Cybersecurity News


Life in pursuit of answers: In the words of Ada Yonath

From a little girl financially helping her family in Jerusalem to a Nobel Prize laureate. That is the exceptional life of Ada Yonath in a nutshell.

The post Life in pursuit of answers: In the words of Ada Yonath appeared first on WeLiveSecurity

13 October 2022

How scammers target Zelle users – and how you can stay safe

Fraudsters use various tactics to separate people from their hard-earned cash on Zelle. Here’s how to keep your money safe while using the popular P2P payment service.

The post How scammers target Zelle users – and how you can stay safe appeared first on WeLiveSecurity

12 October 2022

Microsoft Patch Tuesday, October 2022 Edition

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month's Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.
11 October 2022

POLONIUM targets Israel with Creepy malware

ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group

The post POLONIUM targets Israel with Creepy malware appeared first on WeLiveSecurity

11 October 2022

Steam account stolen? Here’s how to get it back

Has your Steam account been hacked? Here are the signs to look for and what you can do to get your account back.

The post Steam account stolen? Here’s how to get it back appeared first on WeLiveSecurity

10 October 2022

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner. But new data released this week suggests that for some of the nation's largest banks, reimbursing account takeover victims has become more the exception than the rule.
07 October 2022

Key takeaways from ESET Threat Report T2 2022 – Week in security with Tony Anscombe

A look back on the key trends and developments that shaped the cyberthreat landscape from May to August of this year

The post Key takeaways from ESET Threat Report T2 2022 – Week in security with Tony Anscombe appeared first on WeLiveSecurity

07 October 2022

Government considers centralising digital ID verification on myGov in wake of Optus breach

Government considers centralising digital ID verification on myGov in wake of Optus breach

Experts warn using any single system could have its own cybersecurity weaknesses leaving data vulnerable to misuse

The Australian government is considering using myGov or its myGovID system to centralise digital identity authentication in the wake of the Optus data breach, but critics warn any single system could have its own cybersecurity weaknesses.

The former Telstra chief executive David Thodey was recruited to audit myGov when the Albanese government came into power, and his review would now examine whether myGov could be used to prevent people needing to present ID documents multiple times, a spokesperson for the government services minister, Bill Shorten, said.

Sign up to receive an email with the top stories from Guardian Australia every morning

Continue reading...
06 October 2022

The need to change cybersecurity for the next generation

Healthy habits that are instilled and nurtured at an early age bring lifelong benefits – the same applies to good cybersecurity habits

The post The need to change cybersecurity for the next generation appeared first on WeLiveSecurity

06 October 2022

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
05 October 2022

Watch and Learn All About Knowledge Training

 

At the 2022 North America Community Meeting, PCI SSC announced the launch of Knowledge Training. These new training courses are designed to bridge the knowledge gap between organizations and assessors by helping learners speak the same language as the Assessor. In doing so, learners will be able to guide their organization through an assessment and any pre-work and work alongside the Assessor during an engagement, making for a much smoother, more efficient process for all involved.

05 October 2022

ESET Threat Report T2 2022

A view of the T2 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report T2 2022 appeared first on WeLiveSecurity

05 October 2022

A real estate agent data breach would be devastating for renters. They collect too much personal information | Samantha Floreani

A real estate agent data breach would be devastating for renters. They collect too much personal information | Samantha Floreani

Does a breach need to happen before we see regulatory change?

Thanks to Optus, millions of people are now acutely aware of what can happen when companies don’t take privacy and security seriously. But telcos aren’t alone in collecting and storing too much of our personal information. The real estate industry is often overlooked in conversations about data security, but it is one of the most invasive, with potentially devastating consequences for renters across the country.

If you’ve ever been a renter, this is probably a familiar story: you’re searching for somewhere to live, rents are high, competition is stiff, and in the process of applying you’re asked for immense amounts of information. In addition to identification documents (which we are all now very protective of), they probably ask for a background check, bank statements, and years’ worth of employment and rental history. You might feel uncomfortable about how much they ask for, but hey, what can you do? If you say no, someone else will say yes and get the house instead.

Continue reading...
03 October 2022

8 questions to ask yourself before getting a home security camera

As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home?

The post 8 questions to ask yourself before getting a home security camera appeared first on WeLiveSecurity

03 October 2022

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.
30 September 2022

ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe

The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021

The post ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe appeared first on WeLiveSecurity

30 September 2022

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers

The post Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium appeared first on WeLiveSecurity

30 September 2022

Fake CISO Profiles on LinkedIn Target Fortune 500s

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.
29 September 2022

Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach

Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach

Identification repair service receives a month’s worth of complaint calls in three days as government pressures telco to pay for replacement ID documents

Former Virgin Mobile and Gomo customers are the latest to have been informed by Optus that their personal information was exposed in the company’s massive data breach, as an identification repair service reveals it has fielded a month’s worth of complaint calls in three days.

It has been a week since Optus first revealed up to 10 million of its customers had personal information – including names, addresses, emails and dates of birth – exposed, with 2.8 million having passport, licence or Medicare numbers also made visible.

Continue reading...
29 September 2022

Attorney general flags urgent privacy law changes after Optus data breach

Attorney general flags urgent privacy law changes after Optus data breach

Mark Dreyfus indicates potential reforms to laws regarding data breaches including higher penalties, mandatory precautions and customer notifications

Privacy law changes, including tougher penalties for data breaches, could be legislated as early as this year, the attorney general has said in the wake of the Optus breach.

Mark Dreyfus revealed on Thursday that in addition to completing a review of Australia’s privacy laws the Albanese government will look to legislate “even more urgent reforms” late this year or in early 2023.

Continue reading...
28 September 2022