Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Antivirus 346

Antivirus Cryptocurrency Identity Theft Software 346

Troy Hunt

JANUARY 8, 2022

Well that all changed very quickly. One week ago, I was like "I'm going to do this video from somewhere really epic next week" A few hours after that video, the host of the drinks we'd gone to over the road the day before told us she had symptoms. Another few hours later and she's COVID positive. A few days after that and Charlotte is positive too.

262

262

Bleeping Computer

JANUARY 8, 2022

Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy.NET application to install cryptocurrency stealers, remote access trojans, and miners. [.].

Malware 145

Malware Cryptocurrency Cybersecurity 145

Security Affairs

JANUARY 8, 2022

Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J vulnerability. The flaw, tracked as CVE-2021-42392 , could allow attackers to execute remote code on vulnerable systems, the good news is that unlike the Log4J issue it should not be as widespread.

IoT 142

IoT Passwords Hacking Information Security 142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JANUARY 8, 2022

On January 6th, Automattic released an important security update for the WordPress core which addresses four separate vulnerabilities. WordPress website administrators are advised to update their websites immediately. All WordPress versions between 3.7 and 5.8 are affected by this, and the security issues include SQL injection, stored XSS and object injection, which we will review in this post.

Firewall 139

Firewall Network Security 139

Bleeping Computer

JANUARY 8, 2022

Experimentation with ANSI escape characters on terminal emulators has led to the discovery of multiple high-severity DoS (denial of service) vulnerabilities on Windows terminals and Chrome-based web browsers. [.].

124

124

SecureBlitz

JANUARY 8, 2022

This post reveals 5 ways to improve the security of your Magento eCommerce store. An alarming report shows that more than 90% of small online enterprises are prone to data breaches. Because of this, building security authentication for eCommerce should never be a one-time effort once your eCommerce site is up and running. Your site. The post 5 Ways To Improve The Security Of Your Magento eCommerce Store appeared first on SecureBlitz Cybersecurity.

eCommerce 122

eCommerce Data breaches Authentication Cybersecurity 122

CyberSecurity Insiders

JANUARY 8, 2022

In the last several months the XDR acronym is being used by almost every security product manufacturer. It is one thing to say that you have it, but the hard work that goes into building the detections takes years. It is not enough to say that you have a big data platform that you can dump things into and search; you need actionable detections that lead to meaningful correlations.

Big data 110

Big data Manufacturing Firewall Cybersecurity 110

The Hacker News

JANUARY 8, 2022

Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to "educate people" about its approach with regards to how it collects and processes personal information across its family of social media apps.

Data collection 109

Data collection Education Media 109

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. A recent SMISHING campaign spotted by CSIRT KNF , FluBot targeted Polish users with a messaging asking them if to click on a link to view a video.

Malware 107

Malware DNS Banking Hacking 107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

JANUARY 8, 2022

The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks.

104

104

WIRED Threat Level

JANUARY 8, 2022

Plus: NFT thefts, a ransomware wave in schools, and more of the week’s top security news.

Antivirus 145

Antivirus Software Ransomware 145

Security Affairs

JANUARY 8, 2022

SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. According to the company, starting January 1, 2022, its Email Security products began experiencing an issue causing junk box and message log updates to fail.

Firewall 99

Firewall Engineering Firmware Malware 99

Security Boulevard

JANUARY 8, 2022

Our thanks to BSides Halifax for publishing their tremendous videos from the BSides Halifax 2021 Conference on the organization’s’ YouTube channel. Enjoy! Permalink. The post BSides Halifax 2021 – Closing Keynote: Matia Katz’ ‘From Napkin To Company – An Edge Micro-Segmentation Story’ appeared first on Security Boulevard.

Education 82

Education InfoSec Information Security Cybersecurity 82

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

JANUARY 8, 2022

SALT LAKE CITY–( BUSINESS WIRE )–Medical Review Institute of America (“MRIoA”), an organization providing clinical peer reviews, on behalf of some of its health plan, health care provider and other customers, is notifying certain individuals whose information was affected by a recent data security incident. On November 9, 2021, MRIoA discovered that it was the victim of a sophisticated cyber-attack.

Data breaches 78

Data breaches Identity Theft Accountability Insurance 78

Security Boulevard

JANUARY 8, 2022

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink. The post XKCD ‘Throat And Nasal Passages’ appeared first on Security Boulevard.

81

81

Naked Security

JANUARY 8, 2022

Where were YOU on the night of 17 May 2002? And what about the day after that?

94

94

Security Boulevard

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn't alone in this dubious endeavor: Avira antivirus -- which has built a base of 500 million users worldwide largely by making the product free -- was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Antivirus 74

Antivirus 74

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare