Krebs on Security

JANUARY 27, 2021

U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week.

Ransomware 268

Ransomware Cybercrime Antivirus Encryption 268

Schneier on Security

JANUARY 27, 2021

Insider data theft : Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground. […]. According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government COVID-19 systems and databases. They were working from home: “Because people are working from home, they can easily take photos of their screens.

Risk 263

Risk Government Cybercrime 263

Tech Republic Security

JANUARY 27, 2021

The infamous botnet has been disrupted thanks to an international effort across the US, Canada, and several European nations.

Malware 217

Malware 217

Lohrman on Security

JANUARY 27, 2021

306

306

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 27, 2021

Active accounts for people who have left your organization are ripe for exploitation, according to Sophos.

Accountability 217

Accountability Ransomware 217

Lohrman on Security

JANUARY 27, 2021

279

279

Hot for Security

JANUARY 27, 2021

Threat experts at Google say that they have identified an ongoing hacking campaign that has targeted computer security experts, specifically those researching the very type of software vulnerabilities exploited by cybercriminals. Read more in my article on the Hot for Security blog.

Hacking 144

Hacking Software Malware 144

Graham Cluley

JANUARY 27, 2021

Apple is encouraging owners of iPhones and iPads to update their devices to the latest version of iOS and iPadOS in order to protect against serious vulnerabilities that could have already been actively exploited by malicious hackers.

Malware 143

Malware 143

Lohrman on Security

JANUARY 27, 2021

Data breaches 269

Data breaches Cybersecurity 269

We Live Security

JANUARY 27, 2021

The company emits emergency updates to fix bugs affecting devices ranging from iPhones to Apple Watches. The post Apple patches three iOS zero‑days under attack appeared first on WeLiveSecurity.

141

141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Lohrman on Security

JANUARY 27, 2021

246

246

Threatpost

JANUARY 27, 2021

Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.

IoT 127

IoT 127

Lohrman on Security

JANUARY 27, 2021

IoT 234

IoT 234

Security Affairs

JANUARY 27, 2021

A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators. Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations. “The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransom

Ransomware 132

Ransomware Healthcare Cryptocurrency Government 132

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

JANUARY 27, 2021

An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.

Engineering 141

Engineering 141

PCI perspectives

JANUARY 27, 2021

Following its annual Special Interest Group (SIG) election process, the PCI Security Standards Council has confirmed the winning SIG topic for 2021. The Council’s Participating Organizations voted to select “Best Practices for Container Orchestration” as the focus for the year ahead. The goal of the SIG is to provide guidance for companies on how to enhance security when using container orchestration tools.

120

120

Lohrman on Security

JANUARY 27, 2021

Cybersecurity 222

Cybersecurity 222

Security Affairs

JANUARY 27, 2021

Apple has addressed three zero-day vulnerabilities in its iOS operating system that have been exploited in the wild. Apple has addressed three zero-day vulnerabilities in iOS that have been exploited in the wild with the release of security updates (iOS 14.4). The first zero-day issue, tracked as CVE-2021-1782, is a race condition that resides in the iOS operating system kernel. “A malicious application may be able to elevate privileges.

Mobile 127

Mobile Engineering Hacking Information Security 127

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

JANUARY 27, 2021

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said.

Adware 114

Adware Malware Mobile 114

Security Affairs

JANUARY 27, 2021

Trend Micro’s Zero Day Initiative announced the Pwn2Own Vancouver 2021 hacking competition that will also cover Zoom, MS Teams Exploits. Trend Micro’s Zero Day Initiative (ZDI) on this week announced the forthcoming Pwn2Own Vancouver 2021 hacking competition that will take place on April 6-8. The organizers provided information about the targets, prizes and rules for the competition.

Hacking 116

Hacking Information Security Malware 116

Lohrman on Security

JANUARY 27, 2021

CISO 209

CISO 209

Zero Day

JANUARY 27, 2021

The world's largest malware botnet will become extinct by April after today's coordinated takedown and planned clean-up operations.

Malware 131

Malware 131

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Approachable Cyber Threats

JANUARY 27, 2021

Category Vulnerabilities. Risk Level. Apple released a critical security update for iOS and iPadOs on Tuesday to patch three zero-day vulnerabilities. If you read no further, update your iPhone and/or iPad TODAY! “A what now?” You may remember from another ACT post that vulnerabilities are holes in your electronic devices’ code that when left unpatched, can allow hackers to use them to their advantage; like an open back door on your house.

Risk 111

Risk Software Cybersecurity 111

WIRED Threat Level

JANUARY 27, 2021

Because the chat app doesn't encrypt conversations by default—or at all for group chats—security professionals often warn against it.

Encryption 129

Encryption 129

Security Affairs

JANUARY 27, 2021

A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet. A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign.

Banking 117

Banking Malware Passwords Hacking 117

CSO Magazine

JANUARY 27, 2021

The SolarWinds/Solorigate attacks used some concerning methodologies. One of them has been what is called the Golden SAML attack process. Security Assertion Markup Language ( SAML ) enables the exchange of authentication and authorization information between trusted parties. The Golden SAML technique allows attackers to generate their own SAML response to gain access or control.

Authentication 108

Authentication 108

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Zero Day

JANUARY 27, 2021

The new LogoKit phishing kit has already been spotted on more than 700 unique domains over the past month.

Phishing 138

Phishing Cybercrime 138

CSO Magazine

JANUARY 27, 2021

Law enforcement agencies from several countries collaborated in a joint operation that resulted in taking over the command-and-control infrastructure behind Emotet , one of the world's largest botnets. Whether this disruption to the botnet will be permanent remains to be seen, but it's a promising development according to security experts. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters !

CSO 108

CSO Malware 108

TrustArc

JANUARY 27, 2021

Happy Data Protection Day! Paul Breitbarth and K Royal kick off Season 2 of the Serious Privacy podcast with a special guest, Helen Dixon, Data Protection Commissioner for Ireland. She is probably one of the best known data protection regulators around the world, with her office having the duty to supervise most major tech companies […]. The post Serious Privacy Podcast – A Work in Progress: A View Inside the Irish DPC (with Helen Dixon) appeared first on TrustArc Privacy Blog.

Data privacy 105

Data privacy 105

The Hacker News

JANUARY 27, 2021

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure compute infrastructure.

Cybersecurity 105

Cybersecurity 105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.