Cybersecurity News


Ransomware Volumes Hit Record Highs as 2021 Wears On

Ransomware Volumes Hit Record Highs as 2021 Wears On The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.
03 August 2021

Back-to-Basics: Keep Software Patched

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on keeping software patched.

03 August 2021

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

Raccoon Stealer Bundles Malware, Propagates Via Google SEO An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
03 August 2021

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.
03 August 2021

Raccoon stealer-as-a-service will now try to grab your cryptocurrency

The malware has been upgraded to target even more financial information.
03 August 2021

DeadRinger: Chinese APTs strike major telecommunications companies

Previously unknown campaigns center around "Chinese state interests."
03 August 2021

‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics

‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware.
02 August 2021

Part One: Conceptual Differences Between SSF and PA-DSS


To assist stakeholders in their migration from PA-DSS to the Software Security Framework, PCI Security Standards Council (PCI SSC) is publishing a series of blog posts to guide payment software vendors and assessors through the key differences between PA-DSS and the SSF. In Part One of our multi-part blog series, PCI SSC’s Sr. Manager, Public Relations Alicia Malone sits down with PCI SSC’s Sr. Manager, Emerging Standards Jake Marcinko to discuss some of the conceptual differences between PA-DSS and the Software Security Framework that stakeholders should be aware of as they work to transition between programs.

02 August 2021

Chipotle Emails Serve Up Phishing Lures

Chipotle Emails Serve Up Phishing Lures Mass email distribution service compromise mirrors earlier Nobelium attacks.
02 August 2021

New Normal Demands New Security Leadership Structure

At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.
02 August 2021

Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System

"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.
02 August 2021

Ransomware operators love them: Key trends in the Initial Access Broker space

In a threat actor's mind, take out the legwork, reap the proceeds of blackmail.
02 August 2021

On course for a good hacking

A story of how easily hackers could hit a hole-in-one with the computer network of a premier golf club in the UK.

The post On course for a good hacking appeared first on WeLiveSecurity

02 August 2021

NSA Warns Public Networks are Hacker Hotbeds

NSA Warns Public Networks are Hacker Hotbeds Agency warns attackers targeting teleworkers to steal corporate data.
30 July 2021

Transition to Version 1.1 for New Secure SLC and Secure Software Submissions


With the release of the Secure Software Lifecycle (“Secure SLC”) Standard v1.1 in February 2021 and the Secure Software Standard v1.1 in April 2021, updated versions of the associated reporting templates and attestation forms were also made available in the Document Library.

30 July 2021

Novel Meteor Wiper Used in Attack that Crippled Iranian Train System

Novel Meteor Wiper Used in Attack that Crippled Iranian Train System A July 9th attack disrupted service and taunted Iran’s leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints.
30 July 2021

Week in security with Tony Anscombe

With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation. Learn to identify these scams. Most people are fans of the convenience provided by online shopping, but some criminals uses this to lure clients into Amazon scams. Learn to detect these. Now that organizations are set to evolve a

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

30 July 2021

Watch out for these scams, targeting Amazon’s customers

Most people are fans of the convenience Amazon brings to online shopping, and that’s precisely what cybercriminals are betting on.

The post Watch out for these scams, targeting Amazon’s customers appeared first on WeLiveSecurity

30 July 2021

UC San Diego Health Breach Tied to Phishing Attack

UC San Diego Health Breach Tied to Phishing Attack Employee email takeover exposed personal, medical data of students, employees and patients.
29 July 2021

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer There are patches or remediations for all of them, but they're still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do?
29 July 2021