Cybersecurity News


Google Play Sign-Ins Allow Covert Location-Tracking

Google Play Sign-Ins Allow Covert Location-Tracking A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
02 September 2021

Twitter introduces new feature to automatically block abusive behavior

Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users.

The post Twitter introduces new feature to automatically block abusive behavior appeared first on WeLiveSecurity

02 September 2021

Cisco Patches Critical Authentication Bug With Public Exploit

Cisco Patches Critical Authentication Bug With Public Exploit There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet.
02 September 2021

 8-digit BINs and PCI DSS: What You Need to Know


Did you know that there are changes coming in how the Bank Identification Number (BIN, also known as Issuer Identification Number, or IIN) is encoded and used on payment cards?

This initial post in a series of blog entries will highlight some of the PCI SSC FAQs that address specific questions related to 8-digit BINs. Upcoming posts will clarify ways in which to determine how 8-digit BINs may affect your environment; the effect of 8-digit BINs on encryption, masking, and truncation formats; and how multiple truncation formats can affect scoping and security requirements.

02 September 2021

7 Ways to Defend Mobile Apps, APIs from Cyberattacks

7 Ways to Defend Mobile Apps, APIs from Cyberattacks David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.
02 September 2021

WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted

WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted Users should be careful whose pics they view and should, of course, update their apps.
02 September 2021

Digital State IDs Start Rollouts Despite Privacy Concerns

Digital State IDs Start Rollouts Despite Privacy Concerns Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.
02 September 2021

Comcast RF Attack Leveraged Remotes for Surveillance

Comcast RF Attack Leveraged Remotes for Surveillance IoT vulnerabilities turn remote into listening device, researchers find, which impacted 18 million Xfinity customers.
02 September 2021

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two week ago, VIP72's online storefront -- which sold access to more than 30,000 compromised PCs -- simply vanished.
01 September 2021

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.
01 September 2021

LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files

LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack.
01 September 2021

BEC Scammers Seek Native English Speakers on Underground

BEC Scammers Seek Native English Speakers on Underground Cybercrooks are posting help-wanted ads on dark web forums, promising to do the technical work of compromising email accounts but looking for native English speakers to carry out the social-engineering part of these lucrative scams.
01 September 2021

Feds Warn of Ransomware Attacks Ahead of Labor Day

Feds Warn of Ransomware Attacks Ahead of Labor Day Threat actors recently have used long holiday weekends -- when many staff are taking time off -- as a prime opportunity to ambush organizations.
01 September 2021

This is why the Mozi botnet will linger on

The botnet continues to haunt IoT devices, and likely will for some time to come.
01 September 2021

Cream Finance platform pilfered for over $34 million in cryptocurrency

The project has promised to cover losses suffered by its users.
01 September 2021

Scam artists are recruiting English speakers for business email campaigns

Finding fluent speakers is becoming important to criminals conducting business-based attacks.
01 September 2021

Fortress Home Security Open to Remote Disarmament

Fortress Home Security Open to Remote Disarmament A pair of unpatched security vulnerabilities can allow unauthenticated cyberattackers to turn off window, door and motion-sensor monitoring.
31 August 2021

Cream Finance DeFi Platform Rooked For $29M

Cream Finance DeFi Platform Rooked For $29M Cream is latest DeFi platform to get fleeced in rash of attacks.
31 August 2021

Proxyware Services Open Orgs to Abuse – Report

Proxyware Services Open Orgs to Abuse – Report Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.
31 August 2021

Flaw in the Quebec vaccine passport: analysis

ESET's cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec's vaccine proof apps VaxiCode and VaxiCode Verif.

The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity

31 August 2021