Cybersecurity News
Military’s RFID Tracking of Guns May Endanger Troops
RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say.
Tips & Tricks for Unmasking Ghoulish API Behavior
Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity.
Hackers could force locked iPhones to make contactless payments
Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds
The post Hackers could force locked iPhones to make contactless payments appeared first on WeLiveSecurity
Just Published: P2PE v3.1
Today, the PCI SSC published a minor revision to the PCI Point-to-Point Encryption (P2PE) ® Standard. We talk with Mike Thompson, Senior Manager of Emerging Standards and the Chair of the PCI Council’s P2PE Working Group, about some of these changes.
Proxy Phantom: Fraud rings flood online merchants with credential stuffing attacks
Over 1.5 million stolen credential sets are being used by one fraud operation.The Top Ransomware Threats Aren’t Who You Think
Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally.
Fears surrounding Pegasus spyware prompt new Trojan campaign
Criminals hope that the lure of a promise to protect you from spyware will make you click that link.Thousands of University Wi-Fi Networks Expose Log-In Credentials
Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users.
ESET Threat Report T2 2021
A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
The post ESET Threat Report T2 2021 appeared first on WeLiveSecurity
Keep Attackers Out of VPNs: Feds Offer Guidance
The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks.
Keep Attackers Out of VPNs: Feds Offer Guidance
The NSA and CISA issued guidance on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks.
Researchers discover bypass 'bug' in iPhone Apple Pay, Visa to make contactless payments
The security issue relates to Visa and Apple's transmit mode.Apple AirTag Zero-Day Weaponizes Trackers
Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS.
GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride
The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques.
Conti Ransomware Expands Ability to Blow Up Backups
The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.
Tomiris backdoor discovery linked to Sunshuttle, DarkHalo hackers
Another backdoor has been tentatively linked to the hackers behind SolarWinds.CISA and NSA release guidance for securing VPNs
What your organization should consider when it comes to choosing a VPN solution and hardening it against attacks
The post CISA and NSA release guidance for securing VPNs appeared first on WeLiveSecurity
SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.
Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.
