Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Passwords 231

Passwords Authentication Accountability Mobile 231

DoublePulsar

MAY 7, 2022

Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen… Continue reading on DoublePulsar ».

Surveillance 132

Surveillance Cybersecurity 132

The Hacker News

MAY 7, 2022

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-up published this week.

Malware 98

Malware 98

Security Boulevard

MAY 7, 2022

On April 18, 2022, CERT-UA published alert #4490 , which describes a malicious email campaign targeting Ukraine. The email attempts to deploy a Cobalt Strike beacon on the victim's system through the use of a MS Office macro. In the alert, CERT-UA provides a list of indicators of compromise (IoCs), including a list of IP addresses and domains used in the attack that are known to be Cobalt Strike command and control (C2) servers.

98

98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MAY 7, 2022

Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified. [.].

Antivirus 98

Antivirus Malware Technology 98

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. The technique allows hiding a fileless Trojan, the experts also noticed that Dropper modules also patched Windows native API functions, related to event tracing (ETW) and anti-malware scan interface (AMSI), to avoid dete

Malware 97

Malware Encryption Hacking Cybersecurity 97

Security Affairs

MAY 7, 2022

Researchers discovered a new Windows malware, dubbed Raspberry Robin, with worm-like capabilities that spreads via removable USB devices. Cybersecurity researchers from Red Canary have spotted a new Windows malware, dubbed Raspberry Robin, with worm-like capabilities that propagates through removable USB devices. “Raspberry Robin is Red Canary’s name for a cluster of activity we first observed in September 2021 involving a worm that is often installed via USB drive.” reads the adviso

Malware 93

Malware Backups Manufacturing Hacking 93

Bleeping Computer

MAY 7, 2022

The UK government added 63 Russian entities to its sanction list on Wednesday. Among them are Baikal Electronics and MCST (Moscow Center of SPARC Technologies), the two most important chip makers in Russia. [.].

Technology 94

Technology Government 94

WIRED Threat Level

MAY 7, 2022

If you don’t like marketers (or anyone else) knowing when and where you read your email, Apple’s feature will help you reclaim some privacy.

Marketing 98

Marketing 98

Bleeping Computer

MAY 7, 2022

Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube. [.].

Cryptocurrency 91

Cryptocurrency 91

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

MAY 7, 2022

Plus: Russia rerouted internet in occupied Ukraine, Grindr sold its users' location data to ad networks, and more.

Internet 89

Internet Internet 89

Security Boulevard

MAY 7, 2022

Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference for publishing their well-crafted application security videos on the organization’s’ YouTube channel. Permalink. The post OWASP® Global AppSec US 2021 Virtual – Kiran Kamity’s ‘OWASP ZAP & DeepFactor Continuous AppSec Observability: Made For Each Other!

Education 52

Education Cybersecurity 52

Security Affairs

MAY 7, 2022

The U.S. Department of Treasury sanctioned cryptocurrency mixer Blender.io used by North Korea-linked Lazarus APT. The U.S. Department of Treasury sanctioned the cryptocurrency mixer Blender.io used by the North Korea-linked Lazarus APT to launder the funds stolen from Axie Infinity’s Ronin bridge. This is the first time ever, Treasury is sanctioning a virtual currency mixer.

Cryptocurrency 84

Cryptocurrency Hacking Ransomware Risk 84

Security Boulevard

MAY 7, 2022

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Passwords 52

Passwords Phishing Authentication Internet 52

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MAY 7, 2022

Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference for publishing their well-crafted application security videos on the organization’s’ YouTube channel. Permalink. The post OWASP® Global AppSec US 2021 Virtual – Matt Tesauro’s ‘Are You Safe From OWASP #11?’ appeared first on Security Boulevard.

Education 52

Education InfoSec Cybersecurity 52

Security Boulevard

MAY 7, 2022

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® ! Permalink. The post Joy Of Tech® ‘#2896′ appeared first on Security Boulevard.

52

52