Cybersecurity News


Spotlight on the Cybercriminal Supply Chains

Spotlight on the Cybercriminal Supply Chains In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth.
22 April 2021

Improving the Vulnerability Reporting Process With 5 Steps

Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
22 April 2021

Signal founder: I hacked police phone-cracking tool Cellebrite

Signal founder: I hacked police phone-cracking tool Cellebrite

Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the world

The CEO of the messaging app Signal claims to have hacked the phone-cracking tools used by police in Britain and around the world to extract information from seized devices.

In an online post, Moxie Marlinspike, the security researcher who founded Signal in 2013, detailed a series of vulnerabilities in the surveillance devices, made by the Israeli company Cellebrite.

Continue reading...
22 April 2021

AirDrop flaws could leak phone numbers, email addresses

You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says

The post AirDrop flaws could leak phone numbers, email addresses appeared first on WeLiveSecurity

22 April 2021

University Suspends Project After Researchers Submitted Vulnerable Linux Patches

A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.
22 April 2021

Name That Toon: Greetings, Earthlings

Name That Toon: Greetings, Earthlings Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
22 April 2021

Payment Security in South Africa: A Discussion with Stakeholders

 

The PCI SSC Security Summit of South Africa, an online event took place this week with more than 315 payment security practitioners from South Africa discussing the latest in payment security and standards. Here we talk with Jeremy King, PCI Security Standards Council VP Regional Head for Europe, Naniki Imelda Ramabi, Chief Risk Officer Payments Association of South Africa (PASA), and Sandro Bucchianeri, Group Chief Security Officer ABSA, about payment security trends, highlights from the Security Summit of South Africa, and industry involvement opportunities for the region.

22 April 2021

10 Free Security Tools at Black Hat Asia 2021

10 Free Security Tools at Black Hat Asia 2021 Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
22 April 2021

Looking for Greater Security Culture? Ask an 8-Bit Plumber

Looking for Greater Security Culture? Ask an 8-Bit Plumber After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
22 April 2021

Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns

Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims’ machines, new research has found.
22 April 2021

SolarWinds hack analysis reveals 56% boost in command server footprint

Researchers say newly identified targets are likely.
22 April 2021

It’s Easy to Become a Cyberattack Target, but a VPN Can Help

It’s Easy to Become a Cyberattack Target, but a VPN Can Help You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list.
22 April 2021

Who's Your Login?

If only Abbott and Costello were around today.
22 April 2021

New US Justice Department team aims to disrupt ransomware operations

The task force will focus on dealing with the “root causes” of ransomware.
22 April 2021

Rapid7 Acquires Velociraptor Open Source Project

The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.
21 April 2021

4 Innovative Ways Cyberattackers Hunt for Security Bugs

4 Innovative Ways Cyberattackers Hunt for Security Bugs David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved "fixme" flags in developer support groups.
21 April 2021

Justice Dept. Creates Task Force to Stop Ransomware Spread

One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
21 April 2021

Zero-Day Flaws in SonicWall Email Security Tool Under Attack

Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
21 April 2021

QR Codes Offer Easy Cyberattack Avenues as Usage Spikes

QR Codes Offer Easy Cyberattack Avenues as Usage Spikes Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan.
21 April 2021

Q&A on the Optional P2PE Solution Inventory Template

 

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals even if stolen in a breach. Merchants can take advantage of this technology with a P2PE solution, a combination of secure devices, applications, and processes that encrypt payment card data from the point it is used at a payment terminal until it reaches a secure point of decryption. PCI P2PE Solutions are those that have been validated as meeting the rigorous security requirements of the PCI P2PE Standard and are listed on the PCI Security Standards Council (PCI SSC) website. PCI P2PE Solutions provide the strongest protection for payment card data and can simplify merchant efforts to comply with the PCI Data Security Standard (PCI DSS).

21 April 2021