Cybersecurity News
The Gig Economy Creates Novel Data-Security Risks
Enterprises are embracing on-demand freelance help -- but the practice, while growing, opens up entirely new avenues of cyber-risk.
20 May 2021
Just published: SPoC Unsupported Operating Systems Annex
The PCI Security Standards Council (PCI SSC) has published a new, optional, Software-based PIN Entry on COTS (SPoC)™ Annex for Unsupported Operating Systems (“Unsupported OS Annex”) version 1.0. The purpose of this Annex is to provide additional security and testing requirements to allow solution providers to develop SPoC solutions that merchants can use on commercial off-the-shelf (COTS) devices with unsupported operating systems. The Unsupported OS Annex incorporates stakeholder feedback and comments received via a formal request for comment (RFC) period.
In this post we talk with PCI SSC SVP and Standards Officer Emma Sutcliffe about the new Annex.
20 May 2021
Android 12 will give you more control over how much data you share with apps
An all-new privacy dashboard and better location, microphone and camera controls are all aimed at curbing apps’ data-slurping habits
The post Android 12 will give you more control over how much data you share with apps appeared first on WeLiveSecurity
20 May 2021
3 Ways Anti-Vaxxers Will Undercut Security With Misinformation
Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.20 May 2021
Four Android Bugs Being Exploited in the Wild
On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days.
20 May 2021
2021 Attacker Dwell Time Trends and Best Defenses
The time that attackers stay hidden inside an organization’s networks is shifting, putting pressure on defenders and upping the need to detect and respond to threats in real-time.
20 May 2021
How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World
A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.20 May 2021
Fraudsters employ Amazon ‘vishing’ attacks in fake order scams
Case studies highlight how scam artists are using voice messages to dupe their victims into handing over credentials or cash.20 May 2021
Apple Exec Calls Level of Mac Malware ‘Unacceptable’
Company is using threat of attacks as defense in case brought against it by Epic Games after Fortnite was booted from the App Store for trying to circumvent developer fees.
20 May 2021
Android apps exposed data of millions of users through cloud authentication failures
Malicious apps are not the only security problem on our handsets: misconfiguration can also put us at risk.20 May 2021
Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’
The chief executive has confirmed the payment of a $4.4 million ransom.20 May 2021
Unique Passwords
Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.20 May 2021
Cobalt Strike Becomes a Preferred Hacking Tool by Cybercrime, APT Groups
Incident response cases and research show how the red-team tool has become a become a go-to for attackers.19 May 2021
SolarWinds CEO: Attack Began Much Earlier Than Previously Thought
Investigation shows threat actors began probing SolarWinds' network in January 2019, according to Sudhakar Ramakrishna.19 May 2021
Google Chrome Makes It Easier to Update Compromised Passwords
A new capability will use Google's Duplex technology to alert people when their passwords are compromised and help change them.19 May 2021
Can Nanotech Secure IoT Devices From the Inside-Out?
Work's being done with uber-lightweight nanoagents on every IoT device to stop malicious behavior, such as a scourge of botnet attacks, among other threats.
19 May 2021
Attackers Took 5 Minutes to Start Scanning for Exchange Server Flaws
Research underscores the acceleration of attack activity and points to a growing concern that defenders can't keep pace.19 May 2021
Microsoft, Google Clouds Hijacked for Gobs of Phishing
Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021.
19 May 2021
Automation & Pervasive, Connected Technology to Pose Cyber Threats in 2030
A project to look at potential cybersecurity threats in a decade sees hackers and marketers sending spam directly to our vision, while attackers' automated systems adapt faster than defenses.19 May 2021
Colonial Pipeline CEO Confirms Ransom Payment
CEO Joseph Blount says the $4.4 million payment was a necessary decision amid high-stakes infrastructure disruption.19 May 2021