Schneier on Security
MARCH 12, 2021
Really interesting research : “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture.
Troy Hunt
MARCH 12, 2021
A big, big week with a heap of different things on the boil. Cyber stuff, audio stuff, IoT stuff - it's all there! Sorry about the camera being a little blue at the start, if anyone knows why it's prone to do this I'd love to hear from you. But hey, at least the audio is spot on, hope you enjoy this week's video. References Complying with NIST Password Guidelines in 2021 (a piece from this week's sponsor, intro'd by yours truly) We're rapidly going cashless, but not everybody is happy (there are
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
MARCH 12, 2021
Google has published JavaScript proof-of-concept (PoC) code to demonstrate the practicality of using Spectre exploits targeting web browsers to gain access to information from a browser's memory. [.].
The Hacker News
MARCH 12, 2021
Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
MARCH 12, 2021
The operators of Lemon_Duck, a cryptomining botnet that targets enterprise networks, are now using Microsoft Exchange ProxyLogon exploits in attacks against unpatched servers. [.].
Hot for Security
MARCH 12, 2021
Ransomware operators are actively targeting unpatched Exchange instances in wake of the recently disclosed ProxyLogon Exchange Server flaws, according to reports. Phillip Misner, a Security Program Manager with Microsoft, tweeted earlier today that a new ransomware family is leveraging the latest-disclosed Exchange vulnerabilities. “Microsoft observed a new family of human operated ransomware attack customers – detected as Ransom:Win32/DoejoCrypt.A.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
MARCH 12, 2021
Countless employees and interns routinely had access to Verkada customers’ video feeds. The post 150,000 Verkada Cams Hacked, but it Gets Worse appeared first on Security Boulevard.
SecureList
MARCH 12, 2021
Introduction. A short while ago, Apple released Mac computers with the new chip called Apple M1. The unexpected release was a milestone in the Apple hardware industry. However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This inevitably leads us to new malware samples compiled for the Apple Silicon platform.
Security Boulevard
MARCH 12, 2021
The year 2020 was all about the pandemic. It pushed security teams to the edge, required creative problem-solving skills, great teamwork and investment and optimization of security tools. The year 2020 also showed organizations how important security awareness is and helped them to discover why agile training, in particular, is required. It became clear that.
SC Magazine
MARCH 12, 2021
Entrance to the Red Hat headquarters. The company’s distributions of Linux kernels appear to be particularly susceptible to vulnerabilities unearthed recently. (Red Hat). Three recently unearthed vulnerabilities in the Linux kernel, located in the iSCSI module used for accessing shared data storage facilities, could allow root privileges to anyone with a user account.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
MARCH 12, 2021
Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government. The full findings disclosed today shed light on the routes leveraged by the researchers, including finding exposed.git directories and.env files on some of these systems. [.].
Tech Republic Security
MARCH 12, 2021
While they remain anxious about external threats like health crises and cyber threats, concerns about climate change are low, PwC survey finds.
Bleeping Computer
MARCH 12, 2021
A new botnet is hunting down and transforming unpatched routers, DVRs, and UPnP network devices it takes over into honeypots that help it find other devices to infect. [.].
The Hacker News
MARCH 12, 2021
Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 12, 2021
Jack Wallen shows you how easy it is to block and report spam SMS messages on the Android platform.
SC Magazine
MARCH 12, 2021
After two major hearings on Solarigate, one domestic policy proposal grabbed the spotlight: requiring organizations to alert the government to major cyber incidents in the interest of national security. Experts say the idea has merit – if only legislators can balance the promise with the potential liability and burden placed upon industry. The SolarWinds affair, where an actor believed to be Russia used malicious updates in the SolarWinds IT platform and other vectors to hack several government
Malwarebytes
MARCH 12, 2021
The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Until now, the name of the game has been compromise and data exfiltration , with a bit of cryptomining on the side. To summarise: In ten days we’ve gone from “limited and targeted attacks” by a nation-state actor, to countless attacks by a number of groups against anyone with a vulnerable server.
CyberSecurity Insiders
MARCH 12, 2021
All those who are using Microsoft Exchange Servers in your server farms, you are likely to be targeted by hackers spreading DearCry Ransomware. According to a tweet posted on Microsoft’s official handle, hackers are spreading the said malware through the dangerous ProxyLogon Vulnerabilities. The good news is that those using Microsoft Defender might not be in trouble as the security software has enough potential to thwart such attacks to the core, says the Redmond based tech giant.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
MARCH 12, 2021
For the past two weeks, the cybersecurity news has been dominated by stories about the Microsoft Exchange ProxyLogon vulnerabilities. One overriding concern has been when will ransomware actors use the vulnerabilities to compromise and encrypt mail servers. [.].
Security Affairs
MARCH 12, 2021
Researchers at Trustwave spotted a new malspam campaign that is abusing icon files to trick victims into installing the NanoCore Trojan. Researchers at Trustwave have spoted a new malspam campaign that is abusing icon files to trick victims into executing the NanoCore remote access Trojan. The emails use a. zipx file attachment, a. zipx file is a ZIP archive compressed using the most recent compression methods of the WinZip archiver to provide optimal results.
Bleeping Computer
MARCH 12, 2021
Threat actors have started to use 'Promoted' tweets, otherwise known as Twitter ads, to spread cryptocurrency giveaway scams. [.].
PCI perspectives
MARCH 12, 2021
Today, the PCI SSC published a minor revision to the PCI PIN Security Requirements and Testing Procedures—also known as the PCI PIN Security Standard. Version 3.1 of the Standard includes clarifications and updates previously released via FAQs and bulletins and incorporates stakeholder feedback and comments received via a formal request for comment (RFC) period.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
MARCH 12, 2021
It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up.
Security Boulevard
MARCH 12, 2021
A good tutorial : But we can go beyond the polarization of electrons and really leverage the electron waviness. By interleaving thin layers of superconducting and normal materials, we can make the quantum electronic equivalents of transistors and diodes such as Superconducting Tunnel Junctions (SJTs) and Superconducting Quantum Interference Devices (affectionately known as SQUIDs).
Security Affairs
MARCH 12, 2021
Researchers warn of a surge in cyber attacks against Microsoft Exchange servers exploiting the recently disclosed ProxyLogon vulnerabilities. Researchers at Check Point Research team reported that threat actors are actively exploiting the recently disclosed ProxyLogon zero-day vulnerabilities in Microsoft Exchange. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in a
Threatpost
MARCH 12, 2021
The multinational brewing company did not say what type of incident caused a ‘systems outage,’ but it's investigating and working to get networks back online.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
MARCH 12, 2021
Otherwise known as BEC, Business e-mail compromise happens when an attacker hacks into a corporate e-mail account and impersonates the real owner with the sole purpose to defraud the company, its customers, partners and/or employees into sending money or sensitive data to the attacker’s account. Also known as the “man-in-the-email” attack, BEC scams start with […].
Threatpost
MARCH 12, 2021
As attacks double every hour, hackers are exploiting vulnerable Microsoft Exchange servers and installing a new family of ransomware called DearCry.
WIRED Threat Level
MARCH 12, 2021
The streaming service is making account owners enter two-factor codes in a limited test. That's … actually not so bad.
Zero Day
MARCH 12, 2021
IBM is working on future-proof encryption methods able to keep our data safe both in storage and active use.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
349 
Let's personalize your content