Cybersecurity News


CISA Urges Sites to Patch Critical RCE in Discourse

CISA Urges Sites to Patch Critical RCE in Discourse The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.
25 October 2021

SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns

The APT is probing potential new technology supply chain victims.
25 October 2021

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure 'pen-testing' company.
22 October 2021

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
22 October 2021

Week in security with Tony Anscombe

How to break into cybersecurity – Is your password easy to guess? – Shining a spotlight on the security risks of shadow IT

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

22 October 2021

Week in security with Tony Anscombe

How to break into cybersecurity – Is your password easy to guess? – Shining a spotlight on the security risks of shadow IT

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

22 October 2021

Cisco SD-WAN Security Bug Allows Root Code Execution

Cisco SD-WAN Security Bug Allows Root Code Execution The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
22 October 2021

Paving the way: Inspiring Women in Payments - A Q&A featuring Cari King

 

She was the first woman in her family to complete high school and a first-generation college graduate. But, as a single mom on public assistance, Cari King knew that she needed more than a job to improve her situation; she needed a career. However, she did not know any female role models with careers to show her the way. In fact, it wasn’t until she was in her thirties that she first met a woman with a career in technology. First, it was a female retail computer store owner who took a chance on her. Then, it was a female computer programmer who saw her potential and encouraged Cari to believe in herself. In this edition of our blog, Cari explains why it’s important to continue to expose girls to successful women in the tech industry, even if role models are difficult to find in their own community.

22 October 2021

Threat Actors Abuse Discord to Push Malware

Threat Actors Abuse Discord to Push Malware The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.
22 October 2021

Ex-carrier employee sentenced for role in SIM-swapping scheme

He was paid a daily fee to route victim numbers to handsets controlled by other criminals.
22 October 2021

South African police arrest eight men suspected of targeting widows in romance scams

The gang concocted "sob stories" to lure their victims into parting with cash.
22 October 2021

What’s lurking in the shadows? How to manage the security risks of shadow IT

Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era

The post What’s lurking in the shadows? How to manage the security risks of shadow IT appeared first on WeLiveSecurity

22 October 2021

What’s lurking in the shadows? How to manage the security risks of shadow IT

Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era

The post What’s lurking in the shadows? How to manage the security risks of shadow IT appeared first on WeLiveSecurity

22 October 2021

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said.
21 October 2021

Resource Guide: Defending Against Ransomware


Ransomware attacks have been front and center in the news recently due to high-profile breaches that have impacted businesses across the globe. These headline grabbing attacks have been part of a larger global increase in ransomware crime. With a dramatic increase in security challenges due to the disruptions caused in part by the COVID-19 pandemic, there has been a significant increase in ransomware attacks.

21 October 2021

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.
21 October 2021

Gigabyte Allegedly Hit by AvosLocker Ransomware

Gigabyte Allegedly Hit by AvosLocker Ransomware If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.
21 October 2021

Why is Cybersecurity Failing Against Ransomware?

Why is Cybersecurity Failing Against Ransomware? Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
21 October 2021

Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween

Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production.
21 October 2021

Cybersecurity careers: What to know and how to get started

Want to help make technology safer for everyone? Love solving puzzles? Looking for a rewarding career? Break into cybersecurity! Insights from ESET researchers Aryeh Goretsky and Cameron Camp will put you on the right track.

The post Cybersecurity careers: What to know and how to get started appeared first on WeLiveSecurity

21 October 2021