Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands

The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity

Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns

The post Health authorities in 40 countries targeted by COVID‑19 vaccine scammers appeared first on WeLiveSecurity

The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication

The post Nearly 2 million records from terrorist watchlist exposed online appeared first on WeLiveSecurity

One man’s trash is another man’s treasure – here’s why you should think twice about what you toss in the recycling bin

The post Dumpster diving is a filthy business appeared first on WeLiveSecurity

How IISpy spies on its victims and stays under the radar – IISerpent tampers with search engine results – How to avoid falling prey to ransomware

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

As employees split their time between office and off-site work, there’s a greater potential for company devices and data to fall into the wrong hands

The post Examining threats to device security in the hybrid workplace appeared first on WeLiveSecurity

 

As an active member of the open source software (OSS) community, Google recognizes the growing threat of software supply chain attacks against OSS we use and develop. Building on our efforts to improve OSS security with an end-to-end framework (SLSA), metrics (Scorecards), and coordinated vulnerability disclosure (guide), we are excited to announce Allstar.


Allstar is a GitHub app that continuously enforces security policy settings through selectable automated enforcement actions. Allstar is already filing and closing security issues for Envoy and GoogleContainerTools, with more organizations and repositories lined up. 

See the OpenSSF announcement for more information on Allstar.




The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites

The post IISerpent: Malware‑driven SEO fraud as a service appeared first on WeLiveSecurity

As fraud involving highly believable synthetic media soars, what can you do to avoid getting scammed?

The post Deepfakes – the bot made me do it appeared first on WeLiveSecurity

A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim

The post Ransomware runs rampant, so how can you combat this threat? appeared first on WeLiveSecurity