Blog - Cyber Security Informer

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security Affairs

MAY 25, 2022

A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol ( XMPP ) messages. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. in severity.

Hacking

Hacking Cybersecurity Information Security

Deepfake cyberthreats – The next evolution

CyberSecurity Insiders

MARCH 13, 2021

This blog was written by an independent guest blogger. Among these categories, the following were deemed the highest risk: Audio/video impersonation. In 2019, we published an article about deepfakes and the technology behind them. At the time, the potential criminal applications of this technology were limited.

Cybercrime

Cybercrime Technology Ransomware Phishing

How I pwned an ex-CISO and the Smashing Security Podcast

Javvad Malik

APRIL 9, 2021

Of course texting a friend and getting a response doesn’t really fall under that category. For those who can’t be bothered watching the video. It would be a really poor world if we distrusted everyone and everything. Annoying security people brings so much joy to life.

Social Engineering

Social Engineering CISO Engineering Passwords

Weekly Update 112

Troy Hunt

NOVEMBER 9, 2018

Passwords suck and they must die, they're never going to die, people are using bad ones, people should be able to use bad ones, developers are at fault and my personal favourite in the "how on earth did you reach that conclusion" category, I should actually do something to educate people about passwords rather than blaming them for using bad ones.

Passwords

Passwords InfoSec Education

Exposed: the threat actors who are poisoning Facebook

Security Affairs

MAY 26, 2022

video scam led Cybernews researchers into exposing threat actors who are poisoning Facebook. video scam has led Cybernews researchers to a cybercriminal stronghold, from which threat actors have been infecting the social media giant with thousands of malicious links every day. An investigation of the infamous “Is That You?”

Scams

Scams Phishing Media Passwords

GoodWill Ransomware victims have to perform socially driven activities to decryption their data

Security Affairs

MAY 30, 2022

In addition, the victims can accompany less fortunate children to Dominos, Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. said the researchers. To nominate, please visit:?. Pierluigi Paganini.

Ransomware

Ransomware Media Hacking Cybersecurity

How You Can Start Learning Malware Analysis

Lenny Zeltser

JANUARY 6, 2021

I like grouping them in 4 categories, which I detailed in the post Mastering 4 Stages of Malware Analysis. There, you’ll see website and blogs that I like to read to keep up with the industry. I shared my recommendations for doing this in the blog post 5 Steps to Building a Malware Analysis Toolkit Using Free Tools.

Malware

Malware Software Engineering Information Security

Stop Ransomware in its Tracks With CipherTrust Transparent Encryption Ransomware Protection

Thales Cloud Protection & Licensing

APRIL 16, 2024

Stop Ransomware in its Tracks With CipherTrust Transparent Encryption Ransomware Protection madhav Wed, 04/17/2024 - 05:22 Our last blog Ransomware Attacks: The Constant and Evolving Cybersecurity Threat described the ever dangerous and evolving cybersecurity threat of ransomware. This can model ransomware behavior for brief moments.

Encryption

Encryption Ransomware Antivirus Government

Experts warn of a new malvertising campaign spreading the ChromeLoader

Security Affairs

MAY 26, 2022

Threat actors spread the malware via an ISO file masqueraded as a cracked video game or pirated movie or TV show. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Malware

Malware Spyware Threat Detection Engineering

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

MAY 27, 2022

Below are a couple of video PoCs of attacks devised by the experts that show GhostTouch attack to answer the phone call and connect the malicious Bluetooth. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Redmi 8, and an iPhone SE (2020). ” concludes the paper.

Authentication

Authentication Passwords Hacking Software

Stop Ransomware in its Tracks With CipherTrust Transparent Encryption Ransomware Protection

Security Boulevard

APRIL 16, 2024

Stop Ransomware in its Tracks With CipherTrust Transparent Encryption Ransomware Protection madhav Wed, 04/17/2024 - 05:22 Our last blog Ransomware Attacks: The Constant and Evolving Cybersecurity Threat described the ever dangerous and evolving cybersecurity threat of ransomware. This can model ransomware behavior for brief moments.

Encryption

Encryption Ransomware Antivirus Government

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. Below the video PoC published by the researchers: Carrier has published a product security advisory to warn customers about the vulnerabilities and urge them to install firmware updates. The vulnerabilities were disclosed during the Hardwear.io

Firmware

Firmware Penetration Testing Manufacturing Authentication

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

percent share videos. Among the app categories, shopping, business, and food & drink were found to be sharing the most user data. So it’s best to think twice before downloading an app from one of these categories, especially if it’s free and/or popular. percent share names. percent share home addresses. percent share photos.

Data privacy

Data privacy Media Data collection Data breaches

US DoJ announced to have shut down the Russian RSOCKS Botnet

Security Affairs

JUNE 18, 2022

The RSOCKS was composed of millions of compromised computers and other electronic devices around the world, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Computers and Electronics

Computers and Electronics Internet Internet Manufacturing

Cybersecurity and Data Protection lessons from a look back at 2021

BH Consulting

JANUARY 11, 2022

In that spirit, we’ve rounded up five of our most popular blogs from the past year. The blog was inspired by the growing number of organisations coming under pressure to take out insurance cover. BH Consulting’s Head of Sales and Marketing John Mangan weighed the pros and cons in a thoughtful blog. Risk vs reward.

Cybersecurity

Cybersecurity Insurance Scams Cyber Risk

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). LFI CVE-2018-16763 Fuel CMS 1.4.1 To nominate, please visit:?. Pierluigi Paganini.

Malware

Malware DDOS IoT Cybercrime

Insights about the first five years of Right to be Forgotten requests at Google

Elie

DECEMBER 12, 2019

So in January 2016, as a preparation to providing better statistical analysis, our RTBF reviewers started manually annotating each requested URL with additional data, including the site category, the type of page content, and the requesting entity. This blog post details our. made publicly available. in February 2018. paper table 3.

Media

Media Government Internet Internet

Administrator’s Guide, Part 3: What Makes Passwordless, Dare We Say It, Phish-Proof?

Duo's Security Blog

JULY 15, 2021

Part of our Administrator's Guide to Passwordless blog series See the video at the blog post. The other category of WebAuthn-compliant authenticators are roaming authenticators. This general category of attacks is known as QRLJacking. In some ways, the term “passwordless” is a misnomer.

Phishing

Phishing Authentication Passwords Risk

Experts found 17 apps in the Apple App Store infected with clicker Trojan

Security Affairs

OCTOBER 27, 2019

” reads a blog post published by Wandera. ” The tainted applications were published in the App Store in various categories, in various countries by the same developer, the India-based AppAspect Technologies Pvt. The same developer has published 51 applications in the App Store, 35 of which could be downloaded for free.

Mobile

Mobile Advertising Backups Technology

What Does my Router Actually Do?

Approachable Cyber Threats

SEPTEMBER 30, 2021

Category Cybersecurity Fundamentals Risk Level. As part of your service, your Internet Service Provider, or ISP for short, usually offers the use of some equipment to make your video streaming services work uninterrupted. What’s going on in there?” Some routers have two SSIDs (i.e. next to it and the other with 5.

Internet

Internet Internet VPN Banking

New Year’s resolution: keeping cybercriminals and scammers at bay

BH Consulting

JANUARY 4, 2023

Back in October, we blogged about how phishing scams are becoming more common. Remind people that we tend to put email and text messages into the ‘urgent and important’ category. This advice comes from BH Consulting’s short video with shareable security tips to prevent scams or having your logins stolen. Warning signs.

Scams

Scams Banking Cybercrime Insurance

Spam and phishing in 2020

SecureList

FEBRUARY 15, 2021

In most cases, scammers, as before, claimed to have used spyware to film the blackmail victim watching adult videos. Last year’s events affected the distribution of phishing attacks across the categories of targeted organizations. Distribution of organizations targeted by phishers, by category in 2020 ( download ).

Phishing

Phishing Malware Scams Accountability

Top 5 Strategies for Vulnerability Mitigation

Centraleyes

DECEMBER 6, 2023

Some of the most important controls to consider will fall into these 4 categories: Technical Controls : This covers both hardware and software that is used to protect systems, networks and organizations. Physical Access Controls: For example, security guards, perimeter security, video cameras, locks, limited access.

Risk

Risk Cyber Risk Software Information Security

10 Lessons Learned from the Top Cyber Threats of 2021

Security Boulevard

JANUARY 10, 2022

As Picus, we published a detailed blog post about the Tactics, Techniques, and Procedures (TTPs) used by HAFNIUM to target Microsoft Exchange Servers. Picus Threat Library includes five main threat categories. Ransomware is classified under Malicious Code category. Remote Code Execution. CVE-2021-27065. Remote Code Execution.

Cyber threats

Cyber threats Ransomware Risk Architecture

Security Roundup October 2021

BH Consulting

OCTOBER 12, 2021

A new category for this edition is ‘insecure design’. The pledge logo is visible on every page of the BH Consulting website and the commitment is detailed in full on our blog. MORE Educational videos that teach how to hack? The second most common occurrence was weak cryptography, followed by code injection. Links we liked.

VPN

VPN Ransomware InfoSec Scams

Certificate Self Service: Freedom for Your Team and Cohesion for Your Business

Security Boulevard

DECEMBER 15, 2022

For most PKI practitioners , questions about requesting , deploying, and renewing cert ificates fit into this category. We created this video to walk you through some of the highlights of how Venafi TLS Protect Cloud easily enables certificate self-service. . . . And let’s face the same often applies to repeat customers.)

InfoSec

InfoSec Risk Architecture Mobile

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Centraleyes

JANUARY 21, 2024

Entities within these categories must adopt a comprehensive set of 10 measures to fortify network and information systems and the physical environment surrounding these systems. Essential entities ” span sectors such as energy, healthcare, transport, and water.

Cybersecurity

Cybersecurity Energy and Utilities Cyber threats Risk

Why do I need a CASB for Shadow IT when I already have a SIEM?

McAfee

MARCH 18, 2020

NGFW and Web Proxies typically catalog web services using a category and a reputation score. Going back to the Netflix example, below is a screenshot from the MVISION Cloud console showing some of the other URLs associated with the video streaming service. appeared first on McAfee Blogs. If a SOC analyst searches for *.netflix.com

Firewall

Firewall Risk Encryption Malware

Kali Linux 2023.2 Release (Hyper-V & PipeWire)

Kali Linux

MAY 29, 2023

Some background information: PipeWire is a “server for handling audio, video streams, and hardware on Linux” It was initially released in 2017, is actively developed, and is poised to become the de-facto sound server in pretty much every Linux distribution out there, therefore replacing PulseAudio.

Firmware

Firmware Phishing Architecture Authentication

GUEST ESSAY: Taking proactive steps to heal the planet — by reducing the impact of video streaming

The Last Watchdog

DECEMBER 3, 2023

Related: Big data can foster improved healthcare Within that, video represents over 80 percent of the traffic that flows through this global network which is growing rapidly at about 25 percent per year. A tremendous amount of video traffic is being managed by IT departments.

Energy and Utilities

Energy and Utilities Manufacturing Technology Marketing

What is a keylogger?

Malwarebytes

SEPTEMBER 1, 2022

A blog post published earlier this year posed the question "Is Grammarly a keylogger?" The most concerning category of keyloggers. I have personally had people reference that post and ask me to add detection of Grammarly to Malwarebytes. The answer has always been, "no." Malicious keyloggers.

Adware

Adware Software Spyware Passwords

DEF CON® Kids: Preparing Them for the Future

Security Through Education

NOVEMBER 23, 2020

The puzzles covered a number of different categories. Bonus Video! Check out a video we took of the live event below. They made the world into a town with a library, restaurant, general store, town hall, and more. Each with their own themed puzzle! Image — courtesy of Social-Engineer. We hope to see you then! Still not enough?

Social Engineering

Social Engineering Engineering Education Internet

Machine Learning in Cybersecurity Course – Part 1: Core Concepts and Examples

NopSec

MARCH 25, 2019

In this blog post, we summarize the first part of that webinar, without going into the three specific applications and the challenges. We will cover those in Part 2 of this blog series, so stay tuned for next week’s post. Examples: Let’s say you manage a large online video rental platform with many subscribers.

Cybersecurity

Cybersecurity Artificial Intelligence Phishing Malware

The Hacker Mind Podcast: The Hacker Revolution Will Be Televised

ForAllSecure

FEBRUARY 22, 2023

But also like vector graphics, like video games, there's, you know that so we were doing Capture the Flag events and building hackable video games. Perhaps the most common is Jeopardy style, where you have a board with categories and the questions get progressively harder in each.

Engineering

Engineering Hacking Wireless Marketing

Fake system update drops Aurora stealer via Invalid Printer loader

Malwarebytes

MAY 9, 2023

In this blog post, we detail our findings and how this campaign is connected to other attacks. For more than 2 weeks, the samples had 0 detection on VT and it wasn't until a blog post by Morphisec that detections started to appear. 218) as one mentioned in Morphisec's blog. Indicators of Compromise Malvertising gate qqtube[.]ru

Engineering

Engineering Malware Antivirus Social Engineering

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

Duo's Security Blog

JULY 1, 2021

Part of our Administrator's Guide to Passwordless blog series See the video at the blog post. Switching to local evaluation of a user’s identity eliminates several entire categories of attacks that impact organizations and individuals today. Even weak local authentication stops most remote attacks cold.

Passwords

Passwords Surveillance Authentication Risk

A flaw in Zimbra email suite allows stealing login credentials of the users

Security Affairs

JUNE 14, 2022

” The researchers published a video PoC that demonstrates how an unauthenticated attacker can steal the password of a known user of a targeted instance. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?. Pierluigi Paganini.

Passwords

Passwords Hacking Cybersecurity Information Security

How Passwordless Can Elevate Higher Education

Duo's Security Blog

OCTOBER 20, 2021

Given the risks to a university associated with password weakness and credential theft, it’s fair to say that higher education environments fall firmly into the “would benefit from the technology” category when thinking about whether passwordless is a fit.

Education

Education Authentication Passwords CISO

The new DOJ Law Enforcement Crypto Reports (TL;DR)

Security Boulevard

SEPTEMBER 20, 2022

In this blog post, we'll focus on the two DOJ reports, which we will address in the reverse order of their release, as it seems that it is required to define the role of law enforcement in digital assets before discussing the international cooperation one would seek in this area. Welcome To Video . Requests for Legislation .

Cryptocurrency

Cryptocurrency Marketing Cybercrime Banking

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

A fake Facebook Messenger page promised to install an update that could change the user’s appearance and voice during video calls, and track who has been viewing their profile, among other features. blogging platform that posted a gallery of children’s drawings, encouraging users to vote for their favorites.

Phishing

Phishing Scams Accountability Energy and Utilities

SiteLock Reviews: Events We Love in 2018

SiteLock

AUGUST 27, 2021

Each of these events are focused on education and networking, so whether you or your organization is an avid user of a CMS platform or seeking to expand your options in this category, these events provide the ideal setting for understanding best practices on a variety of topics such as coding, blogging, and security.

Education

Education Architecture Marketing Mobile

Past, present, and future of the Dark Web

Security Affairs

MAY 16, 2019

Unfortunately there is too much confusion between the term deep web and dark web, many videos on YouTube channels provide wrong information. This misinformation is extremely dangerous for kids, first consumers of videos published on the principal social media platform.

Marketing

Marketing Engineering Scams Internet

Security awareness training: An educational asset you can’t be without

Webroot

JANUARY 19, 2022

Webroot’s training has been recognized as a Strong Performer in The Forrester Wave : Security Awareness and Training Solutions category. With multiple media formats, extend your reach with infographics, videos and posters. The post Security awareness training: An educational asset you can’t be without appeared first on Webroot Blog.

Security Awareness

Security Awareness Education Phishing Social Engineering

Welcome to the New Have I Been Pwned Domain Search Subscription Service

Troy Hunt

AUGUST 7, 2023

We then wanted to distribute the number of domains that would fall into the commercial category roughly equally between those 4 tiers, so it was pretty much a matter of taking what was left after the free ones and dividing them into 4 groups and putting a price on them. This is a big one. A massive one.

Data breaches

Data breaches Accountability Cryptocurrency Banking

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Deepfake cyberthreats – The next evolution

Trending Sources

How I pwned an ex-CISO and the Smashing Security Podcast

Weekly Update 112

Exposed: the threat actors who are poisoning Facebook

GoodWill Ransomware victims have to perform socially driven activities to decryption their data

How You Can Start Learning Malware Analysis

Stop Ransomware in its Tracks With CipherTrust Transparent Encryption Ransomware Protection

Experts warn of a new malvertising campaign spreading the ChromeLoader

GhostTouch: how to remotely control touchscreens with EMI

Stop Ransomware in its Tracks With CipherTrust Transparent Encryption Ransomware Protection

HID Mercury Access Controller flaws could allow to unlock Doors

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

US DoJ announced to have shut down the Russian RSOCKS Botnet

Cybersecurity and Data Protection lessons from a look back at 2021

EnemyBot malware adds new exploits to target CMS servers and Android devices

Insights about the first five years of Right to be Forgotten requests at Google

Administrator’s Guide, Part 3: What Makes Passwordless, Dare We Say It, Phish-Proof?

Experts found 17 apps in the Apple App Store infected with clicker Trojan

What Does my Router Actually Do?

New Year’s resolution: keeping cybercriminals and scammers at bay

Spam and phishing in 2020

Top 5 Strategies for Vulnerability Mitigation

10 Lessons Learned from the Top Cyber Threats of 2021

Security Roundup October 2021

Certificate Self Service: Freedom for Your Team and Cohesion for Your Business

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Why do I need a CASB for Shadow IT when I already have a SIEM?

Kali Linux 2023.2 Release (Hyper-V & PipeWire)

GUEST ESSAY: Taking proactive steps to heal the planet — by reducing the impact of video streaming

What is a keylogger?

DEF CON® Kids: Preparing Them for the Future

Machine Learning in Cybersecurity Course – Part 1: Core Concepts and Examples

The Hacker Mind Podcast: The Hacker Revolution Will Be Televised

Fake system update drops Aurora stealer via Invalid Printer loader

Administrator’s Guide, Part 2: Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales

A flaw in Zimbra email suite allows stealing login credentials of the users

How Passwordless Can Elevate Higher Education

The new DOJ Law Enforcement Crypto Reports (TL;DR)

Spam and phishing in 2022

SiteLock Reviews: Events We Love in 2018

Past, present, and future of the Dark Web

Security awareness training: An educational asset you can’t be without

Welcome to the New Have I Been Pwned Domain Search Subscription Service

Stay Connected