Schneier on Security

NOVEMBER 24, 2021

Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.

Spyware 288

Spyware Hacking Government Malware 288

Tech Republic Security

NOVEMBER 24, 2021

Safari is a good browser, but it could be better. Unfortunately, one area that requires improvement is the un-Mac-ifying of the privacy settings. Find out what Jack Wallen means by this.

186

186

Bleeping Computer

NOVEMBER 24, 2021

Microsoft has released the optional KB5007253 Preview cumulative update for Windows 10 2004, Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that claims to fix the 0x000006e4, 0x0000007c, or 0x00000709 network printing errors. [.].

144

144

Malwarebytes

NOVEMBER 24, 2021

Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO (fear of missing out) is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after the game launches. There’s a lot of big titles hitting digital storefronts at the moment.

Malware 144

Malware Scams Passwords Cryptocurrency 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

NOVEMBER 24, 2021

A newly discovered Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide using a new PowerShell-based stealer dubbed PowerShortShell by security researchers at SafeBreach Labs. [.].

143

143

Dark Reading

NOVEMBER 24, 2021

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.

Cyber Risk 139

Cyber Risk Technology Risk 139

ImmuniWeb

NOVEMBER 24, 2021

The next year is poised to bring multifaceted challenges in cybersecurity, compliance and privacy, while driving record cashflow and profits to cybercriminals.

Cybersecurity 142

Cybersecurity 142

CSO Magazine

NOVEMBER 24, 2021

Cybersecurity and threat analysts from Fox-IT (part of NCC Group) have shone a light on the mechanics of ransomware negotiations to help organizations improve the outcome of an attack. Concepts were presented by Pepijn Hack and Zong-Yu Wu at Black Hat Europe 2021 and expanded upon in a detailed NCC Group blog posting shortly after. The data comes from research of over 700 attacker-victim negotiations between 2019 and 2020 and a paper that explores three main topics.

Ransomware 134

Ransomware Hacking Cybersecurity 134

Security Boulevard

NOVEMBER 24, 2021

Dark web monitoring seems to be a hot buzzword in discussions about cyberthreat intelligence (CTI) and how it helps cybersecurity strategy and operations. Indeed, dark web monitoring enables a better understanding of an attacker’s perspective and following their activities on dark web forums can have a great impact on cybersecurity readiness and posture.

Cybersecurity 131

Cybersecurity Cyber threats Security Awareness IoT 131

Bleeping Computer

NOVEMBER 24, 2021

A new regulation coming in the form of an amendment in the Telecommunications Act of Germany could radically change the relationship between consumers and internet service providers. [.].

Internet 131

Internet Internet Telecommunications Technology 131

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

NOVEMBER 24, 2021

With the holiday shopping bonanza right around the corner, here's how to make sure your online spending spree is hacker-free. The post Avoiding the shopping blues: How to shop online safely this holiday season appeared first on WeLiveSecurity.

129

129

Bleeping Computer

NOVEMBER 24, 2021

GoDaddy says the recently disclosed data breach affecting roughly 1.2 million customers has also hit multiple Managed WordPress services resellers. [.].

Data breaches 139

Data breaches 139

The Hacker News

NOVEMBER 24, 2021

Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge.

Firmware 128

Firmware IoT Engineering 128

Bleeping Computer

NOVEMBER 24, 2021

A new stealthy JavaScript malware loader named RATDispenser is being used to infect devices with a variety of remote access trojans (RATs) in phishing attacks. [.].

Malware 132

Malware Phishing 132

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

NOVEMBER 24, 2021

Attackers know how to manage and monitor our systems better than we do. They will analyze how best to gain entrance to our networks. Attackers have found yet another way to deploy malware into our networks: a process called sideloading. Sideloading is the installation of an app onto a device from a trusted source such as the Microsoft Store. Attackers can exploit the process by convincing users they are installing a trustworthy app that actually carries a malicious payload.

Malware 125

Malware Ransomware 125

Security Boulevard

NOVEMBER 24, 2021

The past 20 months have truly changed how business is done. For cybersecurity professionals, almost every organization had to move swiftly to support remote employees and new cloud-based services that were brought on to support this new way of working. Looking forward, there’s no going back; the era of hybrid work is here, bringing with. The post The Future of the SOC is “As-a-Service” appeared first on Security Boulevard.

Cybersecurity 123

Cybersecurity Security Awareness Network Security 123

Malwarebytes

NOVEMBER 24, 2021

As Microsoft’s Head of Deception, Ross Bevington is responsible for setting up and maintaining honeypots that look like legitimate systems and servers. Honeypot systems are designed to pose as an attractive target for attackers. Sometimes they are left vulnerable to create a controllable and safe environment to study ongoing attacks. This provides researchers with data on how attackers operate and enables them to study different threats.

Passwords 124

Passwords Password Management Accountability Authentication 124

CyberSecurity Insiders

NOVEMBER 24, 2021

This blog was written by an independent guest blogger. Enterprises and small businesses alike are facing challenges that impact their ability to maintain adequate cybersecurity. Budget constraints and limited staff are just a couple of reasons why businesses have become more susceptible to cyberattacks. Hackers are becoming smarter, and the tools that teams deploy are growing in number, leading to fragmentation and increased vulnerabilities.

Cybersecurity 122

Cybersecurity Data privacy Small Business Threat Detection 122

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

NOVEMBER 24, 2021

The Security Service of Ukraine (SSU) has arrested five members of the international 'Phoenix' hacking group who specialize in the remote hacking of mobile devices. [.].

Phishing 123

Phishing Mobile Hacking 123

Heimadal Security

NOVEMBER 24, 2021

On Monday, a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) advised organizations to take proactive actions in order to protect themselves against ransomware attacks during the upcoming holiday season. Yesterday, the Federal Bureau of Investigation (FBI) issued a new warning to alert the public of recent spear-phishing […].

Phishing 119

Phishing Ransomware Cybersecurity 119

Bleeping Computer

NOVEMBER 24, 2021

MediaTek fixed security vulnerabilities that could have allowed attackers to eavesdrop on Android phone calls, execute commands, or elevate their privileges to a higher level. [.].

Mobile 114

Mobile 114

Threatpost

NOVEMBER 24, 2021

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.

Passwords 116

Passwords Hacking 116

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

NOVEMBER 24, 2021

The Federal Bureau of Investigation (FBI) warned today that online shoppers risk losing more than $53 million during this year's holiday season to scams promising bargains and hard-to-find gifts. [.].

Scams 115

Scams Risk 115

CSO Magazine

NOVEMBER 24, 2021

The growth in work from home and hybrid work has challenged IT teams and users. Users expect to work from anywhere, on any device, and IT is often overburdened trying to resolve and simplify access issues. This may spur the move away from password authentication, providing welcome relief to frustrated users and weary IT and network admins. Passwords represent probably the most prevalent and least satisfying security experience for workers, customers, and anybody else that has to log in to networ

Passwords 113

Passwords Authentication 113

Heimadal Security

NOVEMBER 24, 2021

Abdelhamid Naceri, a security researcher, made the zero-day in question public. He identified the flaw through an examination of the CVE-2021-41379 fix. It appears that the problem was not properly repaired. I have also made sure that the proof of concept is extremely reliable and doesn’t require anything, so it works in every attempt. The […].

Cybersecurity 113

Cybersecurity 113

CSO Magazine

NOVEMBER 24, 2021

More than a year later, many organizations recognize that the hybrid workforce model here to stay. The level of disruption this shift has caused the average person is noticeable, but the impact it has had on network, security, compliance, and other teams in the average organization is even more so. The traditional security perimeter has expanded dramatically, even beyond the adaptation to cloud services, and security teams are expected to extend protection to large numbers of unmanaged endpoints

Network Security 107

Network Security 107

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

NOVEMBER 24, 2021

Huawei’s AppGallery has been targeted in a new massive malware campaign. Almost 9,300,000 Android trojans installs were performed posing as 190 various applications. Dr.Web AV’s researchers made this discovery and attributed the ‘Android.Cynos.7.origin’ label to this recent data-stealing malware. Apparently, it is a different Cynos malware variant.

Malware 106

Malware Cybersecurity 106

CSO Magazine

NOVEMBER 24, 2021

Retail has a ransomware problem. While almost every sector has been plagued by ransomware over this past year– which is malicious software that locks access to systems and encrypts data so that users cannot access it – retail is a particularly hard hit vertical. In just the last few weeks, we have seen ransomware attacks against electronics retail giant MediaMarkt, Europe's largest consumer electronics retailer, and Diamond Comic Distributors, a top middleman for delivering many types of comics,

Retail 106

Retail Ransomware Encryption Software 106

Threatpost

NOVEMBER 24, 2021

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices.

Mobile 106

Mobile Malware 106

Heimadal Security

NOVEMBER 24, 2021

A group of Italian cybersecurity researchers has put together a set of three attacks known as ‘Printjack,’ alerting people of the serious risks of trusting their printer too much. According to BleepingComputer, the attacks include recruiting the printers in DDoS swarms, imposing a paper DoS state, and executing privacy breaches. According to experts, modern printers […].

DDOS 102

DDOS Risk Cybersecurity 102

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.