Cybersecurity News


The Gig Economy Creates Novel Data-Security Risks

The Gig Economy Creates Novel Data-Security Risks Enterprises are embracing on-demand freelance help -- but the practice, while growing, opens up entirely new avenues of cyber-risk.
20 May 2021

Just published: SPoC Unsupported Operating Systems Annex

 

The PCI Security Standards Council (PCI SSC) has published a new, optional, Software-based PIN Entry on COTS (SPoC)™ Annex for Unsupported Operating Systems (“Unsupported OS Annex”) version 1.0. The purpose of this Annex is to provide additional security and testing requirements to allow solution providers to develop SPoC solutions that merchants can use on commercial off-the-shelf (COTS) devices with unsupported operating systems. The Unsupported OS Annex incorporates stakeholder feedback and comments received via a formal request for comment (RFC) period.

In this post we talk with PCI SSC SVP and Standards Officer Emma Sutcliffe about the new Annex.

20 May 2021

Android 12 will give you more control over how much data you share with apps

An all-new privacy dashboard and better location, microphone and camera controls are all aimed at curbing apps’ data-slurping habits

The post Android 12 will give you more control over how much data you share with apps appeared first on WeLiveSecurity

20 May 2021

3 Ways Anti-Vaxxers Will Undercut Security With Misinformation

Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.
20 May 2021

Four Android Bugs Being Exploited in the Wild

Four Android Bugs Being Exploited in the Wild On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days.
20 May 2021

2021 Attacker Dwell Time Trends and Best Defenses

2021 Attacker Dwell Time Trends and Best Defenses The time that attackers stay hidden inside an organization’s networks is shifting, putting pressure on defenders and upping the need to detect and respond to threats in real-time.
20 May 2021

How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World

A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.
20 May 2021

Fraudsters employ Amazon ‘vishing’ attacks in fake order scams

Case studies highlight how scam artists are using voice messages to dupe their victims into handing over credentials or cash.
20 May 2021

Apple Exec Calls Level of Mac Malware ‘Unacceptable’

Apple Exec Calls Level of Mac Malware ‘Unacceptable’ Company is using threat of attacks as defense in case brought against it by Epic Games after Fortnite was booted from the App Store for trying to circumvent developer fees.
20 May 2021

Android apps exposed data of millions of users through cloud authentication failures

Malicious apps are not the only security problem on our handsets: misconfiguration can also put us at risk.
20 May 2021

Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’

The chief executive has confirmed the payment of a $4.4 million ransom.
20 May 2021

Unique Passwords

Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.
20 May 2021

Cobalt Strike Becomes a Preferred Hacking Tool by Cybercrime, APT Groups

Incident response cases and research show how the red-team tool has become a become a go-to for attackers.
19 May 2021

SolarWinds CEO: Attack Began Much Earlier Than Previously Thought

Investigation shows threat actors began probing SolarWinds' network in January 2019, according to Sudhakar Ramakrishna.
19 May 2021

Google Chrome Makes It Easier to Update Compromised Passwords

A new capability will use Google's Duplex technology to alert people when their passwords are compromised and help change them.
19 May 2021

Can Nanotech Secure IoT Devices From the Inside-Out?

Can Nanotech Secure IoT Devices From the Inside-Out? Work's being done with uber-lightweight nanoagents on every IoT device to stop malicious behavior, such as a scourge of botnet attacks, among other threats.
19 May 2021

Attackers Took 5 Minutes to Start Scanning for Exchange Server Flaws

Research underscores the acceleration of attack activity and points to a growing concern that defenders can't keep pace.
19 May 2021

Microsoft, Google Clouds Hijacked for Gobs of Phishing

Microsoft, Google Clouds Hijacked for Gobs of Phishing Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021.
19 May 2021

Automation & Pervasive, Connected Technology to Pose Cyber Threats in 2030

A project to look at potential cybersecurity threats in a decade sees hackers and marketers sending spam directly to our vision, while attackers' automated systems adapt faster than defenses.
19 May 2021

Colonial Pipeline CEO Confirms Ransom Payment

CEO Joseph Blount says the $4.4 million payment was a necessary decision amid high-stakes infrastructure disruption.
19 May 2021