Cybersecurity News
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
Lazarus Attackers Turn to the IT Supply Chain
Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
Why the Next-Generation of Application Security Is Needed
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.
FBI Raids Chinese Point-of-Sale Giant PAX Technology
U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations.Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”
Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan
A new survey suggests the disruption, share price drops, and theft are common consequences of attacks.Putting cybersecurity first: Why secure‑by‑design must be the norm
Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom
The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity
Putting cybersecurity first: Why secure‑by‑design must be the norm
Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom
The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity
Schools put the brakes on facial recognition scheme for kids buying lunch
UK regulators swooped in before the program gained full momentum.Mozilla Firefox cracks down on malicious add-ons used by 455,000 users
The troublesome add-ons misused an API that controlled how Firefox connected to the internet.Defending Assets You Don’t Know About Against Cyberattacks
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
Groove Calls for Cyberattacks on US as REvil Payback
The bold move signals a looming clash between Russian ransomware groups and the U.S.
BQE Web Suite Billing App Rigged to Inflict Ransomware
An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.
BillQuick Billing App Rigged to Inflict Ransomware
A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.
Conti Ransom Gang Starts Selling Access to Victims
The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks
The Nobelium group, linked to Russia's spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers - and it's working.
Cybersecurity Month: Work from Home Security Awareness Training
As an Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages. The Council will align these resources with the four weekly themes outlined by the National Cyber Security Alliance:
Ransomware attacks in UK have doubled in a year, says GCHQ boss
Jeremy Fleming says ransomware is proliferating as it is ‘largely uncontested’ and highly profitable
The head of the UK spy agency GCHQ has disclosed that the number of ransomware attacks on British institutions has doubled in the past year.
Jeremy Fleming, the director of GCHQ, said locking files and data on a user’s computer and demanding payment for their release had become increasingly popular among criminals because it was “largely uncontested” and highly profitable.
Continue reading...