Cybersecurity News
How to Adapt to Rising Consumer Expectations of Invisible Security
Working from home has changed users' ideas about seamless security. Here's how to address them.Keksec Cybergang Debuts Simps Botnet for Gaming DDoS
The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities.
Paving the way: Inspiring Women in Payments - A Q&A featuring Neha Abbad
Just prior to the onset of the COVID-19 pandemic in India, Neha Abbad got an opportunity to work as a part of a high performing team at MattsenKumar Cyber Services in Gurgaon, a top metropolitan city of India. Accepting the challenge meant being separated from her family for months during the country-wide, pandemic-related lockdown. While difficult, the new work greatly inspired her and the support and encouragement from her seniors helped her build confidence that she had the capability to deliver. In this edition of our blog, Neha explains that women should never doubt their abilities if only others realized what women bring to the payment industry.
Recycle Your Phone, Sure, But Maybe Not Your Number
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.Credential Stuffing Reaches 193 Billion Login Attempts Annually
More attacks does not necessarily mean more threats, but all attacks types have increased, according to Akamai's new 'State of the Internet' report.Windows PoC Exploit Released for Wormable RCE
The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft's Patch Tuesday release last week.
How Ransomware Encourages Opportunists to Become Criminals
And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.Bug Exposes Eufy Camera Private Feeds to Random Users
Customers panic and question parent company Anker’s security and privacy practices after learning their home videos could be accessed and even controlled by strangers due to a server-upgrade glitch.
Bizarro banking Trojan surges across Europe
Operators have so far targeted customers of at least 70 banks across Europe and South America.Amazon extends ban on police using Rekognition facial recognition technology, no end in sight
The existing moratorium will continue as Congress has not tackled concerns raised by the use of the technology in criminal cases.Cybercriminals scanned for vulnerable Microsoft Exchange servers within five minutes of news going public
Research suggests the cheap hire of cloud services has allowed cyberattackers to quickly pick out targets.Colonial Pipeline attack: Hacking the physical world
The attack is a reminder of growing cyberthreats to critical infrastructure while also showing why providers of essential services are ripe targets for cybercriminals
The post Colonial Pipeline attack: Hacking the physical world appeared first on WeLiveSecurity
This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals
Cobalt Strike is a popular tool with cybersecurity professionals. Unfortunately, it’s also utilized by threat actors.How to Get Employees to Care About Security
Want to a security awareness program that sticks? Make it fun and personal -- and offer free lunch.
How Attackers Weigh the Pros and Cons of BEC Techniques
Security researchers discuss attackers' evolving methodologies in business email compromise and phishing campaigns.Scammers Pose as Meal-Kit Services to Steal Customer Data
Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.
Request for Comments: P2PE v3.1 Draft Standard
P2PE Assessors and Participating Organizations are invited to provide feedback on the draft P2PE v3.1 Standard minor revision during a 30-day request for comments (RFC) period running from 18 May through 17 June 2021. This minor revision primarily includes updates to Domain 5 to align with the updates, as applicable, from the PCI PIN v3.1 Standard minor revision published in March 2021. Additional errata updates are also included.
Stalkerware Apps Riddled with Security Bugs
Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed.