Cybersecurity News
The Graph Foundation launches bug bounty program
Bugs in scope include RCE and those leading to the loss of user funds.Black Hat 2021 – non‑virtual edition
How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?
The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity
Phishing Campaign Dangles SharePoint File-Shares
Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.
We COVID-Clicked on Garbage, Report Finds: Podcast
Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020.
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam
Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.
Ransomware Volumes Hit Record Highs as 2021 Wears On
The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.
Back-to-Basics: Keep Software Patched
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on keeping software patched.
Raccoon Stealer Bundles Malware, Propagates Via Google SEO
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
‘DeadRinger’ Targeted Exchange Servers Long Before Discovery
Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.
Raccoon stealer-as-a-service will now try to grab your cryptocurrency
The malware has been upgraded to target even more financial information.DeadRinger: Chinese APTs strike major telecommunications companies
Previously unknown campaigns center around "Chinese state interests."‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics
Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware.
Part One: Conceptual Differences Between SSF and PA-DSS
To assist stakeholders in their migration from PA-DSS to the Software Security Framework, PCI Security Standards Council (PCI SSC) is publishing a series of blog posts to guide payment software vendors and assessors through the key differences between PA-DSS and the SSF. In Part One of our multi-part blog series, PCI SSC’s Sr. Manager, Public Relations Alicia Malone sits down with PCI SSC’s Sr. Manager, Emerging Standards Jake Marcinko to discuss some of the conceptual differences between PA-DSS and the Software Security Framework that stakeholders should be aware of as they work to transition between programs.
Chipotle Emails Serve Up Phishing Lures
Mass email distribution service compromise mirrors earlier Nobelium attacks.
New Normal Demands New Security Leadership Structure
At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System
"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.Ransomware operators love them: Key trends in the Initial Access Broker space
In a threat actor's mind, take out the legwork, reap the proceeds of blackmail.On course for a good hacking
A story of how easily hackers could hit a hole-in-one with the computer network of a premier golf club in the UK.
The post On course for a good hacking appeared first on WeLiveSecurity
NSA Warns Public Networks are Hacker Hotbeds
Agency warns attackers targeting teleworkers to steal corporate data.
Transition to Version 1.1 for New Secure SLC and Secure Software Submissions
With the release of the Secure Software Lifecycle (“Secure SLC”) Standard v1.1 in February 2021 and the Secure Software Standard v1.1 in April 2021, updated versions of the associated reporting templates and attestation forms were also made available in the Document Library.