Schneier on Security
DECEMBER 3, 2021
Matt Blaze tested a variety of Faraday cages for phones, both commercial and homemade. The bottom line: A quick and likely reliable “go/no go test” can be done with an Apple AirTag and an iPhone: drop the AirTag in the bag under test, and see if the phone can locate it and activate its alarm (beware of caching in the FindMy app when doing this).
Krebs on Security
DECEMBER 3, 2021
Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “ Babam ,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occa
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Javvad Malik
DECEMBER 3, 2021
I’m no writer of novels, but I allowed myself to be influenced by national November novel writing month and thought it would be a good idea to attempt a blog a day through the month. In the end, I wrote 17 blogs during November, the most I’ve written in a long time, perhaps ever. There are another 3 which ended up in drafts that will likely never see the light of day.
Tech Republic Security
DECEMBER 3, 2021
When using LinkedIn and other social media accounts for professional reasons, there are important factors to consider about securing your personal data. Learn how to protect yourself from a hacker.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
DECEMBER 3, 2021
The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. [.].
Tech Republic Security
DECEMBER 3, 2021
Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
DECEMBER 3, 2021
All you populace out in UK, please be aware that some online fraudsters are launching phishing email attacks in the name of NHS distributing free PCR testing kits to detect the latest Omicron Corona Virus variant. Which? a data advocacy group discovered the attack and alerted all online users that they should not believe the latest email campaign that claims to be backed by NHS.
Bleeping Computer
DECEMBER 3, 2021
IT security researchers from Ruhr-Universität Bochum (RUB) and the Niederrhein University of Applied Sciences have discovered 14 new types of 'XS-Leak' cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox. [.].
CSO Magazine
DECEMBER 3, 2021
Ransomware has a long history , dating back to the late 1980s. Today, it’s generating billions of dollars in revenue for the criminal groups behind it. Victims incur recovery costs even if they pay the ransom. Sophos reports that the average cost of a ransomware attack in 2020 was nearly $1.5 million for victim organizations that paid ransoms and about $732,000 for those that didn’t.
Bleeping Computer
DECEMBER 3, 2021
Apple has warned US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
DECEMBER 3, 2021
With a recent survey by Mastercard showing that almost two thirds of consumers have tried a new payment method in the past 18 months, how we pay is changing. The Covid-19 pandemic has accelerated a shift towards digital banking, with consumers beginning to ditch traditional payment methods like cash or checks in favour of alternatives such as eWallets, contactless ATMs and biometric bank cards.
The Hacker News
DECEMBER 3, 2021
E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. "This novel code injects itself into a host Nginx application and is nearly invisible," Sansec Threat Research team said in a new report.
Security Boulevard
DECEMBER 3, 2021
Schadenfreude: This week saw a pair of high-profile cryptocurrency thefts, totalling over $150 million. The post $150M Stolen in ‘Imaginary Money’ Crypto/DeFi Hacks appeared first on Security Boulevard.
Graham Cluley
DECEMBER 3, 2021
The UK Government has been fined £500,000 after the addresses of over 1,000 New Years Honours recipients were mistakenly published online, potentially putting some of them at serious risk.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
DECEMBER 3, 2021
When I wrote the introduction for our recent report Organizations at Risk: Ransomware Attackers Don’t Take Holidays , I described current factors and trends with the potential to disrupt the upcoming holiday season. . The post Cl0p Ransomware Gang Tries to Topple the House of Cards appeared first on Security Boulevard.
Malwarebytes
DECEMBER 3, 2021
Emotet is one of the best known, and most dangerous, malware threats of the past several years. On several occasions it appeared to take an early retirement, but it has always came back. In January of this year, a global police operation dismantled Emotet’s botnet. Law enforcement then used their control of this infrastructure to send a “self-destruct” update to Emotet executables.
Cisco Security
DECEMBER 3, 2021
Cisco is proud to be the only vendor recognized by SE Labs as Best Next Generation Firewall (NGFW) in their 2021 Annual Report. We’re honored to receive industry recognition for excellence in the network firewall market and for making security less complex, more agile, and better able to defend against today’s and tomorrow’s threats. I couldn’t be prouder of our Cisco Secure Firewall team and our amazing customers who continue to develop their network security around our firewall, and who have
Bleeping Computer
DECEMBER 3, 2021
The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
DECEMBER 3, 2021
Threat actors have started to exploit the interest in the Omicron COVID-19 variant and are using it as a lure in phishing campaigns. Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing attacks. People are interested in the spreading of the new variant, the efficiency of the vaccines and the measures that will adopt the states to prevent its spreading, and threat actors are attempting to take advantage of this situation.
The Hacker News
DECEMBER 3, 2021
A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access.
Security Boulevard
DECEMBER 3, 2021
Security experts widely agree that any organization securing logins to its valuable IT services using only a username-password combination is taking a huge security risk. Multifactor authentication (MFA) is one of the most basic ways to layer your defenses against unauthorized logins to systems and, ultimately, can help prevent costly breaches. The Current Authentication Landscape.
The Hacker News
DECEMBER 3, 2021
Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the instance of the latest CISA directive, that would be making a mistake.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Digital Guardian
DECEMBER 3, 2021
$31 in digital coin stolen, an insider extortion attack, and a new cybersecurity resource for healthcare workers - catch up on the infosec news of the week with the Friday Five!
The Hacker News
DECEMBER 3, 2021
Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months.
Security Affairs
DECEMBER 3, 2021
Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. Threat actors this week have hacked the decentralized finance platform BadgerDAO and have stolen $120.3 million in crypto funds, blockchain security firm PeckShield reported. Most of the stolen funds, over $117 million, were Bitcoin, while the rest of the stolen assets were stored in the form of interest-bearing Bitcoin, a form of tokenised Bitcoin, and Ether.
Graham Cluley
DECEMBER 3, 2021
A former employee of Ubiquiti Networks has been arrested and charged in connection with a hack that stole gigabytes of data and attempted to extort US $2 million from the firm. Read more in my article on the Hot for Security blog.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
DECEMBER 3, 2021
A veritable barn-stormer of an insider threat story has recently come to light. A former employee of Ubiquiti Networks, Nickolas Sharp, has been arrested and charged for allegedly hacking company servers, stealing gigabytes of information, and then rounding it all off with a splash of extortion. This took place in December of last year, but there’s no clear reason (yet) for why he did any of it.
Threatpost
DECEMBER 3, 2021
Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.
Bleeping Computer
DECEMBER 3, 2021
Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installation to the latest available version. [.].
We Live Security
DECEMBER 3, 2021
ESET researchers analyze malware frameworks targeting air-gapped networks – ESET Research launches a podcast – INTERPOL cracks down on online fraud. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
295 
Let's personalize your content