Cybersecurity News
Spotlight on the Cybercriminal Supply Chains
In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth.
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.Signal founder: I hacked police phone-cracking tool Cellebrite
Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the world
The CEO of the messaging app Signal claims to have hacked the phone-cracking tools used by police in Britain and around the world to extract information from seized devices.
In an online post, Moxie Marlinspike, the security researcher who founded Signal in 2013, detailed a series of vulnerabilities in the surveillance devices, made by the Israeli company Cellebrite.
Continue reading...AirDrop flaws could leak phone numbers, email addresses
You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says
The post AirDrop flaws could leak phone numbers, email addresses appeared first on WeLiveSecurity
University Suspends Project After Researchers Submitted Vulnerable Linux Patches
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.Name That Toon: Greetings, Earthlings
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Payment Security in South Africa: A Discussion with Stakeholders
The PCI SSC Security Summit of South Africa, an online event took place this week with more than 315 payment security practitioners from South Africa discussing the latest in payment security and standards. Here we talk with Jeremy King, PCI Security Standards Council VP Regional Head for Europe, Naniki Imelda Ramabi, Chief Risk Officer Payments Association of South Africa (PASA), and Sandro Bucchianeri, Group Chief Security Officer ABSA, about payment security trends, highlights from the Security Summit of South Africa, and industry involvement opportunities for the region.
10 Free Security Tools at Black Hat Asia 2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
Looking for Greater Security Culture? Ask an 8-Bit Plumber
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns
Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims’ machines, new research has found.
SolarWinds hack analysis reveals 56% boost in command server footprint
Researchers say newly identified targets are likely.It’s Easy to Become a Cyberattack Target, but a VPN Can Help
You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list.
New US Justice Department team aims to disrupt ransomware operations
The task force will focus on dealing with the “root causes” of ransomware.Rapid7 Acquires Velociraptor Open Source Project
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.4 Innovative Ways Cyberattackers Hunt for Security Bugs
David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved "fixme" flags in developer support groups.
Justice Dept. Creates Task Force to Stop Ransomware Spread
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.Zero-Day Flaws in SonicWall Email Security Tool Under Attack
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.QR Codes Offer Easy Cyberattack Avenues as Usage Spikes
Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan.
Q&A on the Optional P2PE Solution Inventory Template
Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals even if stolen in a breach. Merchants can take advantage of this technology with a P2PE solution, a combination of secure devices, applications, and processes that encrypt payment card data from the point it is used at a payment terminal until it reaches a secure point of decryption. PCI P2PE Solutions are those that have been validated as meeting the rigorous security requirements of the PCI P2PE Standard and are listed on the PCI Security Standards Council (PCI SSC) website. PCI P2PE Solutions provide the strongest protection for payment card data and can simplify merchant efforts to comply with the PCI Data Security Standard (PCI DSS).