POS Malware Used to Steal Details of Over 167,000 Credit Cards
The operators could make over $3m if they decide to sell the card dumps on underground forums
Cyber News, Cyber Threat Trends
- October 25, 2022
Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog
Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol (MS-EVEN), which enables remote access to event logs. While the former allows “any domain user to remotely
Cyber News, Cyber Threat Trends
- October 25, 2022
Autogenerated Passwords in CloudFormation for AWS Console Access
91. Granting AWS Console access for Secrets Manager Secrets to address IAM Policy Limitations This is a continuation of my series on Automating Cybersecurity Metrics. If you recall from a prior post we had some complications when trying to protect a user-specific secret due to the way AWS policies work. We couldn’t fully achieve our […]
Cyber News, Cyber Threat Trends
- October 25, 2022
Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards
Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant […]
Cyber News, Cyber Threat Trends
- October 25, 2022
How the Software Supply Chain Security is Threatened by Hackers
Introduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials. However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but […]
Cyber News, Cyber Threat TrendsTalking IoT Security at the White House
Last week, I was privileged to participate in an important national summit on IoT Security convened by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies. Representatives from across the US government, industry, and academia were invited to the White House to discuss a National Consumer IoT Security Labeling program. In short, we […]
Cyber News, Cyber Threat TrendsCybersecurity event cancelled after scammers disrupt LinkedIn live chat
It was all going so well. At first. Read more in my article on the Hot for Security blog.
Cyber News, Cyber Threat Trends
- October 25, 2022
Akamai to boost network-layer DDoS protection with new scrubbing centers
Content delivery network (CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able to handle DDoS attacks of up to 20Tbps, thanks to a new wave of construction of so-called scrubbing centers. The company’s announcement said that this will effectively double its current capacity to handle network-level DDoS attacks, with rollouts […]
Cyber News, Cyber Threat Trends
- October 25, 2022
8 hallmarks of a proactive security strategy
CISOs have long been tasked with building response and recovery capabilities, the objective being to have teams that can react to a security incident as quickly as possible and can restore business functions with as little damage as possible. The need for those activities is certainly not going to go away, but many security chiefs […]
Cyber News, Cyber Threat Trends