Cybersecurity News
Help! My kid has asked Santa for a smartphone
The time has come for your child to receive their first smartphone. Before handing it over, however, make sure to help them use their new gadget safely and responsibly.
The post Help! My kid has asked Santa for a smartphone appeared first on WeLiveSecurity
Windows: Still insecure after all these years
OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.Traveling for the holidays? Stay cyber‑safe with these tips
Holiday travel is back with a vengeance this year. Set yourself up for a cyber-safe and hassle-free trip with our checklist.
The post Traveling for the holidays? Stay cyber‑safe with these tips appeared first on WeLiveSecurity
Six Charged in Mass Takedown of DDoS-for-Hire Sites
The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.Coffee with the Council Podcast: What is Mobile Payments on COTS? Understanding PCI SSC’s New Standard for Mobile Solutions
Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, senior manager of public relations for the PCI Security Standards Council. Last month, the Council published a new standard, the highly anticipated Mobile Payments on COTS Standard or MPoC. Today, we'll learn more about what the standard is all about and who it will impact. Here to talk more about MPoC is our Vice President of Solutions Standards, Andrew Jamieson. Thank you for joining me today, Andrew.
Microsoft Patch Tuesday, December 2022 Edition
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer
The post Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities appeared first on WeLiveSecurity
TPG reveals emails of 15,000 iiNet and Westnet customers exposed in hack
Telecommunications company says hacker searched for customers’ cryptocurrency and financial information
- Follow our Australia news live blog for the latest updates
- Get our morning and afternoon news emails, free app or daily news podcast
Telecommunications giant TPG has revealed an email-hosting service used by up to 15,000 iiNet and Westnet customers has been breached, with the hacker looking for cryptocurrency and other financial information.
TPG said in a release to the Australian Securities Exchange (ASX) on Wednesday that cybersecurity firm Mandiant had found evidence of unauthorised access to a Hosted Exchange service used by iiNet and Westnet customers.
Continue reading...FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked
InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online -- using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.PCI DSS v4.0: Roles and Responsibilities for the Customized Approach
This blog is the third in a series of articles on the customized approach. The first article in this series provided a high-level overview of the customized approach and explored the difference between compensating controls and the customized approach. The second article focused on considerations for entities thinking about implementing a customized approach and provided details about the customized approach resources included in PCI DSS and the PCI DSS Report on Compliance Template. This article focuses on roles and responsibilities for the customized approach, both for the entity developing and implementing a customized approach and for the assessor when reviewing a customized approach as part of a PCI DSS assessment.
Top tips for security‑ and privacy‑enhancing holiday gifts
Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny!
The post Top tips for security‑ and privacy‑enhancing holiday gifts appeared first on WeLiveSecurity
Paving the Way: Inspiring Women in Payments - A Q&A featuring Jane Goodayle
Jane Goodayle believes that unconscious bias exists in every industry. Sometimes, even just the perception of the industry as “male dominated” can discourage women from participating. In this edition of our blog, Jane explains that women can push back against unconscious bias by continuing to bring our “A” game, expose unfair stereotyping, and challenge the ‘expected and accepted’ to prompt change. She believes that encouraging more woman into the industry will change its perception and inspire younger generations to choose a career in technology.
Cybersecurity Trends 2023: Securing our hybrid lives
ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy
The post Cybersecurity Trends 2023: Securing our hybrid lives appeared first on WeLiveSecurity
Telstra sorry for publishing up to 130,000 customers’ details online
Release of names, numbers and addresses of some unlisted customers was not due to cyber-attack
- Follow our Australia news live blog for the latest updates
- Get our morning and afternoon news emails, free app or daily news podcast
Telstra has apologised after publishing the details of thousands of customers online.
The company said the release of the names, numbers and addresses of some unlisted customers was not the result of any malicious cyber-attack and was a mistake. Reports say up to 130,000 customers have been affected.
Continue reading...Diamond industry under attack – Week in security with Tony Anscombe
ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group
The post Diamond industry under attack – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Xenomorph: What to know about this Android banking trojan
Xenomorph pilfers victims' login credentials for banking, payment, social media, cryptocurrency and other apps with valuable data
The post Xenomorph: What to know about this Android banking trojan appeared first on WeLiveSecurity
New Ransom Payment Schemes Target Executives, Telemedicine
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the "patient." The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.Apple announces new security and privacy measures amid spike in cyber attacks
Encryption of iCloud storage means the information will be safeguarded from hackers as well as government agencies
Apple announced a suite of security and privacy improvements on Wednesday that the company is pitching as a way to help people protect their data from hackers, including one that civil liberty and privacy advocates have long pushed for.
The tech giant will soon allow users to choose to secure more of the data backed up to their iCloud using end-to-end encryption, which means no one but the user will be able to access that information.
Continue reading...New Web Software Module Introduced in PCI Secure Software Standard Version 1.2
Today, the PCI Security Standards Council (PCI SSC) published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). The PCI Secure Software Standard and its security requirements help provide assurance that payment software is designed, developed, and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities, and defends against attacks.
Fantasy – a new Agrius wiper deployed through a supply‑chain attack
ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry
The post Fantasy – a new Agrius wiper deployed through a supply‑chain attack appeared first on WeLiveSecurity