Schneier on Security

DECEMBER 2, 2020

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ — over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable­ — meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. […].

Passwords 283

Passwords Hacking 283

Krebs on Security

DECEMBER 2, 2020

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised.

Accountability 279

Accountability Hacking Scams Media 279

Adam Levin

DECEMBER 2, 2020

Android users trying to install mods for the wildly popular game title Minecraft may be unintentionally installing adware and malware to their devices. According to new research from cybersecurity and anti-virus company Kaspersky Lab , over twenty apps available to download on Google’s Play store claiming to add additional content to the game were “malvertising,” which launches unwanted popup ads on a user’s device.

Adware 173

Adware Malware Cybersecurity Technology 173

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.

Malware 121

Malware Accountability Hacking Government 121

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 2, 2020

Multiple security professionals said stolen credentials on Exploit.in were part of a tidal wave of business email compromise attacks.

Accountability 127

Accountability 127

Security Affairs

DECEMBER 2, 2020

Online education giant K12 Inc. was hit by Ryuk ransomware in the middle of November and now has paid a ransom to avoid data leak. The education company Online education giant K12 Inc. has paid a ransom to the ransomware operators after the gang infected its systems in November. K12 Inc. is a for-profit education company that sells online schooling and curricula.

Education 119

Education Cyber Insurance Insurance Ransomware 119

Threatpost

DECEMBER 2, 2020

Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.

Wireless 122

Wireless Mobile 122

Security Affairs

DECEMBER 2, 2020

Security researcher Tolijan Trajanovski ( @tolisec ) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb , shared with me samples of a botnet that propagates using weblogic exploit. The botnet was also discovered by @ BadPackets 5 days ago and it is still active as of now, December 1, 2020.

IoT 99

IoT Malware Architecture Hacking 99

Trend Micro

DECEMBER 2, 2020

A recent phishing scam uses the name of a retail company to target users from France. The scheme employs a more targeted social engineering technique as it features each target's actual home address and phone number.

Social Engineering 98

Social Engineering Retail Scams Phishing 98

We Live Security

DECEMBER 2, 2020

ESET researchers discover a new backdoor used by Turla to exfiltrate stolen documents to Dropbox. The post Turla Crutch: Keeping the “back door” open appeared first on WeLiveSecurity.

Malware 98

Malware 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

DECEMBER 2, 2020

Productivity Score will no longer identify how individual users interact with Microsoft 365 apps.

Surveillance 121

Surveillance 121

WIRED Threat Level

DECEMBER 2, 2020

Robust Intelligence is among a crop of companies that offer to protect clients from efforts at deception.

Artificial Intelligence 125

Artificial Intelligence 125

Threatpost

DECEMBER 2, 2020

Peter Lowe with DNSFilter discusses the science behind domain name system (DNS) filtering and how this method is effective in blocking out phishing and malware.

DNS 94

DNS Phishing Malware Internet 94

Security Affairs

DECEMBER 2, 2020

Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning of attacks carried out by threat actors against United States think tanks. APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a great relevance for nation-state attackers that focus on the U.S. policy.

Accountability 76

Accountability Phishing Internet Internet 76

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

DECEMBER 2, 2020

In a recent cyberattack against an E.U. country's Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.

Government 95

Government Malware Hacking 95

Trend Micro

DECEMBER 2, 2020

We looked into the evolution of an Android malware's obfuscation methods through samples nearly a year apart, Geost and Locker. Adding context to this discussion is the discovery that the authors of the malware used an external obfuscation service.

Malware 77

Malware Mobile 77

Threatpost

DECEMBER 2, 2020

The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year.

Healthcare 81

Healthcare Phishing Ransomware Malware 81

SiteLock

DECEMBER 2, 2020

The benefits of a secure website are critical. SiteLock explains some of the benefits of having a secure website. To learn about our services contact us today. The post The Business Impact: Benefits of a Secure Website appeared first on The SiteLock Blog.

Small Business 81

Small Business 81

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

DECEMBER 2, 2020

The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts.

Surveillance 88

Surveillance Data privacy 88

Appknox

DECEMBER 2, 2020

When it comes to security, it’s not always the advanced and complex techniques that matter. At times, even the simplest of the practices can do wonders for the security of your applications. Using tools like SonarQube and Appknox in the DevOps pipeline for a thorough code analysis is one such practice.

81

81

Threatpost

DECEMBER 2, 2020

The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.

VPN 79

VPN Phishing Malware Government 79

Dark Reading

DECEMBER 2, 2020

Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.

118

118

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The State of Security

DECEMBER 2, 2020

The Lazarus Group (also known as Guardians of Peace or Whois) is a notorious cybercrime gang made up of unknown individuals. According to the United States Federal Bureau of Investigations, the group is a North Korean “state-sponsored hacking organization.” However, some believe that their connections to North Korea might be a false flag intending to […]… Read More.

Malware 72

Malware Cybercrime Hacking 72

Threatpost

DECEMBER 2, 2020

CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.

90

90

Dark Reading

DECEMBER 2, 2020

Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.

Engineering 119

Engineering 119

SecureWorld News

DECEMBER 2, 2020

A company that has powered online learning for more than 1 million students just disclosed it paid a ransom demand to hackers. K12 Inc., issued an unusually detailed statement to investors about the cyberattack, its decision to pay the ransom and next moves by the online education provider. What happened in this K12 ransomware attack. What happened in this ransomware attack?

Cyber Insurance 53

Cyber Insurance Insurance Ransomware Backups 53

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

DECEMBER 2, 2020

Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K-12 school networks.

Risk 110

Risk 110

Digital Shadows

DECEMBER 2, 2020

SECURITY CONCERNS ARE HEATING UP IN THE MIDDLE EAST Rising rates of cybercriminal activities occur as threat actors observe the. The post The Top 3 Cybersecurity Threats In The Middle East first appeared on Digital Shadows.

Cybersecurity 52

Cybersecurity Cybercrime 52

Dark Reading

DECEMBER 2, 2020

Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.

84

84

BH Consulting

DECEMBER 2, 2020

The fallout from the European Court of Justice (CJEU)/Schrems II ruling on the validity of the US/EU Privacy Shield continues to have an impact on organisations. The ruling makes it challenging to transfer data to countries where equivalent data protection is not possible, leaving companies with the difficult task to find a defensible position for such transfers.

Marketing 52

Marketing Technology Financial Services Information Security 52

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.