Cybersecurity News


The State of Incident Response: Measuring Risk and Evaluating Your Preparedness

The State of Incident Response: Measuring Risk and Evaluating Your Preparedness Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.
03 September 2021

FIN7 Capitalizes on Windows 11 Release in Latest Gambit

FIN7 Capitalizes on Windows 11 Release in Latest Gambit The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider.
03 September 2021

Week in security with Tony Anscombe

Vaccination passports - what you need to know. A guide to kids' smartphone security. CISA lists single-factor authentication as bad practice.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

03 September 2021

Brute-Force Attacks Target Inboxes for Gift Card Data

Brute-Force Attacks Target Inboxes for Gift Card Data Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
03 September 2021

FTC orders SpyFone to delete all of its surveillance data

The watchdog alleges the app "helped stalkers steal private information."
03 September 2021

A parent’s guide to smartphone security

Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure.

The post A parent’s guide to smartphone security appeared first on WeLiveSecurity

03 September 2021

BitConnect director pleads guilty to role in $2 billion cryptocurrency fraud

Prosecutors claim that the promoter earned over $24 million.
03 September 2021

NFT Collector Tricked into Buying Fake Banksy 

NFT Collector Tricked into Buying Fake Banksy  An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.
02 September 2021

SpyFone & CEO Banned From Stalkerware Biz

SpyFone & CEO Banned From Stalkerware Biz The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.
02 September 2021

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.
02 September 2021

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Some of the most successful and lucrative online scams employ a "low-and-slow" approach -- avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here's the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.
02 September 2021

Google Play Sign-Ins Allow Covert Location-Tracking

Google Play Sign-Ins Allow Covert Location-Tracking A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
02 September 2021

Twitter introduces new feature to automatically block abusive behavior

Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users.

The post Twitter introduces new feature to automatically block abusive behavior appeared first on WeLiveSecurity

02 September 2021

Cisco Patches Critical Authentication Bug With Public Exploit

Cisco Patches Critical Authentication Bug With Public Exploit There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet.
02 September 2021

 8-digit BINs and PCI DSS: What You Need to Know


Did you know that there are changes coming in how the Bank Identification Number (BIN, also known as Issuer Identification Number, or IIN) is encoded and used on payment cards?

This initial post in a series of blog entries will highlight some of the PCI SSC FAQs that address specific questions related to 8-digit BINs. Upcoming posts will clarify ways in which to determine how 8-digit BINs may affect your environment; the effect of 8-digit BINs on encryption, masking, and truncation formats; and how multiple truncation formats can affect scoping and security requirements.

02 September 2021

7 Ways to Defend Mobile Apps, APIs from Cyberattacks

7 Ways to Defend Mobile Apps, APIs from Cyberattacks David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.
02 September 2021

WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted

WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted Users should be careful whose pics they view and should, of course, update their apps.
02 September 2021

Digital State IDs Start Rollouts Despite Privacy Concerns

Digital State IDs Start Rollouts Despite Privacy Concerns Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.
02 September 2021

Comcast RF Attack Leveraged Remotes for Surveillance

Comcast RF Attack Leveraged Remotes for Surveillance IoT vulnerabilities turn remote into listening device, researchers find, which impacted 18 million Xfinity customers.
02 September 2021

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two week ago, VIP72's online storefront -- which sold access to more than 30,000 compromised PCs -- simply vanished.
01 September 2021