Cybersecurity News


Time to Build Accountability Back into Cybersecurity

Time to Build Accountability Back into Cybersecurity Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.
18 October 2021

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0? Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.
18 October 2021

Sinclair Confirms Ransomware Attack That Disrupted TV Stations

Sinclair Confirms Ransomware Attack That Disrupted TV Stations A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks.
18 October 2021

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.
18 October 2021

Request for Comments: PCI 3DS SDK and 3DS Core Security Standards


From 18 October to 17 November 2021, eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published PCI 3DS SDK Security Standard and the PCI 3DS Core Security Standard during a 30-day request for comments (RFC) period. The full list of stakeholders eligible to participate can be found on the PCI SSC RFC webpage.

18 October 2021

Twitter Suspends Accounts Used to Snare Security Researchers

Twitter Suspends Accounts Used to Snare Security Researchers The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.
18 October 2021

BlackByte ransomware decryptor released

The "odd" malware avoids systems based on Russian and ex-USSR languages.
18 October 2021

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever.
15 October 2021

Missouri Vows to Prosecute ‘Hacker’ Who Disclosed Data Leak

Missouri Vows to Prosecute ‘Hacker’ Who Disclosed Data Leak Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.
15 October 2021

Critical infrastructure security dubbed 'abysmal' by researchers

Researchers find that lax ICS security is putting critical services at risk of exploitation.
15 October 2021

Week in security with Tony Anscombe

Phishing and how to avoid taking the bait – Offboarding employees securely – Why old malware refuses to die

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

15 October 2021

Week in security with Tony Anscombe

Phishing and how to avoid taking the bait – Offboarding employees securely – Why old malware refuses to die

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

15 October 2021

Virus Bulletin: Old malware never dies – it just gets more targeted

Putting a precision payload on top of more generic malware makes perfect sense for malware operators

The post Virus Bulletin: Old malware never dies – it just gets more targeted appeared first on WeLiveSecurity

15 October 2021

Virus Bulletin: Old malware never dies – it just gets more targeted

Putting a precision payload on top of more generic malware makes perfect sense for malware operators

The post Virus Bulletin: Old malware never dies – it just gets more targeted appeared first on WeLiveSecurity

15 October 2021

Rickroll Grad Prank Exposes Exterity IPTV Bug

Rickroll Grad Prank Exposes Exterity IPTV Bug IPTV and IP video security is increasingly under scrutiny, even by high school kids.
14 October 2021

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.
14 October 2021

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the "hackers" and anyone who aided the publication in its "attempt to embarrass the state and sell headlines for their news outlet."
14 October 2021

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.
14 October 2021

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times.
14 October 2021

Employee offboarding: Why companies must close a crucial gap in their security strategy

There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe?

The post Employee offboarding: Why companies must close a crucial gap in their security strategy appeared first on WeLiveSecurity

14 October 2021