Cybersecurity News


Keep Attackers Out of VPNs: Feds Offer Guidance

Keep Attackers Out of VPNs: Feds Offer Guidance The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks.
29 September 2021

Keep Attackers Out of VPNs: Feds Offer Guidance

Keep Attackers Out of VPNs: Feds Offer Guidance The NSA and CISA issued guidance on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks.
29 September 2021

Researchers discover bypass 'bug' in iPhone Apple Pay, Visa to make contactless payments

The security issue relates to Visa and Apple's transmit mode.
29 September 2021

Apple AirTag Zero-Day Weaponizes Trackers

Apple AirTag Zero-Day Weaponizes Trackers Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS.
29 September 2021

GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride

GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques.
29 September 2021

Conti Ransomware Expands Ability to Blow Up Backups

Conti Ransomware Expands Ability to Blow Up Backups The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.
29 September 2021

Tomiris backdoor discovery linked to Sunshuttle, DarkHalo hackers

Another backdoor has been tentatively linked to the hackers behind SolarWinds.
29 September 2021

CISA and NSA release guidance for securing VPNs

What your organization should consider when it comes to choosing a VPN solution and hardening it against attacks

The post CISA and NSA release guidance for securing VPNs appeared first on WeLiveSecurity

29 September 2021

SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware

SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.
29 September 2021

Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.
29 September 2021

This dangerous mobile Trojan has stolen a fortune from over 10 million victims

Researchers say the infections are generating millions of dollars a month in recurring revenue.
29 September 2021

The Rise of One-Time Password Interception Bots

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.
29 September 2021

Akamai acquires cybersecurity firm Guardicore for $600 million

Guardicore's zero-trust solutions brought it to the attention of the CDN.
29 September 2021

Google launches new reward program for Tsunami Security Scanner

The program offers up to $3,133 in financial rewards.
29 September 2021

Telegram bots are trying to steal your one-time passwords

The tokens can be used to shred second-stage account verification.
29 September 2021

How to Prevent Account Takeovers in 2021

How to Prevent Account Takeovers in 2021 Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers.
28 September 2021

Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts

Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts The BloodyStealer trojan helps cyberattackers go after in-game goods and credits.
28 September 2021

SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities.
28 September 2021

Apple Airtag Bug Enables ‘Good Samaritan’ Attack

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page -- or to any other malicious website.
28 September 2021

Paving the Way: Inspiring Women in Payments - A Podcast Featuring Agnes Ng

 

Sometimes, being a woman brings in a more human touch when navigating through challenging security issues. This sensitivity to customer concerns is exactly what has helped Agnes Ng achieve success as a female entrepreneur in the Singapore payment industry. In this edition of our podcast, Agnes explains that despite a lack of women taking technology courses as part of their education in Singapore, she believes that more doors will be opened to women in technology as part of the government’s initiative to stay ahead as a global city.

28 September 2021