Security News

PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. To provide organizations time to understand the changes in the new version and implement any updates needed, the current version of PCI DSS, 3.2.1, will remain active for two years until it is retired on 31 March 2024.

Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, has warned the UK government that they could be the victim of a 9/11-style cyber-attack unless they face up to the "Magnitude of the threat" posed by ransomware. In agreement with this, Steve Barclay, the UK government Minister responsible for cybersecurity, claims that "The greatest cyber threat to the UK - one now deemed severe enough to pose a national security threat - is from ransomware attacks."

In the world of illegal cyber activities, different kinds of threat actors exist. Another category of threat actors exists, dubbed hackers-for-hire.

In this video for Help Net Security, Scott Sutherland, Senior Director, Adversary Simulation and Infrastructure Testing, NetSPI, discusses how, in order to stay ahead of malicious actors,...

An employee of OpenSea's email delivery vendor Customer.io "Misused" their access to download and share OpenSea users' and newsletter subscribers' email addresses "With an unauthorized external party," Head of Security Cory Hardman warned on Wednesday. "If you have shared your email with OpenSea in the past, you should assume you were impacted," Hardman continued.

The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America at 57% and 22%, respectively, followed by Asia-Pacific at 21%. "Based on the early spike in ransomware this year and data from previous quarters, we predict 2022 will break our record for annual ransomware detections," said Corey Nachreiner, chief security officer at WatchGuard.

The threat of firmware attacks is a growing concern for IT leaders now that hybrid workers are connecting from home networks more frequently: With hybrid or remote work now the norm for many employees there is a greater risk of working on potentially unsecure home networks meaning that the level of threat posed by firmware attacks has risen. More than eight-in-ten IT leaders say firmware attacks against laptops and PCs now pose a significant threat, while 76% of ITDMs said firmware attacks against printers pose a significant threat.

Conti, Quantum and Mountlocker were all linked to having used the new piece of software to inject systems with ransomware. The post New Bumblebee malware loader increasingly adopted by cyber...

Sadly, granting extensive permissions to dangerous apps can have severe consequences. Never give apps all the permissions, see what permission they need to run, and grant only those.

In January 2022, the number of business email compromise attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.