Cybersecurity News


SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks The Nobelium group, linked to Russia's spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers - and it's working.
25 October 2021

Cybersecurity Month: Work from Home Security Awareness Training


As an  Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages. The Council will align these resources with the four weekly themes outlined by the National Cyber Security Alliance:

25 October 2021

Ransomware attacks in UK have doubled in a year, says GCHQ boss

Ransomware attacks in UK have doubled in a year, says GCHQ boss

Jeremy Fleming says ransomware is proliferating as it is ‘largely uncontested’ and highly profitable

The head of the UK spy agency GCHQ has disclosed that the number of ransomware attacks on British institutions has doubled in the past year.

Jeremy Fleming, the director of GCHQ, said locking files and data on a user’s computer and demanding payment for their release had become increasingly popular among criminals because it was “largely uncontested” and highly profitable.

Continue reading...
25 October 2021

CISA Urges Sites to Patch Critical RCE in Discourse

CISA Urges Sites to Patch Critical RCE in Discourse The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.
25 October 2021

SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns

The APT is probing potential new technology supply chain victims.
25 October 2021

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure 'pen-testing' company.
22 October 2021

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
22 October 2021

Week in security with Tony Anscombe

How to break into cybersecurity – Is your password easy to guess? – Shining a spotlight on the security risks of shadow IT

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

22 October 2021

Week in security with Tony Anscombe

How to break into cybersecurity – Is your password easy to guess? – Shining a spotlight on the security risks of shadow IT

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

22 October 2021

Cisco SD-WAN Security Bug Allows Root Code Execution

Cisco SD-WAN Security Bug Allows Root Code Execution The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
22 October 2021

Paving the way: Inspiring Women in Payments - A Q&A featuring Cari King

 

She was the first woman in her family to complete high school and a first-generation college graduate. But, as a single mom on public assistance, Cari King knew that she needed more than a job to improve her situation; she needed a career. However, she did not know any female role models with careers to show her the way. In fact, it wasn’t until she was in her thirties that she first met a woman with a career in technology. First, it was a female retail computer store owner who took a chance on her. Then, it was a female computer programmer who saw her potential and encouraged Cari to believe in herself. In this edition of our blog, Cari explains why it’s important to continue to expose girls to successful women in the tech industry, even if role models are difficult to find in their own community.

22 October 2021

Threat Actors Abuse Discord to Push Malware

Threat Actors Abuse Discord to Push Malware The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.
22 October 2021

Ex-carrier employee sentenced for role in SIM-swapping scheme

He was paid a daily fee to route victim numbers to handsets controlled by other criminals.
22 October 2021

South African police arrest eight men suspected of targeting widows in romance scams

The gang concocted "sob stories" to lure their victims into parting with cash.
22 October 2021

What’s lurking in the shadows? How to manage the security risks of shadow IT

Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era

The post What’s lurking in the shadows? How to manage the security risks of shadow IT appeared first on WeLiveSecurity

22 October 2021

What’s lurking in the shadows? How to manage the security risks of shadow IT

Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era

The post What’s lurking in the shadows? How to manage the security risks of shadow IT appeared first on WeLiveSecurity

22 October 2021

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said.
21 October 2021

Resource Guide: Defending Against Ransomware


Ransomware attacks have been front and center in the news recently due to high-profile breaches that have impacted businesses across the globe. These headline grabbing attacks have been part of a larger global increase in ransomware crime. With a dramatic increase in security challenges due to the disruptions caused in part by the COVID-19 pandemic, there has been a significant increase in ransomware attacks.

21 October 2021

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.
21 October 2021

Gigabyte Allegedly Hit by AvosLocker Ransomware

Gigabyte Allegedly Hit by AvosLocker Ransomware If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.
21 October 2021