Cybersecurity News


Advice From Security Experts: How to Approach Security in the New Normal

Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
31 March 2021

3 Ways Vendors Can Inspire Customer Trust Amid Breaches

As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
31 March 2021

Weakness in EDR Tools Lets Attackers Push Malware Past Them

A technique called hooking used by most endpoint detection and response products to monitor running processes can be abused, new research shows.
31 March 2021

Gaming mods, cheat engines are spreading Trojan malware and planting backdoors

Mods and cheat systems for games are being exploited to deploy information-stealing malware.
31 March 2021

Educate Your Whole Team with Corporate Group Training Classes


Through Corporate Group Training, the PCI Security Standards Council (PCI SSC) offers a great way to train your entire team at once on any of PCI SSC’s 15 existing standards and programs. In this blog, we interviewed PCI SSC Director, Training Programs Travis Powell, about how the Corporate Group Training format can enhance your organization’s professional development.

31 March 2021

APT Charming Kitten Pounces on Medical Researchers

APT Charming Kitten Pounces on Medical Researchers Researchers uncover a credential-stealing campaign targeting genetic, neurology and oncology professionals.
31 March 2021

Child tweets on behalf of nuke, space mission agency US Strategic Command

The gibberish tweet left some amused, some concerned that the account had been compromised.
31 March 2021

VMware patches critical vRealize Operations platform vulnerabilities

Administrator credentials could be stolen by exploiting the bugs.
31 March 2021

Are you prepared to prevent data loss?

From losing cherished memories to missing deadlines, the impact of not having backups when a data disaster strikes can hardly be overstated

The post Are you prepared to prevent data loss? appeared first on WeLiveSecurity

31 March 2021

Pandemic threats: The common threads in COVID-19 scams and criminal schemes

Researchers explore how cybercriminals have exploited the coronavirus pandemic over the past year.
31 March 2021

Whistleblower claims Ubiquiti Networks data breach was ‘catastrophic’

The source alleges the January security incident was severely downplayed.
31 March 2021

Publicly Available Data Enables Enterprise Cyberattacks

Adversaries scour social media platforms and use other tactics to gather information that facilitates targeted enterprise attacks, research shows.
30 March 2021

Security on a Shoestring? More Budget Means More Detection

Companies that spend the smallest share of their IT budget on security see fewer threats, but that's not good news.
30 March 2021

What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack

A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.
30 March 2021

Ziggy Ransomware Gang Offers Refunds to Victims

Ziggy Ransomware Gang Offers Refunds to Victims Ziggy joins Fonix ransomware group and shuts down, with apologies to targets.
30 March 2021

Malicious Docker Cryptomining Images Rack Up 20M Downloads

Malicious Docker Cryptomining Images Rack Up 20M Downloads Publicly available cloud images are spreading Monero-mining malware to unsuspecting cloud developers.
30 March 2021

White Ops Renames Company 'Human'

The company first confirmed plans to change its name in October 2020.
30 March 2021

Reduced Certification Requirements for PA-QSA Secure Software Assessor Candidates until 30 June 2021


When the Payment Application Data Security Standard (PA-DSS) v3.2 closes on 28 October 2022, it will be superseded by the Secure Software Standard and Program, which is part of the PCI Software Security Framework (SSF).

30 March 2021

Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.
30 March 2021

What You Need to Know -- or Remember -- About Web Shells

What You Need to Know -- or Remember -- About Web Shells What's old is new again as Web shell malware becomes the latest attack vector in widespread Exchange exploits. Here's a primer on what Web shells are and what they do.
30 March 2021