Cybersecurity News


Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users

Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
26 October 2021

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
26 October 2021

Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan

A new survey suggests the disruption, share price drops, and theft are common consequences of attacks.
26 October 2021

Putting cybersecurity first: Why secure‑by‑design must be the norm

Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom

The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity

26 October 2021

Putting cybersecurity first: Why secure‑by‑design must be the norm

Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom

The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity

26 October 2021

Schools put the brakes on facial recognition scheme for kids buying lunch

UK regulators swooped in before the program gained full momentum.
26 October 2021

Mozilla Firefox cracks down on malicious add-ons used by 455,000 users

The troublesome add-ons misused an API that controlled how Firefox connected to the internet.
26 October 2021

Defending Assets You Don’t Know About Against Cyberattacks

Defending Assets You Don’t Know About Against Cyberattacks No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
25 October 2021

Groove Calls for Cyberattacks on US as REvil Payback

Groove Calls for Cyberattacks on US as REvil Payback The bold move signals a looming clash between Russian ransomware groups and the U.S.
25 October 2021

BQE Web Suite Billing App Rigged to Inflict Ransomware

BQE Web Suite Billing App Rigged to Inflict Ransomware An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.
25 October 2021

BillQuick Billing App Rigged to Inflict Ransomware

BillQuick Billing App Rigged to Inflict Ransomware A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.
25 October 2021

Conti Ransom Gang Starts Selling Access to Victims

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.
25 October 2021

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks The Nobelium group, linked to Russia's spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers - and it's working.
25 October 2021

Cybersecurity Month: Work from Home Security Awareness Training


As an  Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages. The Council will align these resources with the four weekly themes outlined by the National Cyber Security Alliance:

25 October 2021

Ransomware attacks in UK have doubled in a year, says GCHQ boss

Ransomware attacks in UK have doubled in a year, says GCHQ boss

Jeremy Fleming says ransomware is proliferating as it is ‘largely uncontested’ and highly profitable

The head of the UK spy agency GCHQ has disclosed that the number of ransomware attacks on British institutions has doubled in the past year.

Jeremy Fleming, the director of GCHQ, said locking files and data on a user’s computer and demanding payment for their release had become increasingly popular among criminals because it was “largely uncontested” and highly profitable.

Continue reading...
25 October 2021

CISA Urges Sites to Patch Critical RCE in Discourse

CISA Urges Sites to Patch Critical RCE in Discourse The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.
25 October 2021

SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns

The APT is probing potential new technology supply chain victims.
25 October 2021

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure 'pen-testing' company.
22 October 2021

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
22 October 2021

Week in security with Tony Anscombe

How to break into cybersecurity – Is your password easy to guess? – Shining a spotlight on the security risks of shadow IT

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

22 October 2021