Cybersecurity News
Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan
A new survey suggests the disruption, share price drops, and theft are common consequences of attacks.Putting cybersecurity first: Why secure‑by‑design must be the norm
Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom
The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity
Putting cybersecurity first: Why secure‑by‑design must be the norm
Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom
The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity
Schools put the brakes on facial recognition scheme for kids buying lunch
UK regulators swooped in before the program gained full momentum.Mozilla Firefox cracks down on malicious add-ons used by 455,000 users
The troublesome add-ons misused an API that controlled how Firefox connected to the internet.Defending Assets You Don’t Know About Against Cyberattacks
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
Groove Calls for Cyberattacks on US as REvil Payback
The bold move signals a looming clash between Russian ransomware groups and the U.S.
BQE Web Suite Billing App Rigged to Inflict Ransomware
An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.
BillQuick Billing App Rigged to Inflict Ransomware
A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.
Conti Ransom Gang Starts Selling Access to Victims
The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks
The Nobelium group, linked to Russia's spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers - and it's working.
Cybersecurity Month: Work from Home Security Awareness Training
As an Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages. The Council will align these resources with the four weekly themes outlined by the National Cyber Security Alliance:
Ransomware attacks in UK have doubled in a year, says GCHQ boss
Jeremy Fleming says ransomware is proliferating as it is ‘largely uncontested’ and highly profitable
The head of the UK spy agency GCHQ has disclosed that the number of ransomware attacks on British institutions has doubled in the past year.
Jeremy Fleming, the director of GCHQ, said locking files and data on a user’s computer and demanding payment for their release had become increasingly popular among criminals because it was “largely uncontested” and highly profitable.
Continue reading...CISA Urges Sites to Patch Critical RCE in Discourse
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.
SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns
The APT is probing potential new technology supply chain victims.FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks
The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure 'pen-testing' company.
REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say
A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
Week in security with Tony Anscombe
How to break into cybersecurity – Is your password easy to guess? – Shining a spotlight on the security risks of shadow IT
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity