Cybersecurity News


Cybersecurity Month: Consider a Cyber Career


As an  Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages. The Council will align these resources with the four weekly themes outlined by the National Cyber Security Alliance:

20 October 2021

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that's as potent as it is ancient.
20 October 2021

Black market traders cash in on fake COVID-19 vaccination records

The EU vaccine passport and CDC certifications are hot ticket items.
20 October 2021

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.
19 October 2021

Fresh APT Harvester Reaps Telco, Government Data

Fresh APT Harvester Reaps Telco, Government Data The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics.
19 October 2021

$5.2 billion worth of Bitcoin transactions possibly tied to ransomware

Threat actors are increasingly using advanced tactics to obfuscate and launder their illicit gains, a report by the US Government finds

The post $5.2 billion worth of Bitcoin transactions possibly tied to ransomware appeared first on WeLiveSecurity

19 October 2021

$5.2 billion worth of Bitcoin transactions possibly tied to ransomware

Threat actors are increasingly using advanced tactics to obfuscate and launder their illicit gains, a report by the US Government finds

The post $5.2 billion worth of Bitcoin transactions possibly tied to ransomware appeared first on WeLiveSecurity

19 October 2021

Lyceum APT Returns, This Time Targeting Tunisian Firms

Lyceum APT Returns, This Time Targeting Tunisian Firms The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It's kept up attacks through 2021 and is working on retooling its arsenal yet again. 
19 October 2021

A Guide to Doing Cyberintelligence on a Restricted Budget

A Guide to Doing Cyberintelligence on a Restricted Budget Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.
19 October 2021

At least 13 phone firms hit by suspected Chinese hackers since 2019, say experts

At least 13 phone firms hit by suspected Chinese hackers since 2019, say experts

LightBasin hackers were able to obtain subscriber information and call metadata, says CrowdStrike

At least 13 phone companies around the world have been compromised since 2019 by sophisticated hackers who are believed to come from China, a cybersecurity expert group has said.

The roaming hackers – known as LightBasin – were able to “search and find” individual mobile phones and “target accordingly”, according to CrowdStrike, a group regularly cited by western intelligence.

Continue reading...
19 October 2021

Feds Warn BlackMatter Ransomware Gang is Poised to Strike

Feds Warn BlackMatter Ransomware Gang is Poised to Strike An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off.
19 October 2021

FCC mulls over new rules demanding carriers block spam robot texts at network level

The proposal hones in on rising rates of robot texts.
19 October 2021

A recipe for failure: Predictably poor passwords

Security professionals advise to never use ‘beef stew’ as a password. It just isn’t stroganoff.

The post A recipe for failure: Predictably poor passwords appeared first on WeLiveSecurity

19 October 2021

A recipe for failure: Predictably poor passwords

Security professionals advise to never use ‘beef stew’ as a password. It just isn’t stroganoff.

The post A recipe for failure: Predictably poor passwords appeared first on WeLiveSecurity

19 October 2021

Twitter accounts linked to cyberattacks against security researchers suspended

North Korean hackers are luring professionals with "zero-day vulnerability hype."
19 October 2021

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

TA505 Gang Is Back With Newly Polished FlawedGrace RAT TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.
19 October 2021

Time to Build Accountability Back into Cybersecurity

Time to Build Accountability Back into Cybersecurity Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.
18 October 2021

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0? Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.
18 October 2021

Sinclair Confirms Ransomware Attack That Disrupted TV Stations

Sinclair Confirms Ransomware Attack That Disrupted TV Stations A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks.
18 October 2021

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.
18 October 2021