BayPay Members Blogs

This additional resource is sponsored by The BayPay Forum.

Magecart Hackers Infect 17,000 Domains via Insecure S3 Buckets

view counter
The Magecart hackers have managed to infect over 17,000 domains by targeting improperly secured Amazon S3 buckets, RiskIQ reports.  The hackers came under the spotlight last year, after a series of...
Continue reading
  0 Comments
0 Comments

Adoption of AI-enhanced Cybersecurity is Growing Rapidly: Report

view counter
The pace of machine learning adoption for cybersecurity is increasing. This may appear to be obvious (virtually no new security product or version is released without claim to artificial intelligence), but...
Continue reading
  0 Comments
0 Comments

Bipartisan Legislation to Require DHS Alerts on Election Hacking

view counter
Bipartisan legislation formally unveiled this week would require the Department of Homeland Security to send notifications on breaches affecting the election systems.  Unveiled by U.S. Reps. Michael Waltz (R-Fla.) and Stephanie...
Continue reading
  0 Comments
0 Comments

Mac Zoom Web Server Allows for Remote Code Execution

view counter
The web server that the Zoom Client installs on Macs can be abused to execute code remotely, security researchers have discovered.  Zoom is a popular service that offers “enterprise video conferencing...
Continue reading
  0 Comments
0 Comments

FIRST Announces CVSS Version 3.1

CVSS 3.1
view counter
The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the severity...
Continue reading
  0 Comments
0 Comments

U.S. Mayors Pledge Not to Give in to Ransomware Demands

view counter
The United States Conference of Mayors has promised that its members will “stand united” against paying ransoms in case their systems are hit by ransomware. The organization represents over 1,400 mayors...
Continue reading
  0 Comments
0 Comments

Incident Response is Changing, Here’s Why and How

view counter
Organizations can no longer simply dust off their incident response (IR) plan when a breach happens. If you haven’t gone through the rigors of various exercises to know what to expect...
Continue reading
  0 Comments
0 Comments

Japan Firm Says $32 Million Missing in Cryptocurrency Hack

view counter
Tokyo-based cryptocurrency exchange said Friday it had halted all services after losing cryptocurrency worth more than $32 million in the latest apparent hack involving virtual money. Remixpoint said its subsidiary BITPoint...
Continue reading
  0 Comments
0 Comments

Flaw in Walkie-Talkie App on Apple Watch Allows Spying

Walkie Talkie app vulnerability allows spying
view counter
Apple has disabled the Walkie-Talkie app on the Apple Watch after learning of a serious vulnerability that can be exploited to spy on users. The Walkie-Talkie app installed on the Apple...
Continue reading
  0 Comments
0 Comments

Premera Blue Cross Pays States $10 Million Over Data Breach

view counter
Premera Blue Cross, the largest health insurer in the Pacific Northwest, has agreed to pay $10 million to 30 states following an investigation into a data breach that exposed confidential information...
Continue reading
  0 Comments
0 Comments

Human Workers Can Listen to Google Assistant Recordings

view counter
Google contractors regularly listen to and review some recordings of what people say to artificial-intelligence system Google Assistant, via their phone or through smart speakers such as the Google Home. The...
Continue reading
  0 Comments
0 Comments

Mozilla Introduces Grizzly Browser Fuzzing Framework

view counter
Mozilla this week made public a new browser fuzzing framework designed to enable the fast deployment of fuzzers at scale.  Dubbed Grizzly , the framework allows fuzzer developers to focus solely...
Continue reading
  0 Comments
0 Comments

Mozilla Moves to Deny UAE Firm's Root Inclusion Request

view counter
Mozilla is taking the first step toward denying a request by United Arab Emirates-based DarkMatter to be included as a top-level certificate authority in Mozilla’s root certificate program. A subordinate certificate...
Continue reading
  0 Comments
0 Comments

State of the Industry: Interoperability and Putting Security First

view counter
Cybersecurity spending has outpaced general IT spend for the last few years, and in 2019 with budgets growing up to 5 percent according to some analysts, this trend is clearly continuing. ...
Continue reading
  0 Comments
0 Comments

Apple Steps in: Removes Zoom Web Server From All Macs

view counter
Apple on Wednesday released an update to remove the Zoom web server from all Macs, following controversy that it puts users’ security at risk.  The issue with Zoom came under the...
Continue reading
  0 Comments
0 Comments

In an Interconnected World, Data Security is a Shared Responsibility

view counter
Taking active steps to safeguard your organization’s digital presence on and offline is not a new recommendation; if anything, elaborate security measures are emblematic of our times.  Passwords, multi-factor access protocols,...
Continue reading
  0 Comments
0 Comments

Users Unable to Log on to Windows Due to McAfee Update

view counter
An update released recently by McAfee for one of its products is preventing Windows users from logging on to their systems, and some major organizations appear to have been affected. McAfee...
Continue reading
  0 Comments
0 Comments

Archive Server of Pale Moon Open Source Browser Hacked

view counter
Developers of the open source web browser Pale Moon revealed on Wednesday that the project’s archive server was compromised and all executable files were infected with malware. Pale Moon is an...
Continue reading
  0 Comments
0 Comments

Widely Used Kiosks Compromised by Hardcoded Credentials

Uniguest Vulnerability
view counter
Hardcoded Credentials in Kiosk Software Allowed Remote Attackers to Compromise API Uniguest provides kiosks to the hospitality, senior living, specialty retail, education and corporate sectors. The kiosks typically run a locked...
Continue reading
  0 Comments
0 Comments

enSilo Raises $23 Million in Series B Funding

view counter
Endpoint security firm enSilo on Thursday announced new capabilities for its platform, a $23 million Series B funding round, and significant revenue growth. The company’s latest funding round, which brings the...
Continue reading
  0 Comments
0 Comments