Cybersecurity News
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.
Popular Wi‑Fi routers still using default passwords making them susceptible to attacks
To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer’s default access credentials
The post Popular Wi‑Fi routers still using default passwords making them susceptible to attacks appeared first on WeLiveSecurity
Paving the way: Inspiring Women in Payments - A podcast featuring Marie Babineau
There was once a time when Marie Babineau felt she had to pretend to be one of the boys in order to be taken seriously. Determined to prove herself to her male colleagues, Marie learned how to crimp an RG-45 wire, program a router in command line, and become a fierce Unix system admin, among many other highly technical skills. The more she learned, the more confidence she gained. In this edition of our podcast, Marie explores the theme of building confidence and how we can start at an early age by not perpetuating a frequently held stereotype: that girls are not good at math.
Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.
Serial Swatter Who Caused Death Gets Five Years in Prison
A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that lead to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.Cybercriminals may target 2020 Tokyo Olympics, FBI warns
Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money
The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity
NPM Package Steals Passwords via Chrome’s Account-Recovery Tool
In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems.
Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say
Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.
Request for Comments: PCI Card Production and Provisioning v3 Draft Standard
From 21 July to 20 August, PCI SSC stakeholders can participate in a Request for Comments (RFC) on PCI Card Production and Provisioning v3 Draft Standard.
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.
French Launch NSO Probe After Macron Believed Spyware Target
Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware.
Tracking Malware and Ransomware Domains in 2021
Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news.
MacOS Being Picked Apart by $49 XLoader Data Stealer
Cheap, easy & prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes.
$49 malware receives major upgrade to strike both Windows and macOS PCs
The new family stems from Formbook, an old but prevalent malware strain.Joker billing fraud malware found in Google Play Store
The Android malware circumvented security controls by using short URL tricks.Spam Kingpin Peter Levashov Gets Time Served
A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.
Back-to-Basics: Reduce Where Payment Data Can Be Found
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on reducing where payment data can be found.
Law Firm to the Fortune 500 Breached with Ransomware
Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM.
Why Your Business Needs a Long-Term Remote Security Strategy
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.