Cybersecurity News


Help! My kid has asked Santa for a smartphone

The time has come for your child to receive their first smartphone. Before handing it over, however, make sure to help them use their new gadget safely and responsibly.

The post Help! My kid has asked Santa for a smartphone appeared first on WeLiveSecurity

16 December 2022

Windows: Still insecure after all these years

OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.
15 December 2022

Traveling for the holidays? Stay cyber‑safe with these tips

Holiday travel is back with a vengeance this year. Set yourself up for a cyber-safe and hassle-free trip with our checklist.

The post Traveling for the holidays? Stay cyber‑safe with these tips appeared first on WeLiveSecurity

15 December 2022

Six Charged in Mass Takedown of DDoS-for-Hire Sites

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.
14 December 2022

Coffee with the Council Podcast: What is Mobile Payments on COTS? Understanding PCI SSC’s New Standard for Mobile Solutions

 

Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, senior manager of public relations for the PCI Security Standards Council. Last month, the Council published a new standard, the highly anticipated Mobile Payments on COTS Standard or MPoC. Today, we'll learn more about what the standard is all about and who it will impact. Here to talk more about MPoC is our Vice President of Solutions Standards, Andrew Jamieson. Thank you for joining me today, Andrew.

14 December 2022

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.
14 December 2022

Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities

ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer

The post Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities appeared first on WeLiveSecurity

14 December 2022

TPG reveals emails of 15,000 iiNet and Westnet customers exposed in hack

TPG reveals emails of 15,000 iiNet and Westnet customers exposed in hack

Telecommunications company says hacker searched for customers’ cryptocurrency and financial information

Telecommunications giant TPG has revealed an email-hosting service used by up to 15,000 iiNet and Westnet customers has been breached, with the hacker looking for cryptocurrency and other financial information.

TPG said in a release to the Australian Securities Exchange (ASX) on Wednesday that cybersecurity firm Mandiant had found evidence of unauthorised access to a Hosted Exchange service used by iiNet and Westnet customers.

Continue reading...
13 December 2022

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online -- using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.
13 December 2022

PCI DSS v4.0: Roles and Responsibilities for the Customized Approach

 

This blog is the third in a series of articles on the customized approach. The first article in this series provided a high-level overview of the customized approach and explored the difference between compensating controls and the customized approach. The second article focused on considerations for entities thinking about implementing a customized approach and provided details about the customized approach resources included in PCI DSS and the PCI DSS Report on Compliance Template. This article focuses on roles and responsibilities for the customized approach, both for the entity developing and implementing a customized approach and for the assessor when reviewing a customized approach as part of a PCI DSS assessment. 

13 December 2022

Top tips for security‑ and privacy‑enhancing holiday gifts

Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny!

The post Top tips for security‑ and privacy‑enhancing holiday gifts appeared first on WeLiveSecurity

13 December 2022

Paving the Way: Inspiring Women in Payments - A Q&A featuring Jane Goodayle

 

Jane Goodayle believes that unconscious bias exists in every industry. Sometimes, even just the perception of the industry as “male dominated” can discourage women from participating. In this edition of our blog, Jane explains that women can push back against unconscious bias by continuing to bring our “A” game, expose unfair stereotyping, and challenge the ‘expected and accepted’ to prompt change. She believes that encouraging more woman into the industry will change its perception and inspire younger generations to choose a career in technology.

12 December 2022

Cybersecurity Trends 2023: Securing our hybrid lives

ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy

The post Cybersecurity Trends 2023: Securing our hybrid lives appeared first on WeLiveSecurity

12 December 2022

Telstra sorry for publishing up to 130,000 customers’ details online

Telstra sorry for publishing up to 130,000 customers’ details online

Release of names, numbers and addresses of some unlisted customers was not due to cyber-attack

Telstra has apologised after publishing the details of thousands of customers online.

The company said the release of the names, numbers and addresses of some unlisted customers was not the result of any malicious cyber-attack and was a mistake. Reports say up to 130,000 customers have been affected.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
10 December 2022

Diamond industry under attack – Week in security with Tony Anscombe

ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group

The post Diamond industry under attack – Week in security with Tony Anscombe appeared first on WeLiveSecurity

09 December 2022

Xenomorph: What to know about this Android banking trojan

Xenomorph pilfers victims' login credentials for banking, payment, social media, cryptocurrency and other apps with valuable data

The post Xenomorph: What to know about this Android banking trojan appeared first on WeLiveSecurity

09 December 2022

New Ransom Payment Schemes Target Executives, Telemedicine

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the "patient." The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.
08 December 2022

Apple announces new security and privacy measures amid spike in cyber attacks

Apple announces new security and privacy measures amid spike in cyber attacks

Encryption of iCloud storage means the information will be safeguarded from hackers as well as government agencies

Apple announced a suite of security and privacy improvements on Wednesday that the company is pitching as a way to help people protect their data from hackers, including one that civil liberty and privacy advocates have long pushed for.

The tech giant will soon allow users to choose to secure more of the data backed up to their iCloud using end-to-end encryption, which means no one but the user will be able to access that information.

Continue reading...
07 December 2022

New Web Software Module Introduced in PCI Secure Software Standard Version 1.2

 

Today, the PCI Security Standards Council (PCI SSC) published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). The PCI Secure Software Standard and its security requirements help provide assurance that payment software is designed, developed, and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities, and defends against attacks. 

07 December 2022

Fantasy – a new Agrius wiper deployed through a supply‑chain attack

ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry

The post Fantasy – a new Agrius wiper deployed through a supply‑chain attack appeared first on WeLiveSecurity

07 December 2022