Cybersecurity News
The State of Incident Response: Measuring Risk and Evaluating Your Preparedness
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.
FIN7 Capitalizes on Windows 11 Release in Latest Gambit
The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider.
Week in security with Tony Anscombe
Vaccination passports - what you need to know. A guide to kids' smartphone security. CISA lists single-factor authentication as bad practice.
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Brute-Force Attacks Target Inboxes for Gift Card Data
Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
FTC orders SpyFone to delete all of its surveillance data
The watchdog alleges the app "helped stalkers steal private information."A parent’s guide to smartphone security
Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure.
The post A parent’s guide to smartphone security appeared first on WeLiveSecurity
BitConnect director pleads guilty to role in $2 billion cryptocurrency fraud
Prosecutors claim that the promoter earned over $24 million.NFT Collector Tricked into Buying Fake Banksy
An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.
SpyFone & CEO Banned From Stalkerware Biz
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.
Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.
Gift Card Gang Extracts Cash From 100k Inboxes Daily
Some of the most successful and lucrative online scams employ a "low-and-slow" approach -- avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here's the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.Google Play Sign-Ins Allow Covert Location-Tracking
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
Twitter introduces new feature to automatically block abusive behavior
Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users.
The post Twitter introduces new feature to automatically block abusive behavior appeared first on WeLiveSecurity
Cisco Patches Critical Authentication Bug With Public Exploit
There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet.
8-digit BINs and PCI DSS: What You Need to Know
Did you know that there are changes coming in how the Bank Identification Number (BIN, also known as Issuer Identification Number, or IIN) is encoded and used on payment cards?
This initial post in a series of blog entries will highlight some of the PCI SSC FAQs that address specific questions related to 8-digit BINs. Upcoming posts will clarify ways in which to determine how 8-digit BINs may affect your environment; the effect of 8-digit BINs on encryption, masking, and truncation formats; and how multiple truncation formats can affect scoping and security requirements.
7 Ways to Defend Mobile Apps, APIs from Cyberattacks
David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.
WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted
Users should be careful whose pics they view and should, of course, update their apps.
Digital State IDs Start Rollouts Despite Privacy Concerns
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.
Comcast RF Attack Leveraged Remotes for Surveillance
IoT vulnerabilities turn remote into listening device, researchers find, which impacted 18 million Xfinity customers.
