PCI Security Standards Council publishes PCI DSS 3.2.1

PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates and SSL/early TLS migration deadlines that have passed. No new requirements are added in PCI DSS 3.2.1. PCI DSS 3.2 remains valid through 31 December 2018 and will be retired as of 1 January 2019. “This update is designed to eliminate any confusion around effective […]

Don’t let attackers worm their way in: Increase password security

Passwords are inherently the weakest form of authentication, yet they remain the most prevalent. Many organizations realize that moving beyond this single point of vulnerability is required but replacing passwords or adding multi-factor authentication (MFA) to all use cases can be daunting if not impossible. As such, it is undoubtedly important to enforce strong password […]

Teen phone monitoring app leaked thousands of user passwords

At least one server used by an app for parents to monitor their teenagers’ phone activity has leaked tens of thousands of accounts of both parents and children.  The mobile app, TeenSafe, bills itself as a “secure” monitoring app for iOS and Android, which lets parents view their child’s text messages and location, monitor who they’re […]

The ethical and legal dilemmas of threat researchers

Threat intelligence is mainstreaming into a de-facto everyday tool of cyber-defense. But all that intelligence must be collected, analyzed, and prepared by someone. Enter threat researchers, the advanced scouts of cybersecurity. They are becoming more numerous and conspicuous as more intelligence on illicit hacker activity is demanded. Threat researchers trawl through the dark web, pick apart […]

One in four APAC firms not sure if they suffered security breach

One in four organisations in Asia-Pacific have experienced a cybersecurity incident, while 27 percent cannot ascertain if they have because they do not conduct any data breach assessment. And when businesses in the region fell prey to cyberattacks, a large enterprise–with more than 500 employees–could potentially suffer an estimated economic loss of US$30 million, revealed […]

Mirai botnet adds three new attacks to target IoT devices

A new variant of the Mirai botnet has added at least three exploits to its arsenal, which enable it to target additional IoT devices, including routers and DVRs. The new version of Mirai – a powerful cyberattack tool which took down large swathes of the internet across the US and Europe in late-2016 – has been uncovered by researchers […]

Telegrab: Russian malware hijacks Telegram sessions

Researchers have discovered and analyzed an unusual piece of malware that, among other things, seeks to collect cache and key files from end-to-end encrypted instant messaging service Telegram. Cisco Talos researchers Vitor Ventura and Azim Khodjibaev dubbed the malware Telegrab. They analyzed two versions of it. The first one, discovered on April 4, 2018, only […]

Hardcoded admin passwords in Cisco DNA Center could put your enterprise network at risk

Cisco released a list of 16 security advisories on May 16, including three critical flaws in the Cisco Digital Network Architecture (DNA) Center that rated a 10/10 on the CVSS (Common Vulnerability Scoring System) scale. The three critical flaws all give attackers elevated privileges that can compromise the entirety of the DNA Center but go about it in very different ways. […]

Brutal cryptocurrency mining malware crashes your PC when discovered

A new form of cryptominer has been discovered which crashes systems the moment antivirus products attempt to remove the malware. The malware, dubbed WinstarNssmMiner by 360 Total Security researchers, has been used in half a million attempted attacks leveraged at PCs in only three days. The cybersecurity firm said the cryptomining malware aims to infect PCs in […]

Get Ready for ‘WannaCry 2.0’

They’re still out there, pinging away for vulnerable Sever Message Block (SMB) services in order to find a way in. One year after the historic and massive WannaCry ransomware attack unleashed by nation-state hackers from North Korea, an unknown number of WannaCry-infected Windows machines in their zombie state around the globe continue to attack other […]