Latest News from THREAT POST
- Linux Servers at Risk of RCE Due to Critical CWP BugsThe two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
- MoleRats APT Launches Spy Campaign on Bankers, Politicians, JournalistsState-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
- Surge in Malicious QR Codes Sparks FBI AlertQR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
Latest News from KREBSONSECURITY
- Crime Shop Sells Hacked Logins to Other Crime ShopsUp for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.
- IRS Will Soon Require Selfies for Online AccessIf you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that […]
Latest News from DARK READING
- Test Your Team, Not Just Your Disaster Recovery PlanCyberattacks imperil business continuity, but there is a much more common security threat — unintentional human error.
- Trickbot Injections Get Harder to Detect & AnalyzeThe authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.
- Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now OpenNew certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
Latest News from SECURITY BOULEVARD
- 3 Common Cloud Misconfigurations to AvoidOne way or another, cloud infrastructure has firmly entrenched itself as a crucial component for almost all organizations, and public cloud spending is expected to continue to skyrocket over the next five years. As with any organization-wide adoption program, cloud infrastructure initiatives require extensive planning to embrace and expand the scope successfully and securely. Lack.. […]
- Vulnerability Disclosures Rise to Meet Federal RequirementsFor all its other security milestones, 2021 was the year that vulnerability disclosures began to get their due, taking on greater importance across all sectors, but particularly in government where valid submissions rose 1,000% and in financial services and software, where they rose 82% and 73%, respectively. In FinServ, the upswing was likely due to.. […]
- ISO27001:2022 – A New Way of WorkingIt has been a long time coming! The upgrade to the international standard for information security management systems, ISO27001:2013, is here (almost). Hallelujah! If you’re reading this article, then there’s a reasonable assumption that you know what ISO27001 is and you’re not going to be too worried about the back story. But let’s all be […]
Latest News from NAKED SECURITY
- Alleged carder gang mastermind and three acolytes under arrest in RussiaThe motto of the gang was "In Fraud We Trust", and they went by a dizzying range of online nicknames.
- Cryptocoin broker Crypto.com says 2FA bypass led to $35m theftThe company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.
- S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]Latest epsiode - listen now!
