Cybersecurity News


Payment Security: A Perspective from Europe

 

In the eighteen months plus since the outbreak of the COVID-19 global pandemic many businesses have had to reinvent themselves and adapt not only how they manage their business, but more importantly how they accept payments. Europe like most of the rest of the world saw a major switch to remote transactions and the world of e-commerce. On top of these significant changes, many organizations have also had to confront the practical and security challenges of employees first having to, and then wanting to, work from home.

15 December 2021

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Apache’s Fix for Log4Shell Can Lead to DoS Attacks Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
15 December 2021

The dirty dozen of Latin America: From Amavaldo to Zumanek

The grand finale of our series dedicated to demystifying Latin American banking trojans

The post The dirty dozen of Latin America: From Amavaldo to Zumanek appeared first on WeLiveSecurity

15 December 2021

In 2022, Expect More Supply Chain Pain and Changing Security Roles

In 2022, Expect More Supply Chain Pain and Changing Security Roles If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our key […]
14 December 2021

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.
14 December 2021

Microsoft Patch Tuesday, December 2021 Edition

Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month's Patch Tuesday is being overshadowed by the "Log4Shell" 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.
14 December 2021

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery December's Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.
14 December 2021

400 Banks’ Customers Targeted with Anubis Trojan

400 Banks’ Customers Targeted with Anubis Trojan The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.
14 December 2021

Paving the way: Inspiring Women in Payments - featuring Amanda Andrews


As a young attorney just starting out, Amanda Andrews’ career path would lead her in a direction she never imagined. In this month’s blog series, Andrews’ describes how her experience with Visa Inc. led her into a cybersecurity career with The Walt Disney Company and why you should never take “no” for an answer.

14 December 2021

What the Log4Shell Bug Means for SMBs: Experts Weigh In

What the Log4Shell Bug Means for SMBs: Experts Weigh In An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what's vulnerable, what an attack looks like and to how to remediate.
14 December 2021

How to Buy Precious Patching Time as Log4j Exploits Fly

How to Buy Precious Patching Time as Log4j Exploits Fly Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.
14 December 2021

‘Seedworm’ Attackers Target Telcos in Asia, Middle East

‘Seedworm’ Attackers Target Telcos in Asia, Middle East The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.
14 December 2021

5 warning signs your identity has been stolen

By spotting these early warning signs of identity theft, you can minimize the impact on you and your family

The post 5 warning signs your identity has been stolen appeared first on WeLiveSecurity

14 December 2021

Inside Ireland’s Public Healthcare Ransomware Scare

The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland's public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousand of outdated Windows 7 systems, and that the health system's IT administrators failed to respond to multiple warning signs that a massive attack was imminent.
13 December 2021

Kronos Ransomware Outage Drives Widespread Payroll Chaos

Kronos Ransomware Outage Drives Widespread Payroll Chaos Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses ands vacation tracking.
13 December 2021

Log4Shell vulnerability: What we know so far

The critical flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what we know so far

The post Log4Shell vulnerability: What we know so far appeared first on WeLiveSecurity

13 December 2021

Q&A with Ralph Spencer Poore

 

After more than 10 years working at PCI Security Standards Council (PCI SSC), Ralph Poore, Director, Emerging Standards, retires at the end of the year. In this blog, we interview Ralph about his career in cryptography, security and the payments industry, the most rewarding aspects of his career, and how he plans to stay involved with the PCI SSC as well as his retirement plans.

13 December 2021

Where the Latest Log4Shell Attacks Are Coming From

Where the Latest Log4Shell Attacks Are Coming From Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
13 December 2021

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Malicious PyPI Code Packages Rack Up Thousands of Downloads The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.
13 December 2021

Log4Shell Is Spawning Even Nastier Mutations

Log4Shell Is Spawning Even Nastier Mutations The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.
13 December 2021