Jenkins Hit as Atlassian Confluence Cyberattacks WidenPatch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.
ProtonMail Forced to Log IP Address of French ActivistThe privacy-touting, end-to-end encrypted email provider erased its site's “we don’t log your IP” boast after France sicced Swiss cops on it.
ProtonMail forced to log user’s IP address after an order from Swiss authorities
The post ProtonMail forced to log user’s IP address after an order from Swiss authorities appeared first on WeLiveSecurity
Authorities Arrest Another TrickBot Gang Member in South KoreaA hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.
BladeHawk group: Android espionage against Kurdish ethnic group
ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020.
The post BladeHawk group: Android espionage against Kurdish ethnic group appeared first on WeLiveSecurity
Holy Grail of Security: Answers to ‘Did XYZ Work?’ – PodcastVerizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats.
“FudCo” Spam Empire Tied to Pakistani Software FirmIn May 2015, KrebsOnSecurity briefly profiled "The Manipulaters," the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.
Human Fraud: Detecting Them Before They Detect YouTony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.
IoT Attacks Skyrocket, Doubling in 6 MonthsThe first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.
This is the perfect ransomware victim, according to cybercriminalsAn investigation into what ransomware groups want has painted the picture of the perfect target.
Apple slams the brakes on plans to scan user images for child abuse contentBacklash stemming from privacy concerns has delayed the rollout.
The State of Incident Response: Measuring Risk and Evaluating Your PreparednessGrant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.
FIN7 Capitalizes on Windows 11 Release in Latest GambitThe financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider.
Week in security with Tony Anscombe
Vaccination passports - what you need to know. A guide to kids' smartphone security. CISA lists single-factor authentication as bad practice.
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Brute-Force Attacks Target Inboxes for Gift Card DataCybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
FTC orders SpyFone to delete all of its surveillance dataThe watchdog alleges the app "helped stalkers steal private information."
A parent’s guide to smartphone security
Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure.
The post A parent’s guide to smartphone security appeared first on WeLiveSecurity