Cybersecurity News


How to Adapt to Rising Consumer Expectations of Invisible Security

Working from home has changed users' ideas about seamless security. Here's how to address them.
19 May 2021

Keksec Cybergang Debuts Simps Botnet for Gaming DDoS

Keksec Cybergang Debuts Simps Botnet for Gaming DDoS The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities.
19 May 2021

Paving the way: Inspiring Women in Payments - A Q&A featuring Neha Abbad

 

Just prior to the onset of the COVID-19 pandemic in India, Neha Abbad got an opportunity to work as a part of a high performing team at MattsenKumar Cyber Services in Gurgaon, a top metropolitan city of India. Accepting the challenge meant being separated from her family for months during the country-wide, pandemic-related lockdown. While difficult, the new work greatly inspired her and the support and encouragement from her seniors helped her build confidence that she had the capability to deliver. In this edition of our blog, Neha explains that women should never doubt their abilities if only others realized what women bring to the payment industry.

19 May 2021

Recycle Your Phone, Sure, But Maybe Not Your Number

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.
19 May 2021

Credential Stuffing Reaches 193 Billion Login Attempts Annually

More attacks does not necessarily mean more threats, but all attacks types have increased, according to Akamai's new 'State of the Internet' report.
19 May 2021

Windows PoC Exploit Released for Wormable RCE

Windows PoC Exploit Released for Wormable RCE The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft's Patch Tuesday release last week.
19 May 2021

How Ransomware Encourages Opportunists to Become Criminals

And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.
19 May 2021

Bug Exposes Eufy Camera Private Feeds to Random Users

Bug Exposes Eufy Camera Private Feeds to Random Users Customers panic and question parent company Anker’s security and privacy practices after learning their home videos could be accessed and even controlled by strangers due to a server-upgrade glitch.
19 May 2021

Bizarro banking Trojan surges across Europe

Operators have so far targeted customers of at least 70 banks across Europe and South America.
19 May 2021

Amazon extends ban on police using Rekognition facial recognition technology, no end in sight

The existing moratorium will continue as Congress has not tackled concerns raised by the use of the technology in criminal cases.
19 May 2021

Cybercriminals scanned for vulnerable Microsoft Exchange servers within five minutes of news going public

Research suggests the cheap hire of cloud services has allowed cyberattackers to quickly pick out targets.
19 May 2021

Colonial Pipeline attack: Hacking the physical world

The attack is a reminder of growing cyberthreats to critical infrastructure while also showing why providers of essential services are ripe targets for cybercriminals

The post Colonial Pipeline attack: Hacking the physical world appeared first on WeLiveSecurity

19 May 2021

This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals

Cobalt Strike is a popular tool with cybersecurity professionals. Unfortunately, it’s also utilized by threat actors.
19 May 2021

How to Get Employees to Care About Security

How to Get Employees to Care About Security Want to a security awareness program that sticks? Make it fun and personal -- and offer free lunch.
18 May 2021

How Attackers Weigh the Pros and Cons of BEC Techniques

Security researchers discuss attackers' evolving methodologies in business email compromise and phishing campaigns.
18 May 2021

Scammers Pose as Meal-Kit Services to Steal Customer Data

Scammers Pose as Meal-Kit Services to Steal Customer Data Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.
18 May 2021

Request for Comments: P2PE v3.1 Draft Standard

 

P2PE Assessors and Participating Organizations are invited to provide feedback on the draft P2PE v3.1 Standard minor revision during a 30-day request for comments (RFC) period running from 18 May through 17 June 2021. This minor revision primarily includes updates to Domain 5 to align with the updates, as applicable, from the PCI PIN v3.1 Standard minor revision published in March 2021. Additional errata updates are also included.

18 May 2021

Stalkerware Apps Riddled with Security Bugs

Stalkerware Apps Riddled with Security Bugs Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed.
18 May 2021

Splunk to Acquire TruStar for Data Management

Splunk said it will integrate TruStar's data-sharing capabilities into its Data-to-Everything platform following the acquisition.
18 May 2021

FBI's IC3 Logs 1M Complaints in 14 Months

The FBI's IC3 reportsCOVID-related scams and an increase in online retail may be behind the upswing in complaints.
18 May 2021