Cybersecurity News


International sting takes down online marketplace of stolen identities

International sting takes down online marketplace of stolen identities

Operation led by FBI and Dutch police with involvement of UK National Crime Agency takes Genesis Market offline

A criminal online marketplace selling millions of stolen identities for as little as 56p has been taken down in an international crackdown.

The sting, led by the FBI and Dutch police with the involvement of law enforcement agencies across 18 countries, including the UK’s National Crime Agency (NCA), took Genesis Market offline on Tuesday evening.

Continue reading...
05 April 2023

Why you should spring clean your home network and audit your backups

Do you know how many devices are connected to your home network? You don’t? This is precisely why it’s time for a network audit.

The post Why you should spring clean your home network and audit your backups appeared first on WeLiveSecurity

05 April 2023

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.
04 April 2023

Request for Comments: PCI P2PE v3.1 Standard


P2PE Assessors, P2PE Application Assessors, Qualified PIN Assessors, Qualified Security Assessors, and Participating Organizations are invited to provide feedback on the currently published P2PE v3.1 Standard during a 30-day request for comments (RFC) period running from 4 Apr 2023 through 4 May 2023.  

04 April 2023

Paving the Way: Inspiring Women in Payments - A Q&A featuring Nancy Zayed

 

Nancy Zayed recognizes that there is a significant underrepresentation of women in science, technology, engineering, and math (STEM) professions with a variety of factors contributing to this imbalance. But, as the cofounder and Chief Technology Officer of her own software payment security company, she chose not to be influenced by these facts and instead became an example of how women can achieve success in these industries. In this edition of our blog, Nancy discusses why we need to keep reminding ourselves that women have always affected this industry and that they actually lead innovation. She believes that knowing women’s role in the history of technology will propel their future.

04 April 2023

Spring into action and tidy up your digital life like a pro

Spring is in the air and as the leaves start growing again, why not breathe some new life into the devices you depend on so badly?

The post Spring into action and tidy up your digital life like a pro appeared first on WeLiveSecurity

04 April 2023

A Serial Tech Investment Scammer Takes Up Coding?

John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies' newest invention appears to be "CodesToYou," which purports to be a "full cycle software development company" based in the U.K.
03 April 2023

German Police Raid DDoS-Friendly Host ‘FlyHosting’

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.
31 March 2023

Avoiding data backup failures – Week in security with Tony Anscombe

Today is World Backup Day, but maybe we also need a "did you test your backups" day?

The post Avoiding data backup failures – Week in security with Tony Anscombe appeared first on WeLiveSecurity

31 March 2023

World Backup Day: Avoiding a data disaster is a forever topic 

By failing to prepare you are preparing to fail. Make sure you're able to bounce back if, or when, a data disaster strikes.

The post World Backup Day: Avoiding a data disaster is a forever topic  appeared first on WeLiveSecurity

31 March 2023

Cyberwarfare leaks show Russian army is adopting mindset of secret police

Cyberwarfare leaks show Russian army is adopting mindset of secret police

Documents leaked from Vulkan cybersecurity firm also raise questions about role of IT engineers behind information-control project

A consortium of media outlets have published a bombshell investigation about Russia’s cyber-capabilities, based on a rare leak of documents. The files come from NTC Vulkan, a cybersecurity firm in Moscow that doubles as a contractor to Russian military and intelligence agencies.

They reveal how, for years, a group of top Russian IT engineers have been hired to work with Russian military intelligence and a research facility of the FSB, Vladimir Putin’s domestic spy agency. This might seem an unusual mix, and would have been unimaginable before the end of the cold war.

Continue reading...
30 March 2023

‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics

‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics

• Documents leaked by whistleblower angry over Ukraine war

• Private Moscow consultancy bolstering Russian cyberwarfare

• Tools support hacking operations and attacks on infrastructure

• Documents linked to notorious Russian hacking group Sandworm

• Russian program aims to control internet and spread disinformation

The inconspicuous office is in Moscow’s north-eastern suburbs. A sign reads: “Business centre”. Nearby are modern residential blocks and a rambling old cemetery, home to ivy-covered war memorials. The area is where Peter the Great once trained his mighty army.

Inside the six-storey building, a new generation is helping Russian military operations. Its weapons are more advanced than those of Peter the Great’s era: not pikes and halberds, but hacking and disinformation tools.

Continue reading...
30 March 2023

ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine

ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems

The post ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine appeared first on WeLiveSecurity

30 March 2023

Pig butchering scams: The anatomy of a fast‑growing threat

How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers

The post Pig butchering scams: The anatomy of a fast‑growing threat appeared first on WeLiveSecurity

29 March 2023

UK Sets Up Fake Booter Sites To Muddy DDoS Market

The United Kingdom's National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. 
28 March 2023

How the world is turning against social media

How the world is turning against social media

France has banned not only TikTok from government phones, but Facebook and Twitter, too. Could this be a tipping point for big tech? Plus, AI-generated pictures of the pope signal a new type of viral image

Government workers in the UK, US, Canada and European Union (the list will have grown by the time you read this) are banned from installing TikTok on their phones.

On Friday, France joined that list, preventing its civil servants from installing TikTok – and everything else. From the government’s press release (original in French):

After an analysis of the issues, in particular security, the government has decided to ban the downloading and installation of recreational applications on professional telephones provided to public officials from now on.

Recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This ban applies immediately and uniformly. Exemptions may be granted on an exceptional basis …

Continue reading...
28 March 2023

Staying safe on OnlyFans: The naked truth

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats

The post Staying safe on OnlyFans: The naked truth appeared first on WeLiveSecurity

28 March 2023

Request for Comments: PCI TSP Security Requirements


From 27 March to 27 April 2023, eligible stakeholders are invited to review and provide feedback on the PCI Token Service Provider (TSP) Security Requirements v1.0 during a 30-day request for comments (RFC) period. 

27 March 2023

Yes, it’s crazy to have TikTok on official phones. But it’s not good for any of us | John Naughton

Yes, it’s crazy to have TikTok on official phones. But it’s not good for any of us | John Naughton Fears for data security lie behind recent government bans on the Chinese-owned app, but zombie scrolling has health dangers too

As of this moment, government officials in 11 countries are forbidden to run TikTok on their government-issued phones. The countries include the US, Canada, Denmark, Belgium, the UK, New Zealand, Norway, France, the Netherlands and Poland. In addition, European Commission and European parliament staff were required to delete the app. This raises two questions.

First, why were politicians and senior officials in democracies scrolling like zombies through dance crazes, daft pet videos, feeling “bonita” and things you can do with smudged lipstick?

Continue reading...
26 March 2023

TikTok banned on London City Hall devices over security concerns

TikTok banned on London City Hall devices over security concerns

Move by Greater London authority comes after Chinese-owned app was blocked on UK parliamentary devices

London City Hall staff will no longer have TikTok on their devices in the latest ban imposed on the Chinese-owned social media app over security concerns.

The Greater London authority (GLA) said the rule was implemented as it takes information security “extremely seriously”.

Continue reading...
25 March 2023