Cybersecurity News


Black Hat: Enterprise players face 'one-two-punch' extortion in ransomware attacks

Intrusions have become even more costly to the enterprise due to double-extortion tactics.
05 August 2021

Researchers Find Significant Vulnerabilities in macOS Privacy Protections

Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
05 August 2021

A New Approach to Securing Authentication Systems' Core Secrets

Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.
05 August 2021

MacOS Flaw in Telegram Retrieves Deleted Messages

MacOS Flaw in Telegram Retrieves Deleted Messages Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.
05 August 2021

Organizations Still Struggle to Hire & Retain Infosec Employees: Report

Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.
05 August 2021

Is your personal information being abused?

Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls.

The post Is your personal information being abused? appeared first on WeLiveSecurity

05 August 2021

Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say

Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.
05 August 2021

Black Hat: Charming Kitten Leaves More Paw Prints

Black Hat: Charming Kitten  Leaves More Paw Prints IBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.
05 August 2021

The Importance of Properly Scoping Cloud Environments


PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) recently released a joint industry threat bulletin highlighting the importance of properly scoping cloud environments. In this blog, the PCI SSC and CSA share guidance and best practices for properly scoping cloud environments.

05 August 2021

Why Supply Chain Attacks Are Destined to Escalate

In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
05 August 2021

Ransomware Gangs and the Name Game Distraction

It's nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don't go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years. Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one's demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere. Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members -- such as which types of victims aren't allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network.
05 August 2021

There's been a rise in stalkerware. And the tech abuse problem goes beyond smartphones

No matter how stalkerware is marketed, it is part of a wider problem: the use of technology in coercive control.
05 August 2021

Why cloud security is the key to unlocking value from hybrid working

How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats?

The post Why cloud security is the key to unlocking value from hybrid working appeared first on WeLiveSecurity

05 August 2021

‘I’m Calling About Your Car Warranty’, aka PII Hijinx

‘I’m Calling About Your Car Warranty’, aka PII Hijinx Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
04 August 2021

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms A researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities.
04 August 2021

Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch

If that job offer looks too good to be true, something else may be afoot.
04 August 2021

Black Hat: Let’s All Help Cyber-Immunize Each Other

Black Hat: Let’s All Help Cyber-Immunize Each Other We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity.
04 August 2021

Bob had a bad night: IoT mischief takes neighbourly revenge to the next level in a capsule hotel

When you hand over control of capsule bedrooms to guests, you also offer them the means to troll others.
04 August 2021

The Graph Foundation launches bug bounty program

Bugs in scope include RCE and those leading to the loss of user funds.
04 August 2021

Black Hat 2021 – non‑virtual edition

How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?

The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity

04 August 2021