Sun.Jan 23, 2022

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before.

Will the Ukraine Conflict Lead to More Global Cyber Attacks?

Lohrman on Security

Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Emotet Now Using Unconventional IP Address Formats to Evade Detection

The Hacker News

Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions.

OpenSubtitles data breach impacted 7 million subscribers

Security Affairs

OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

The Hacker News

The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An

109
109

Molerats cyberespionage group uses public cloud services as attack infrastructure

Security Affairs

Cyberespionage group Molerats has been observed abusing legitimate cloud services, like Google Drive and Dropbox as attack infrastructure.

More Trending

US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

Security BSides London 2021 – Glenn Pegden’s & Stephan Steglich’s ‘Pushing Left – How We’re All Doing It Wrong’

Security Boulevard

Our thanks to Security BSides London for publishing their tremendous videos from the Security BSides London 2021 Conference on the organization’s YouTube channel. Enjoy! Permalink.

Crooks tampering with QR Codes to steal victim money and info, FBI warns

Security Affairs

The FBI warns that cybercriminals are using malicious QR codes to steal their credentials and financial info. The Federal Bureau of Investigation (FBI) published a public service announcement (PSA) to warn that cybercriminals are using QR codes to steal their credentials and financial info.

16 Best DDOS Attack Tools in 2022

Security Boulevard

What are DDOS attack tools? DDOS attacks are cyber- attacks targeted at rendering certain computers, network systems and servers non-functional. The processes involved in its execution can be however complicated.

DDOS 98

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

F5 fixes 25 flaws in BIG-IP, BIG-IQ, and NGINX products

Security Affairs

Cybersecurity provider F5 released security patches to address 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Cybersecurity firm F5 announced security patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products.

DNS 99

How to turn on ransomware protection on Microsoft Windows 10

CyberSecurity Insiders

To all those Windows 10 Operating System (OS) users, here’s a piece of advice that will help in protecting your PC from ransomware. Microsoft has offered a 2-layer protection by default on all the systems running on Win 10 OS to help keep the file encrypting malware at bay.

China’s MY2022 App Could Do More Than Trace COVID-19 Exposure

Security Boulevard

Researchers at The Citizen Lab at the University of Toronto dug into the MY2022 COVID-19 exposure tracing application mandated for use by attendees and participants in the Beijing Winter Olympic Games—and what they found wasn’t pretty.

Security Affairs newsletter Round 350

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

VPN 91

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Pandemic Surveillance in Canada, Malware-Filled USB Sticks are Back, Kill Switches in New Cars

Security Boulevard

Canada’s federal government admitted to surveilling its population’s movements during the COVID-19 lock-down by tracking 33 million phones, the FBI warned that a hacker group has been sending malware-laden USB sticks to companies, and details on a new law in the United States which will install kill switches in new cars. ** Links mentioned on […].

Ransomware hits Grandparents and TikTok Scams target young adults

CyberSecurity Insiders

According to a research conducted by Avast, grandparents aged between in 55 to 64 are being targeted mainly by those spreading ransomware, tech support scams, spyware and botnets.

Scams 87

FBI warns of malicious QR codes used to steal your money

Bleeping Computer

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. [.]. Security

114
114

Now Is a Good Time to Update Your Recovery Email Addresses

WIRED Threat Level

You know those “emergency” email addresses you can use to get into your email and other accounts in case you're locked out? Make sure they're up-to-date. Security Security / Security Advice

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Microsoft tests a new "Rejuvenated" Windows 11 Task Manager, how to enable

Bleeping Computer

Microsoft is testing a new hidden feature in the latest Windows 11 preview build that rejuvenates the user interface for Task Manager with a new design and modern appearance. [.]. Microsoft

114
114

Security BSides London 2021 – Foo Meden’s ‘Securing Cloud Delivery Pipelines – Findings From A Blue/Red Team Security Simulation’

Security Boulevard

Our thanks to Security BSides London for publishing their tremendous videos from the Security BSides London 2021 Conference on the organization’s YouTube channel. Enjoy! Permalink. The post Security BSides London 2021 – Foo Meden’s ‘Securing Cloud Delivery Pipelines – Findings From A Blue/Red Team Security Simulation’ appeared first on Security Boulevard.

Data Privacy Day: Know your rights, and the right tools to stay private

Malwarebytes

Not all data privacy rights are the same. There’s the flimsy, the firm, the enforceable, and the antiquated, and, unfortunately, much of what determines the quality of your own data privacy rights is little more than your home address.

Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal

Trend Micro

We investigated the most recent activities of APT36, also known as Earth Karkaddan, a politically motivated advanced persistent threat (APT) group, and discuss its use of CapraRAT, an Android RAT with clear similarities in design to the group’s favored Windows malware, Crimson RAT.

Kubernetes Incident Response: Building Your Strategy

Security Boulevard

Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes.

52

Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant

Trend Micro

LockBit ransomware's operators announced the release of its first Linux and ESXi variant in October. With samples also spotted in the wild, we discuss the impact and analysis of this variant.