Cybersecurity News


Dominic Raab’s mobile number freely available online for last decade

Dominic Raab’s mobile number freely available online for last decade

Exclusive: Finding raises questions for security services weeks after similar revelations about PM’s number

The private mobile number of Dominic Raab, the UK foreign secretary, has been online for at least 11 years, raising questions for the security services weeks after the prime minister’s number was also revealed to be accessible to anyone.

Raab’s number was discovered by a Guardian reader using a Google search. It appears to have been online since before he became an MP in 2010, and remained after he became foreign secretary and first secretary of state – de facto deputy prime minister – in 2019.

Related: For UK foreign secretary, simply having a mobile represents a security risk

Continue reading...
29 June 2021

3 Ways Cybercriminals Are Undermining MFA

Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.
29 June 2021

IBM Kestrel threat hunting language granted to Open Cybersecurity Alliance

The contribution is aimed at giving cybersecurity experts more time to conduct forensic activities.
29 June 2021

Details of RCE Bug in Adobe Experience Manager Revealed

Details of RCE Bug in Adobe Experience Manager Revealed Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.
29 June 2021

New ransomware highlights widespread adoption of Golang language by cyberattackers

The latest version of Go is being used to prevent reverse-engineering attempts.
29 June 2021

Cobalt Strike Usage Explodes Among Cybercrooks

Cobalt Strike Usage Explodes Among Cybercrooks The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.”
29 June 2021

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.
28 June 2021

Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit

Rogue driver was distributed within gaming community in China, company says.
28 June 2021

5G Security Vulnerabilities Fluster Mobile Operators

5G Security Vulnerabilities Fluster Mobile Operators A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).
28 June 2021

Attacks Erase Western Digital Network-Attached Storage Drives

The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.
28 June 2021

Request for Comments: PCI DSS v4.0 Draft Validation Documents


From 28 June to 28 July, PCI SSC stakeholders can participate in a Request for Comments (RFC) on a draft of the PCI DSS v4.0 draft validation documents. As indicated in a recent post on the PCI DSS v4.0 timeline, this RFC was added as a unique opportunity for the industry to provide feedback on drafts of the v4.0 Report on Compliance (ROC) Template and the ROC Attestations of Compliance (AOC). This RFC also introduces a new approach to merchant self-assessments, called Merchant Assessment Forms (MAFs), intended to replace Self-Assessment Questionnaires.

28 June 2021

NVIDIA Patches High-Severity GeForce Spoof-Attack Bug

NVIDIA Patches High-Severity GeForce Spoof-Attack Bug A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.
28 June 2021

New House Bill Aims to Drive Americans' Security Awareness

The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.
28 June 2021

Microsoft Tracks Attack Campaign Against Customer Support Agents

The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.
28 June 2021

Russian Attackers Breach Microsoft Customer Service Accounts

Russian Attackers Breach Microsoft Customer Service Accounts American IT companies and government have been targeted by the Nobelium state-sponsored group.  
28 June 2021

An Interesting Approach to Cyber Insurance

An Interesting Approach to Cyber Insurance What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.
28 June 2021

The Danger of Action Bias: Is It Always Better to Act Quickly?

Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.
28 June 2021

Microsoft Signs Malware That Spreads Through Gaming

Microsoft Signs Malware That Spreads Through Gaming The driver, called "Netfilter," is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.
28 June 2021

Critical CISO Initiatives for the Second Half of 2021

Critical CISO Initiatives for the Second Half of 2021 Saryu Nayyar, CEO at Gurucul, goes over what defenses CISOs need now, and how and why to prioritize the options.
28 June 2021

In Memoriam: John McAfee

What was it like to work for, and be friends with, the larger-than-life technology entrepreneur back when he helped shape the computer security industry?

The post In Memoriam: John McAfee appeared first on WeLiveSecurity

28 June 2021