Cybersecurity News


Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
26 October 2021

Lazarus Attackers Turn to the IT Supply Chain

Lazarus Attackers Turn to the IT Supply Chain Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
26 October 2021

Why the Next-Generation of Application Security Is Needed

Why the Next-Generation of Application Security Is Needed New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.
26 October 2021

FBI Raids Chinese Point-of-Sale Giant PAX Technology

U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations.
26 October 2021

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”
26 October 2021

Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users

Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
26 October 2021

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
26 October 2021

Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan

A new survey suggests the disruption, share price drops, and theft are common consequences of attacks.
26 October 2021

Putting cybersecurity first: Why secure‑by‑design must be the norm

Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom

The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity

26 October 2021

Putting cybersecurity first: Why secure‑by‑design must be the norm

Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom

The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity

26 October 2021

Schools put the brakes on facial recognition scheme for kids buying lunch

UK regulators swooped in before the program gained full momentum.
26 October 2021

Mozilla Firefox cracks down on malicious add-ons used by 455,000 users

The troublesome add-ons misused an API that controlled how Firefox connected to the internet.
26 October 2021

Defending Assets You Don’t Know About Against Cyberattacks

Defending Assets You Don’t Know About Against Cyberattacks No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
25 October 2021

Groove Calls for Cyberattacks on US as REvil Payback

Groove Calls for Cyberattacks on US as REvil Payback The bold move signals a looming clash between Russian ransomware groups and the U.S.
25 October 2021

BQE Web Suite Billing App Rigged to Inflict Ransomware

BQE Web Suite Billing App Rigged to Inflict Ransomware An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.
25 October 2021

BillQuick Billing App Rigged to Inflict Ransomware

BillQuick Billing App Rigged to Inflict Ransomware A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.
25 October 2021

Conti Ransom Gang Starts Selling Access to Victims

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.
25 October 2021

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks The Nobelium group, linked to Russia's spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers - and it's working.
25 October 2021

Cybersecurity Month: Work from Home Security Awareness Training


As an  Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages. The Council will align these resources with the four weekly themes outlined by the National Cyber Security Alliance:

25 October 2021

Ransomware attacks in UK have doubled in a year, says GCHQ boss

Ransomware attacks in UK have doubled in a year, says GCHQ boss

Jeremy Fleming says ransomware is proliferating as it is ‘largely uncontested’ and highly profitable

The head of the UK spy agency GCHQ has disclosed that the number of ransomware attacks on British institutions has doubled in the past year.

Jeremy Fleming, the director of GCHQ, said locking files and data on a user’s computer and demanding payment for their release had become increasingly popular among criminals because it was “largely uncontested” and highly profitable.

Continue reading...
25 October 2021