Sat.May 29, 2021

article thumbnail

Using Fake Reviews to Find Dangerous Extensions

Krebs on Security

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

article thumbnail

Microsoft: Russian hackers used 4 new malware in USAID phishing

Bleeping Computer

Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development (USAID). [.].

Phishing 140
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

The Hacker News

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certi?ed content without invalidating its signature.

Hacking 117
article thumbnail

New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers

Bleeping Computer

A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. [.].

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

XKCD ‘Astronomy Status Board’

Security Boulevard

via the comic delivery system monikered Randall Munroe resident at XKCD ! Permalink. The post XKCD ‘Astronomy Status Board’ appeared first on Security Boulevard.

112
112
article thumbnail

Microsoft Edge 91 brings new bugs and annoying popup messages

Bleeping Computer

Microsoft released Microsoft Edge 91 yesterday, and since then, users have been reporting constant nag screens, bugs, and problems using the new version of the web browser. [.].

134
134

More Trending

article thumbnail

Mozilla: Update Firefox to avoid Netflix, Hulu streaming issues

Bleeping Computer

Mozilla advises Firefox users to update to the latest released version to avoid experiencing video streaming issues after Google updates the Widevine digital rights management (DRM) on May 31. [.].

article thumbnail

SonicWall fixes an NSM On-Prem bug, patch it asap!

Security Affairs

SonicWall urges customers to address a post-authentication flaw that affects on-premises versions of the Network Security Manager (NSM). SonicWall urges customers to ‘immediately’ address a post-authentication vulnerability, tracked as CVE-2021-20026 , impacting on-premises versions of the Network Security Manager (NSM). The vulnerability rated with an 8.8 severity score could be simply exploited without user interaction.

Firmware 105
article thumbnail

Security News in Review: SolarWinds Threat Group Launches New Phishing Campaign

Security Boulevard

Welcome to your weekly roundup of cybersecurity news. In the current edition, you’ll find information about a new campaign by the threat group behind the SolarWinds supply chain attack, Belgian authorities closing a campaign they think originated in China, and information on a new cybersecurity directive for pipeline operators. . Read on for the news!

Phishing 105
article thumbnail

Beware: Walmart phishing attack says your package was not delivered

Bleeping Computer

A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks. [.].

Phishing 118
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Six Key Characteristics of a Modern ZTNA Solutions

CyberSecurity Insiders

This post was originally published by Jeff Birnbaum. Even as organizations continue adoption of cloud technologies, the need for secure access to on-premises resources has not gone away. In fact, as many companies navigate a return to the office while simultaneously supporting a portion of the workforce now permanently remote, secure access becomes even more important. . .

article thumbnail

Using Fake Reviews to Find Dangerous Extensions

Security Boulevard

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here's the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

Scams 98
article thumbnail

Hands on with WSLg: Running Linux GUI apps in Windows 10

Bleeping Computer

Windows 10 preview builds can now run Linux apps directly on the Windows 10 desktop using the new Windows Subsystem for Linux GUI. In this article, we go hands on with the new WSLg feature to demonstrate the types of graphical Linux apps you can now run. [.].

105
105
article thumbnail

BSides Canberra 2021 – Christopher Vella’s ‘Easy LPEs And Common Software Vulnerabilities’

Security Boulevard

Thanks to BSides Canberra for publishing their outstanding videos on the organization's YouTube channel. Enjoy! Permalink. The post BSides Canberra 2021 – Christopher Vella’s ‘Easy LPEs And Common Software Vulnerabilities’ appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The Bizarro Streaming Site That Hackers Built From Scratch

WIRED Threat Level

BravoMovies isn't real. But it puts in a remarkable amount of effort to convince you that it is.

Hacking 110
article thumbnail

BSides Canberra 2021 – Alex’s ‘Finding Tony Abbott’s Passport Number And Entering The Do Not Get Arrested Challenge 2020’

Security Boulevard

Thanks to BSides Canberra for publishing their outstanding videos on the organization's YouTube channel. Enjoy! Permalink. The post BSides Canberra 2021 – Alex’s ‘Finding Tony Abbott’s Passport Number And Entering The Do Not Get Arrested Challenge 2020’ appeared first on Security Boulevard.

article thumbnail

US Soldiers Exposed Nuclear Secrets on Digital Flashcards

WIRED Threat Level

Plus: A major hack in Japan, Citizen app run amuck, and more of the week's top security news.

Hacking 99
article thumbnail

Secure Search is a Browser Hijacker – How to Remove it Now?

Security Affairs

Secured Search is a browser hijacker that changes your browser’s settings to promote securedsearch.com, let’s remove it. Secured Search is the same piece of software as ByteFence Secure Browsing. It’s supposedly a tool that improves browsing security and privacy. In reality, it’s a browser hijacker. It alters your browser’s settings to promote securedsearch.com (which is not a legitimate search engine).

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.