Category: Fity Feeds

Blossom Capital, the early-stage VC firm co-founded by ex-Index Ventures and LocalGlobe VC Ophelia Brown, is announcing a second fund, less than 12 months since fund one was closed.

If your business accepts credit card payments, then you need to comply with PCI-DSS standards. PCI-DSS stands for Payment Card Industry Data Security Standard. These are sets of rules established to protect against credit card fraud, hacking, and other security breaches. Credit card issuers and companies that store, process, and transmit card information implement the rules defined by the PCI-DSS. Here’s what you need to know about these standards.

The last half of 2011 was for me an my team a really, really tough time.

New Delhi is inching closer to recommending regulations that would require social media companies and instant messaging app providers operating in the nation to help law enforcement agencies identify users who have posted content — or sent messages — it deems questionable, two people familiar with the matter told TechCrunch.

Software firm is “aware of limited targeted attacks” exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed.

A hacker recently leaked a list of more than a half-million Telnet credentials for servers, home routers, and smart devices, leaving them vulnerable to attack. Marko Zbirka, an Internet of Things threat researcher at Avast, answered key questions related to the incident – and why it matters to consumers.

Recently, news came out about a vulnerability (CVE-2020-0674) in Microsoft’s Internet Explorer scripting engine based on how the browser handles memory. More specifically, within the JScript component of the scripting engine is an unspecified memory corruption vulnerability. What this means in practice is that any application that supports embedding Internet Explorer or its scripting engine can be leveraged as an attack vector.

Ten months ago, Cruise declared it would hire at least 1,000 engineers by the end of the year, an aggressive target — even for a company with a $7.25 billion war chest — in the cutthroat autonomous vehicle industry, where startups, automakers and tech giants are battling over talent.

Permalink

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/IgKsH6BzQWY

On Tuesday, researchers from Palo Alto Networks said they recently detected Muhstik targeting Internet routers running Tomato, an open-source package that serves as an alternative to firmware that ships by default with routers running Broadcom chips. The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers. The exploits use already infected devices to scan the Internet for Tomato routers and, when found, to check if they use the default username and password of “admin:admin” or “root:admin” for remote administration. The exploit causes Tomato routers that haven’t been locked down with a strong password to join an IRC server that’s used to control the botnet. The infection also causes the routers to scan the Internet for servers or devices running WordPress, Webuzo, or WebLogic packages that are vulnerable.

Written by Sean Lyngaas
Jan 21, 2020 | CYBERSCOOP

Hanna Andersson, a children’s clothing company with stores across the country, has told customers that their card payment data may have been compromised in a security breach last year.

==========================================================================
Ubuntu Security Notice USN-4244-1
January 21, 2020

A new staff report from the Federal Reserve Bank of New York highlights the risk and potential fallout that a sophisticated cyberattack might have on the United States. In the report, analysts examined a scenario in which a single-day shock hits the country’s payment network, Fedwire, measuring the broad impact it would have on the economy. The results? A significant 38 percent of the network would be affected on average by significant spillovers to other banks, damaging the stability of the broader financial system in the United States.

Permalink

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/xyvmux45860

We know that cyber attacks can have physical consequences. How does U.S. critical infrastructure fare in terms of cyber security and resilience to attack?

Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.   

News Summary

• There is another large-scale cryptomining attack from an actor we are tracking as “Vivin” that has been active since at least November 2017.
• “Vivin” has consistently evolved over the past few years, despite having poor operational security and exposing key details of their campaign.

By Andrew Windsor.

Talos has identified a new threat actor, internally tracked as “Vivin,” conducting a long-term cryptomining campaign. We first began linking different samples of malware dropping illicit coin miners to the same actor in November of 2019. However, upon further investigation, Talos established a much longer timeline of activity. Observable evidence shows that Vivin has been active since at least November 2017 and is responsible for mining thousands of U.S. dollars in Monero cryptocurrency off of their infected hosts.

Geez time flies. It’s just a tad under 4 years ago that I wrote about teaching kids to code with code.org which is an amazing resource for young ones to start learning programming basics. In that post I shared a photo of my then 6-year-old son Ari holding a Lenovo Yoga 900 I gifted him as part of the Insiders program I’m involved in:

In his recent CSO Online article, 7 Security Incidents That Cost CISOs Their Jobs, writer Dan Swinhoe looks at some of the most high profile breaches in recent history that resulted in the CISO either leaving or being fired. In the article, Swinhoe quotes Dr. Steve Purser, head of core operations at ENISA, who says of his time spent as a CISO, “the big lessons, even in those days, was how do you communicate successfully when you’re under pressure? How do you concentrate on the right things, exchange the right information, and make sure that you are doing things in a prioritized order?”

While it is currently unknown who was behind the attack on Mitsubishi Electric, it is important to note that many attackers will reuse different pieces of personal and corporate data from one company to aid in targeting others. Payment invoices, work orders, contracts, and other communicates provide attackers valuable insight into how different companies work and interact with each other, while also helping them identify personnel to target within various organizations. When an attacker is able to spoof an email that appears to come from a person that someone has already had dealings with and is able to include details from previous interactions, it makes the message appear more legitimate. Any time that an attacker is able to make an email seem more legitimate, it increases the likelihood significantly that their phishing attack will be successful. Detecting lateral movement within the network can be a vital first indicator in catching an attacker and keeping them from gaining access deeper into systems. End-point monitoring solutions, such as Binary Defense’s MDR, Managed Detection and Response, can help to detect lateral movement early on so that infected systems can be quickly identified and quarantined. More information on this incident can be found at https://www3.nhk.or.jp/nhkworld/en/news/20200120_18/