log4Shell Bug Means for SMBs: Experts Weigh In
An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what's vulnerable, what an attack looks like and to how to remediate.
How to Buy Precious Patching Time as Log4j Exploits Fly
Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.
‘Seedworm’ Attackers Target Telcos in Asia, Middle East
The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.
5 warning signs your identity has been stolen
By spotting these early warning signs of identity theft, you can minimize the impact on you and your family
The post 5 warning signs your identity has been stolen appeared first on WeLiveSecurity
Inside Ireland’s Public Healthcare Ransomware Scare
The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland's public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousand of outdated Windows 7 systems, and that the health system's IT administrators failed to respond to multiple warning signs that a massive attack was imminent.Kronos Ransomware Outage Drives Widespread Payroll Chaos
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses ands vacation tracking.
Log4Shell vulnerability: What we know so far
The critical flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what we know so far
The post Log4Shell vulnerability: What we know so far appeared first on WeLiveSecurity
Q&A with Ralph Spencer Poore
After more than 10 years working at PCI Security Standards Council (PCI SSC), Ralph Poore, Director, Emerging Standards, retires at the end of the year. In this blog, we interview Ralph about his career in cryptography, security and the payments industry, the most rewarding aspects of his career, and how he plans to stay involved with the PCI SSC as well as his retirement plans.
Where the Latest Log4Shell Attacks Are Coming From
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
Malicious PyPI Code Packages Rack Up Thousands of Downloads
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.
Log4Shell Is Spawning Even Nastier Mutations
The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.
The new PPI? Claims firms turn their fire on data breaches
People are being told they are entitled to compensation as more companies move into the industry
Claims companies and law firms looking for the next bonanza in payouts are targeting people who have been the victim of a data breach, with some telling those affected they could be entitled to thousands of pounds in compensation.
A Google search for the term “data breach claim” results in a long list of firms – the vast majority of them no-win, no-fee solicitors – and there are more moving into this space all the time. Meanwhile, adverts for firms are increasingly appearing in Instagram feeds.
Continue reading...Next-Gen Maldocs & How to Solve the Human Vulnerability
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.
‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets
Scammers are using fake job listings to empty the wallets of young, hopeful victims looking to break into the gaming industry.
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”
Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites
Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.