Cybersecurity News
Faille dans la preuve vaccinale Québécoise : analyse
Les chercheurs d’ESET expliquent les détails d’une faille découverte dans VaxiCode Vérif, l’application mobile permettant la vérification des preuves vaccinales québécoise
The post Faille dans la preuve vaccinale Québécoise : analyse appeared first on WeLiveSecurity
Back-to-Basics: Think Before You Click
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on thinking before you click.
Don’t use single‑factor authentication, warns CISA
The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods
The post Don’t use single‑factor authentication, warns CISA appeared first on WeLiveSecurity
WooCommerce Pricing Plugin Allows Malicious Code-Injection
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.
Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.
Cyberattackers are now quietly selling off their victim's internet bandwidth
Proxyware is yet another way for criminals to generate revenue from their victims.Initial Access Broker use, stolen account sales spike in cloud service cyberattacks
Current trends also include the abuse of Docker images.LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection
Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.
Vaccine passports: Is your personal data in safe hands?
Vaccination passports may facilitate the return to normalcy, but there are also concerns about what kinds of personal data they collect and how well they protect it. Here’s what you should know.
The post Vaccine passports: Is your personal data in safe hands? appeared first on WeLiveSecurity
HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
HPE joins Apple in warning customers of a high-severity Sudo vulnerability.
Army Testing Facial Recognition in Child-Care Centers
Army looking for AI to layer over daycare CCTV to boost ‘family quality of life.’
The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers
In part one of a two-part series, Akamai's director of security technology and strategy, Tony Lauro, lays out what orgs need to know to defend against account takeover attacks.
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims' personal information, sensitive company data and more.
LockBit Gang to Publish 103GB of Bangkok Air Customer Data
The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day.
T-Mobile’s Security Is ‘Awful,’ Says Purported Thief
John Binns, claiming to be behind the massive T-Mobile theft of >50m customer records, dissed the security measures of the US's No. 2 wireless biggest carrier. T-Mobile is "humbled," it said, announcing new partnerships with security heavyweights on Friday.
Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug
Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions.
Experts: WH Cybersecurity Summit Should Be Followed by Regulation, Enforcement
Amazon, Google, Microsoft etc. making major commitments to shore up nation’s cyber-defenses just won't be enough, researchers say.
Winning the Cyber-Defense Race: Understand the Finish Line
Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It's not achieving visibility.
FIN8 Targets US Bank With New ‘Sardonic’ Backdoor
The latest refinement of the APT's BadHatch backdoor can leverage new malware on the fly without redeployment, making it potent and nimble.