Bleeping Computer
DECEMBER 29, 2021
T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" that they fell victim to SIM swap attacks. [.].
CyberSecurity Insiders
DECEMBER 29, 2021
Amid fears that the newly mutated & detected Omicron variant of Corona could trigger a lockdown across the world, security experts warn that some group of threat actors probably funded by adversary governments are threatening to disrupt the healthcare services and vaccine supply meant to contain the spread of COVID-19 on a global note. According to a study made by researchers from Barracuda Networks, hospitals and healthcare organizations are at a greater risk of being cyber attacked in 2022
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
DECEMBER 29, 2021
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish the customer data should ONUS refuse to comply. [.].
CyberSecurity Insiders
DECEMBER 29, 2021
Cybersecurity researchers from CrowdStrike have discovered that China funded hacking group Aquatic Panda was busy indulging in spying and espionage activities related to industrial intelligence and military secrets. Researchers from the security firm argue that said threat group was actively taking part in intelligence collection since May 2020, when almost the entire world was busy jostling with COVID-19 pandemic propelled lockdown and aftermath consequences.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
DECEMBER 29, 2021
Microsoft Defender for Endpoint is currently showing "sensor tampering" alerts linked to the company's newly deployed Microsoft 365 Defender scanner for Log4j processes. [.].
The Hacker News
DECEMBER 29, 2021
An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
DECEMBER 29, 2021
Amid extreme concerns related to cyber warfare from Russia, Ukraine’s President Volodymyr Zelensky announced a new information security strategy policy was launched and came into effect early this week. Article 107 of the Constitution of Ukraine proposed a new security strategy for the country’s information systems on October 15,2021 and was waiting for the whole parliaments nod till date.
Security Affairs
DECEMBER 29, 2021
T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts.
CyberSecurity Insiders
DECEMBER 29, 2021
This blog was written by an independent guest blogger. This article explores how you can locate Insecure direct object references (IDORs) using Burp Suite. Primarily, there are two ways to test the IDOR flaw, manual and semi-automated. For automation, this article focuses on the Autorize Plugin in Burp Suite. What are Insecure Direct Object References (IDOR).
CSO Magazine
DECEMBER 29, 2021
It’s the end of 2021, a time when you expect to see security pundits predict security issues for the coming year. I’d rather look back at the security issues we’ve been tracking to ensure that we’ve learned all the necessary lessons from them.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
DECEMBER 29, 2021
The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last weeks.
Security Boulevard
DECEMBER 29, 2021
Wherever there is crypto, there are giveaway (/airdrop) scams. In these scams, scammers target NFT enthusiasts by offering them free NFT tokens. The post Best of 2021 – 5 NFT Scams you need to know – NFT Scams Part-1 appeared first on Security Boulevard.
Security Affairs
DECEMBER 29, 2021
China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. .
Threatpost
DECEMBER 29, 2021
Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
DECEMBER 29, 2021
The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. [.].
Security Affairs
DECEMBER 29, 2021
A cyber attack hit Norwegian media company Amedia on Tuesday and forced it to shut down multiple systems. Amedia , one of the largest media companies in Norway, was hit by a “serious” cyber attack and was forced to shut down its computer systems. The company is whole or partial owner of 50 local and regional newspaper with online newspapers and printing presses, and its own news agency, Avisenes Nyhetsbyrå.
Naked Security
DECEMBER 29, 2021
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Security Boulevard
DECEMBER 29, 2021
With regular news stories about companies being hacked, database breaches, internet-breaking vulnerabilities and online credit card theft, web users are justifiably anxious about making online purchases for fear that their personal information will be compromised by attackers. But where does legitimate concern end and outright paranoia begin? In this post I will try to dispel some of this anxiety and equip users with knowledge on how to make safe purchases online.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
eSecurity Planet
DECEMBER 29, 2021
MITRE ATT&CK (“miter attack”) is an up-to-date and widely-used knowledge base that focuses on how attackers think and operate. It’s based on practical use cases, so companies can better evaluate security issues and get examples of common tactics and techniques used by threat actors. ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) documents adversary behaviors to be used by red teams (e.g., for pentesting ) but also by defenders who want to understand “the conte
Security Boulevard
DECEMBER 29, 2021
From continued ramifications of the pandemic and the increasing sophistication and frequency in cyber attacks, the past year was truly one for the record books. We look at the 5 most likely security predictions for 2022. The post Bracing for the Inevitable: 5 Security Predictions for 2022 appeared first on Security Boulevard.
Identity IQ
DECEMBER 29, 2021
Here are the Top Ten IdentityIQ Topics of 2021. IdentityIQ. The past year was packed with major events that affected the nation’s economy, from the earnings of the largest companies down to the wallets of individual consumers. Supply chain issues, inflation, a red-hot housing market, labor shortages and data breaches are just a few of the topics that affected our credit and personal finances.
The Security Ledger
DECEMBER 29, 2021
In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the critical, remote code execution flaw in the Log4j open source library. Mark talks about how the Internet community can come together ahead of the next vulnerability to make sure the. Read the whole entry. » Click the icon below to listen.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
DECEMBER 29, 2021
Don't think of zero trust as a product. Think of it as "how you actually practice security.
Threatpost
DECEMBER 29, 2021
Here’s what cybersecurity watchers want infosec pros to know heading into 2022. .
Dark Reading
DECEMBER 29, 2021
That announcement may feel good, but if your prospective acquisition's cybersecurity levels are substandard, it might be best to hold off.
Security Affairs
DECEMBER 29, 2021
China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability ( CVE 2021-44228 ) in an attack aimed at a large academic institution. According to the Crowdstrike OverWatch team, the APT group is using a modified version of the Log4j exploit published on GitHub on December 13.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
DECEMBER 29, 2021
Another Log4j version has been released by Apache dubbed 2.17.1, as prior to yesterday the most recent Log4j version was 2.17.0. This new variant addresses the RCE found in 2.17.0 under the CVE-2021-44832. Five CVEs Have Been Linked to Log4j in Less than a Month The original Log4j vulnerability has been assigned the CVE-2021-44228. As […]. The post The Fifth Log4j Vulnerability Has Been Fixed by Apache appeared first on Heimdal Security Blog.
CyberSecurity Insiders
DECEMBER 29, 2021
As cybersecurity professionals, you work in an industry that is always evolving. It is imperative to stay up to date on the most important topics. On top of your responsibilities on the job, it can be challenging to stay current or know where to look for the latest news or best practices. So, we’ve compiled the highest rated, ranked by your peers, (ISC)² cybersecurity webinars from 2021.
Threatpost
DECEMBER 29, 2021
Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.
Heimadal Security
DECEMBER 29, 2021
If you’ve used to store your credentials in the browser, you might want to consider it twice! An information-stealing malware dubbed RedLine is targeting browsers like Chrome, Opera, or Microsoft Edge. The researchers at AhnLab ASEC, who wrote a report about this, describe it as follows: Redline Stealer is an infostealer that collects account credentials saved […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
145 
Let's personalize your content