Fri.Sep 17, 2021

Zero-Click iMessage Exploit

Schneier on Security

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Uncategorized Apple exploits patching spyware vulnerabilities

Weekly Update 261

Troy Hunt

Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

It’s Time for Vendor Security 2.0

Daniel Miessler

In a previous post I talked about how security questionnaires are security theater. They were in 2018—and they still are—but pointing this out always raised the same challenge: Fine, but we have to do something. What’s the alternative?

Risk 200

Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says

Tech Republic Security

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Numando: Count once, code twice

We Live Security

The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. The post Numando: Count once, code twice appeared first on WeLiveSecurity. Malware

Dell study finds most organizations don't think they can recover from a ransomware attack

Tech Republic Security

Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016

More Trending

Small businesses need to step up efforts to secure and retain hybrid workers

Tech Republic Security

Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds

Apple and Google Go Further Than Ever to Appease Russia

WIRED Threat Level

The tech giants have set a troubling new precedent. Security Security / Security News

110
110

A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

Security Affairs

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL).

Cybersecurity News Round-Up: Week of September 13, 2021

Security Boulevard

The biggest story this week was over at Apple, which released security updates for a zero-day vulnerability that affects the iPhone, iPad, Mac and Apple Watch. The post Cybersecurity News Round-Up: Week of September 13, 2021 appeared first on Security Boulevard. Security Bloggers Network

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Free decryptor for past REvil ransomware victims released

Graham Cluley

The experts at security firm Bitdefender, in collaboration with "a trusted law enforcement partner", have made available a universal decryptor for victims of the REvil ransomware (also sometimes known as Sodinokibi). Malware Ransomware ransomware Revil

Ransomware Groups Reinvest Capital to Improve Attack Methods

CyberSecurity Insiders

Ransomware is big business, and it’s getting even bigger. Some successful ransomware groups now operate as efficient organizations, reinvesting the proceeds from ransom payments to grow the business and refine attack methods.

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Security Affairs

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system.

Ransomware news headlines trending on Google

CyberSecurity Insiders

The Department of Justice of South Africa suffered a ransomware attack on September 6th,2021 and news is out that the government’s purposed legal cell hasn’t recovered its data from the attack yet.

German Election body hit by a cyber attack

Security Affairs

A spokesman for the authority running Germany’s September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany’s September 26 general election, reported AFP.

How Should the CSO Work With the Chief Privacy Officer?

Dark Reading

The chief security officer needs to be in constant communication with the chief privacy officer about what's working or not working

CSO 97

Have you tried to guess your boss's password? Lots of workers have, according to a report

Tech Republic Security

An August Beyond Identity report takes a look at people's password protection habits as well as their tendencies to guess other folk's passwords

‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t

Security Boulevard

Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability. The post ‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t appeared first on Security Boulevard.

Infrastructure, Security, and the Need for Visibility

Dark Reading

Government authorities are increasingly trying to bolster critical infrastructure security. But investments in next-generation solutions won't go far enough without also addressing security and operational fundamentals

Identity in Africa – an existential right for every citizen

CyberSecurity Insiders

For many governments across the world, the COVID-19 pandemic has brought to light the immense value that a digital identity system can have.

Cloud Identity Governance can Overcome Entitlement Risks

Security Boulevard

Of the many problems that threaten enterprises, entitlement and access management risks are a significant cause for concern. These issues become even more menacing as the current remote and hybrid work scenarios have fragmented and distributed the enterprise workforce.

Attackers Exploit OMIGOD Flaw in Azure Despite Microsoft Fixes

eSecurity Planet

Cybercriminals are targeting Linux-based servers running Microsoft’s Azure public cloud environment that are vulnerable to flaws after Microsoft didn’t automatically apply a patch on affected clients in its infrastructure.

Risk 92

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems.

OMIGOD! Azure Vulnerabilities Are Being Exploited

Security Boulevard

No sooner had the Open Management Infrastructure (OMI) software agent silently installed by Microsoft on more than half of all Azure instances been revealed then threat actors were already on the case, exploiting the flaws.

DDOS 91

Week in security with Tony Anscombe

We Live Security

Analysis of Numando banking trojan, steps to mitigate attack surface, and more! Week in security with Tony Anscombe. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

DEF CON 29 Blockchain Village – Michael Lewellen’s ‘Ethereum Hacks & How To Stop Them’

Security Boulevard

Our thanks to DEFCON for publishing their outstanding DEFCON Conference Blockchain Village Videos on the groups' YouTube channel. Permalink.

IoT 'Nutrition' Labels Aim to Put Security on Display

Dark Reading

NIST has laid the groundwork for an easy-to-understand way to communicate to consumers the security of software and connected devices

IoT 87

Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

Security Affairs

The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them.

DDOS 86

How FS Organisations Can Enter The New Age in Digital Banking

Security Boulevard

How FS Organisations Can Enter The New Age in Digital Banking. michelle. Fri, 09/17/2021 - 09:27. Whether it’s challenges related to data privacy, compliance or a lack of resources and skills, FS organisations need to overcome the hurdles currently impeding the Open Banking revolution. Sep 10, 2021.

Securing Home Employees with Enterprise-Class Solutions

eSecurity Planet

The number of employees working remotely skyrocketed during the COVID-19 pandemic, and many companies appear likely to continue with a hybrid work model when things return to normal.

Facebook Releases Video Capture Glasses | Avast

Security Boulevard

The newest wearable tech on the market is a pair of glasses that can record 30-second videos and take photos, the result of a collaborative effort between Facebook and Ray-Ban.

Mirai Botnet Exploiting OMIGOD Azure Vulnerability

Dark Reading

Microsoft patched four Open Management Infrastructure flaws earlier this week

82

Fighting Digital Banking’s Fraud Problem

Security Boulevard

Either out of necessity or convenience, the adoption of digital banking has skyrocketed since early 2020 and much of this. The post Fighting Digital Banking’s Fraud Problem appeared first on Entrust Blog. The post Fighting Digital Banking’s Fraud Problem appeared first on Security Boulevard.

New Report Examines Top Threats Discussed at Black Hat USA

Dark Reading

Supply chain security and vulnerabilities in enterprise software were among the threats most dicussed at this year's show, survey data reveals

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

Threatpost

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan. Malware Mobile Security