Cybersecurity News


Global police shut down VPN service favored by cybercriminals

A global operation takes down the infrastructure of DoubleVPN and seizes data about its customers

The post Global police shut down VPN service favored by cybercriminals appeared first on WeLiveSecurity

30 June 2021

Intl. Law Enforcement Operation Takes Down DoubleVPN

The VPN service allegedly provided a means for cybercriminals to target their victims, Europol officials report.
30 June 2021

3 Things Every CISO Wishes You Understood

Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.
30 June 2021

7 Skills the Transportation Sector Needs to Fuel Its Security Teams

7 Skills the Transportation Sector Needs to Fuel Its Security Teams Without a top-notch team to stop attackers, our favorite modes of transportation could come to a screeching halt.
30 June 2021

Why MTTR is Bad for SecOps

Why MTTR is Bad for SecOps Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.
30 June 2021

Zero-Day Used to Wipe My Book Live Devices

Zero-Day Used to Wipe My Book Live Devices Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.
30 June 2021

PoC Exploit Circulating for Critical Windows Print Spooler Bug

PoC Exploit Circulating for Critical Windows Print Spooler Bug The "PrintNightmare" bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code execution attacks.
30 June 2021

Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?

Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.
30 June 2021

9 Hot Trends in Cybersecurity Mergers & Acquisitions

9 Hot Trends in Cybersecurity Mergers & Acquisitions Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.
30 June 2021

Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns

Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people’s privacy and avoid inaccurate identification
30 June 2021

Common Facebook scams and how to avoid them

Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed.

The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity

30 June 2021

Google Updates Vulnerability Data Format to Support Automation

The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.
29 June 2021

Ransomware Losses Drive Up Cyber-Insurance Costs

Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.
29 June 2021

Users Clueless About Cybersecurity Risks: Study

Users Clueless About Cybersecurity Risks: Study The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.
29 June 2021

CISA Publishes Catalog of Poor Security Practices

Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.
29 June 2021

Survey Data Reveals Gap in Americans' Security Awareness

Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.
29 June 2021

Technology's Complexity and Opacity Threaten Critical Infrastructure Security

Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.
29 June 2021

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
29 June 2021

Data for 700 million LinkedIn users up for grabs on hacker forum

Information scraped from LinkedIn user profiles includes full names, gender, email addresses and phone numbers

The post Data for 700 million LinkedIn users up for grabs on hacker forum appeared first on WeLiveSecurity

29 June 2021

For UK foreign secretary, simply having a mobile represents a security risk – analysis

For UK foreign secretary, simply having a mobile represents a security risk – analysis

Analysis: UK prides itself on GCHQ’s cyber capability – so availability of Raab’s number will have been embarrassing for him

Finding Dominic Raab’s mobile phone online is more than just embarrassing for the foreign secretary: it also represents a security risk, just as when it emerged Boris Johnson’s number could be easily found online in April.

Sophisticated spyware technology – of the type available to a rapidly growing number of governments outside the west – can, in some circumstances, be secretly inserted into a person’s phone without any interaction from the target.

Related: Dominic Raab’s mobile number freely available online for last decade

Related: Dominic Raab bodyguard suspended after gun reportedly left on plane

Continue reading...
29 June 2021