Cybersecurity News
Changes to PCI DSS v4.0 Reporting: In Place with Remediation
When PCI DSS v4.0 was released in March 2022, a new reporting option was included to document requirements that were “In Place with Remediation.” The goal of this option was to promote security as a continuous process, by providing a means for organizations to identify areas needing improvement year over year. While stakeholders agreed that this was a valuable tool for improving security, recent feedback indicates that there may be a better way to achieve this goal.
Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google
In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet's largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for tortious interference in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google's legal fees.Tractors vs. threat actors: How to hack a farm
Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat.
The post Tractors vs. threat actors: How to hack a farm appeared first on WeLiveSecurity
Could we have one app for everything? We ask an expert
Super apps can revolutionise your life – but do you want to pay the price, wonders AI and innovation professor David Shrier
Across Asia, the trend for a single app that does everything – from deliveries to bookings to chatting – is spreading. Known as super apps, they are rumoured to be the inspiration for Elon Musk’s plan for Twitter. Could they take off here – and should they? I asked David Shrier, professor of practice, AI and innovation at Imperial College Business School in London.
Have you tried a super app?
Well, what do you mean by “super app”? I’d say Facebook is a super app – it certainly has super app-like functionalities.
ScarCruft updates its toolset – Week in security with Tony Anscombe
Deployed against carefully selected targets, the new backdoor combs through the drives of compromised systems for files of interest before exfiltrating them to Google Drive
The post ScarCruft updates its toolset – Week in security with Tony Anscombe appeared first on WeLiveSecurity
I am a Medibank customer. Am I affected by the cyberattack? What can I do to protect myself?
Experts suggest using multifactor authentication and telling your bank to put extra security checks in place
- Follow our Australia news live blog for the latest updates
- Get our morning and afternoon news emails, free app or daily news podcast
Millions of Medibank’s current and former customers have had their personal information, including health claims, exposed in a hack of the company’s customer database.
Here’s what we know so far and what you can do.
name
address
date of birth
gender
Medicare card number (in some cases)
health claims made with Medibank (in some cases)
Continue reading...ConnectWise Quietly Patches Flaw That Helps Phishers
ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.Top tips to save energy used by your electronic devices
With the rapidly rising energy prices putting a strain on many households, what are some quick wins to help reduce the power consumption of your gadgets?
The post Top tips to save energy used by your electronic devices appeared first on WeLiveSecurity
Password app LastPass hit by cybersecurity breach but says data remains safe
Company says its security system prevented the hacker accessing customer data or encrypted passwords
- Follow our Australia news live blog for the latest updates
- Get our morning and afternoon news emails, free app or daily news podcast
Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe.
LastPass is one of several password managers in the market that aims to reduce the reuse of passwords online, by storing themin a single app. It also makes it easier for users to generate strong passwords as required.
Continue reading...Medibank hackers announce ‘case closed’ and dump huge data file on dark web
The size of the data file suggests it may be the full trove of hundreds of thousands of customers’ private records that were stolen from the health insurer
- Follow our Australia news live blog for the latest updates
- Get our morning and afternoon news emails, free app or daily news podcast
The cybercriminals behind the Medibank cyber-attack have posted on the dark web what appears to be the remainder of what customer data they took from the health insurer, stating it is “case closed” for the hack.
On Thursday morning, the blog – which returned online after several days of being offline last week – posted “Happy Cyber Security Day!!! Added folder full. Case closed.” and included a file that has several compressed files amounting to over 5GB.
Continue reading...Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group
The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity
Is it worth taking out personal cyber insurance in case you are caught up in a data hack?
Experts say investing in identity theft protection may provide peace of mind, but won’t help recover lost information
The recent Optus and Medibank data breaches in which thousands of Australians had their personal information stolen have heightened public consciousness of the threat of identity fraud.
Information including names, dates of birth, addresses, phone numbers, passport and Medicare numbers, and even healthcare claims have been posted online in the past few months as a result of the high profile breaches.
Continue reading...U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.RansomBoggs: New ransomware targeting Ukraine
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm's fingerprints all over it
The post RansomBoggs: New ransomware targeting Ukraine appeared first on WeLiveSecurity
MEPs’ spyware inquiry targeted by disinformation campaign, say experts
European parliament is investigating Pegasus, a powerful surveillance tool used by governments around the world
Victims of spyware and a group of security experts have privately warned that a European parliament investigatory committee risks being thrown off course by an alleged “disinformation campaign”.
The warning, contained in a letter to MEPs signed by the victims, academics and some of the world’s most renowned surveillance experts, followed news last week that two individuals accused of trying to discredit widely accepted evidence in spyware cases in Spain had been invited to appear before the committee investigating abuse of hacking software.
Continue reading...Spyware posing as VPN apps – Week in security with Tony Anscombe
The Bahamut APT group distributes at least eight malicious apps that pilfer victims' data and monitor their messages and conversations
The post Spyware posing as VPN apps – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Know your payment options: How to shop and pay safely this holiday season
'Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals
The post Know your payment options: How to shop and pay safely this holiday season appeared first on WeLiveSecurity
10 tips to avoid Black Friday and Cyber Monday scams
It pays not to let your guard down during the shopping bonanza – watch out for some of the most common scams doing the rounds this holiday shopping season
The post 10 tips to avoid Black Friday and Cyber Monday scams appeared first on WeLiveSecurity
Bahamut cybermercenary group targets Android users with fake VPN apps
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram
The post Bahamut cybermercenary group targets Android users with fake VPN apps appeared first on WeLiveSecurity
Security fatigue is real: Here’s how to overcome it
Do your employees take more risks with valuable data because they’ve become desensitized to security guidance? Spot the symptoms before it’s too late.
The post Security fatigue is real: Here’s how to overcome it appeared first on WeLiveSecurity