Wed.Jun 29, 2022

Ecuador’s Attempt to Resettle Edward Snowden

Schneier on Security

Someone hacked the Ecuadorian embassy in Moscow and found a document related to Ecuador’s 2013 efforts to bring Edward Snowden there. If you remember, Snowden was traveling from Hong Kong to somewhere when the US revoked his passport, stranding him in Russia.

Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing

Dark Reading

External attacks focused on vulnerabilities are still the most common ways that companies are successfully attacked, according to incident data

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Four Steps to Using Metrics to Defend Your Security Budget

CyberSecurity Insiders

By Diana-Lynn Contesti (Chief Architect, CISSP-ISSAP, ISSMP, CSSLP, SSCP), and Richard Nealon (Senior Security Consultant, CISSP-ISSMP, SSCP, SABSA SCF). Ever find yourself in a struggle to defend your security budget or to introduce a change?

Patch Now: Linux Container-Escape Flaw in Azure Service Fabric

Dark Reading

Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug

103
103

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Toxic masculinity holds us ALL back (in cyber) & what you can do about it

Jane Frankland

In last week’s newsletter (edition 3), I wrote about being you in the workplace and some of the difficulties that women in cyber face. I told you we have a saying at The Source , my new initiative for women in cyber and businesses who value them, but today I want to let you know about another saying we have. It’s, “No blame. No shame. Just better business.”

CISO 100

Nearly a Million Kubernetes Instances Exposed on Internet

eSecurity Planet

Cybersecurity researchers have found more than 900,000 instances of Kubernetes consoles exposed on the internet. Cyble researchers detected misconfigured Kubernetes instances that could expose hundreds of thousands of organizations.

More Trending

How to de-anonymize fraudulent Tor web servers

Tech Republic Security

While it is common belief that there is not much that can be done to locate remote servers hosted using the Tor network, a new research reveals it is possible to de-anonymize some and uses ransomware domains hosted on the Dark Web as examples.

ZuoRAT Hijacks SOHO Routers From Cisco, Netgear

Dark Reading

The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly

Adopting a Multifaceted Security Approach

Security Boulevard

Over the past decade, terms like malware and ransomware have increasingly entered into the public vernacular, especially as they relate to highly publicized, high-profile cybersecurity attacks.

A guide to teaching cybersecurity skills to special needs students

CyberSecurity Insiders

This blog was written by an independent guest blogger. Schools and colleges were the worst hit by cyberattacks during the global health crisis in 2020. According to a report by GCN , ransomware attacks alone affected over 1,680 schools, colleges, and universities in the US.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Phishing Reached All-Time High: Social Engineering News

Security Boulevard

Phishing reached an all-time high in the first quarter of 2022. To clarify what this means, in the first quarter […]. The post Phishing Reached All-Time High: Social Engineering News appeared first on Security Boulevard.

Cloud Security Resources and Guidance

Cisco CSR

This article was coauthored by Dan Maunz and Ryan Morrow, both Security Program Managers in the Security & Trust Organization at Cisco.

Building Visibility into Hybrid Workplaces: Tips for Minimizing Employee Burnout

Security Boulevard

It’s become a bit of a cliché, saying that the pandemic created a “new normal” for all of us. But the reality is, the pandemic did introduce new ways of living and working.

83

New Hertzbleed vulnerability affects modern AMD and Intel Processors

CyberSecurity Insiders

A group of researchers from the University of Texas, University of Illinois, and the University of Washington have found a new vulnerability in modern AMD and Intel Processors. They dubbed the flaw Hertzbleed, as it uses frequency side channels to extract cryptographic keys from remote servers.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Black Basta ransomware is mutating, and this has several implications

Security Boulevard

New variants of the Black Basta ransomware are now emerging in the wild and routinely turning up in our global honeypots.

UK to save Lithuania and Georgia from Russian Cyber Attacks

CyberSecurity Insiders

UK has taken an initiative to protect Lithuania and Georgia from Russian cyber attacks. The response stands firm against the pledge taken by a pro-Russian group dubbed Killnet to take down countries that are against the war between Russia with Ukraine.

The Four Pillars of a Cybersecurity Strategy That Works

Security Boulevard

Understanding the threat landscape is one thing; extracting and leveraging actionable threat intelligence to reinforce an organization’s defensive posture is another.

Flubot: the evolution of a notorious Android Banking Malware

Fox IT

Authored by Alberto Segura (main author) and Rolf Govers (co-author). Summary. Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Mitre shared 2022 CWE Top 25 most dangerous software weaknesses

Security Affairs

The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack.

How Vulnerability Management Has Evolved And Where It’s Headed Next

The Security Ledger

The blocking and tackling work of scan management is becoming a commodity, writes Lisa Xu, the CEO of NopSec in this Expert Insight. What organizations need now is complete visibility of their IT infrastructure and business applications.

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators.

New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

The Hacker News

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Deepfaking crooks seek remote-working jobs to gain access to sensitive data

Graham Cluley

The FBI has warned that, in an attempt to gain access to sensitive data at organisations, crooks are using deepfake video when applying for remote working-at-home jobs. Data loss data breach deepfake employment

New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers

The Hacker News

A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary.

Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers

Security Affairs

Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers.

New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators

The Hacker News

Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies.

Hermit spyware is deployed with the help of a victim’s ISP

Malwarebytes

Google’s Threat Analysis Group (TAG) has revealed a sophisticated spyware activity involving ISPs (internet service providers) aiding in downloading powerful commercial spyware onto users’ mobile devices.

Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)

Naked Security

Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga. Firefox Mozilla Vulnerability Follina Patch vulnerability

69

Shifting the Cybersecurity Paradigm From Severity-Focused to Risk-Centric

Dark Reading

Embrace cyber-risk modeling and ask security teams to pinpoint the risks that matter and prioritize remediation efforts

RansomHouse gang claims to have stolen 450GB of data from chip maker giant AMD

Security Affairs

The RansomHouse gang claims to have breached the Chipmaker giant AMD and stole 450 GB of data from the company in 2021. The RansomHouse extortion gang claims to have stolen 450 GB of data from the chipmaker giant AMD in 2021 and threatens to leak it or sell it if the company will not pay the ransom.

Internet Safety Month: Everything you need to know about Omegle

Malwarebytes

Omegle reached the heady heights of fame when everyone least expected it. Thanks to TikTok influencers, children flocked to this 13-year-old platform during the pandemic, unaware of the dangers already there.

Why more zero-day vulnerabilities are being found in the wild

CSO Magazine

The number of zero-days exploited in the wild has been high over the past year and a half, with different kinds of actors using them. These vulnerabilities, which are unknown to the software maker, are leveraged by both state-sponsored groups and ransomware gangs.

CSO 96