Sat.Feb 26, 2022

article thumbnail

Weekly Update 284

Troy Hunt

A little late this week as the tail end of travel bites into my time, but it's nice to be home again (albeit amidst a period of record rainfall). I'll get back on a normal schedule next week but for now, here's all the usual stuff in number 284, complete with a super cool "ransomwear" hoodie from this week's sponsor, Varonis 😎 References The Messaging Malware Mobile Anti-Abuse Working Group Mary Litynski Award (seeing industry recognition for HIBP is enormousl

Mobile 224
article thumbnail

Free Android app lets users detect Apple AirTag tracking

Bleeping Computer

A small team of researchers at the Darmstadt University in Germany have published a report illustrating how their AirGuard app for Android provides better protection from stealthy AirTag stalking than other apps. [.].

Mobile 140
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Blocking Bots: Why We Need Advanced WAF?

CyberSecurity Insiders

With everyone living online these days, web traffic to the online channels is on the upsurge. However, if you delve into the traffic, you’ll see that most of the traffic is not from legitimate users. Only less than half of the traffic is actual humans, the rest are bots including both good and bad bots. In the early days, the bots were used only for spamming or small scraping attempts.

Firewall 130
article thumbnail

XKCD ‘Greek Letters’

Security Boulevard

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink. The post XKCD ‘Greek Letters’ appeared first on Security Boulevard.

126
126
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

5 Benefits of Detection-as-Code

CyberSecurity Insiders

How modern teams can automate security analysis at scale in the era of everything-as-code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. How can teams automate security analysis at scale and address the challenges that threaten business objectives?

article thumbnail

BSidesAugusta 2021 – George Bilbrey’s ‘Hacking The Brain With Gamified Learning’

Security Boulevard

Many thanks to BSidesAugusta for publishing their outstanding videos from the BSidesAugusta 2021 Conference on the organization’s YouTube channel. Permalink. The post BSidesAugusta 2021 – George Bilbrey’s ‘Hacking The Brain With Gamified Learning’ appeared first on Security Boulevard.

Hacking 115

More Trending

article thumbnail

Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store

The Hacker News

A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain.

Media 101
article thumbnail

Ukraine recruits "IT Army" to hack Russian entities, lists 31 targets

Bleeping Computer

Ukraine is recruiting a volunteer "IT army" of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks. [.].

Banking 98
article thumbnail

SMS PVA Part 2: Underground Service for Cybercriminals

Trend Micro

In part two of this blog entry, we further investigate the innings of smspva.net and discuss the impact and implications of such services.

article thumbnail

BSidesAugusta 2021 – Carlota Sage’s ‘$how Me The Money!’

Security Boulevard

Many thanks to BSidesAugusta for publishing their outstanding videos from the BSidesAugusta 2021 Conference on the organization’s YouTube channel. Permalink. The post BSidesAugusta 2021 – Carlota Sage’s ‘$how Me The Money!’ appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Russia restricts Twitter in the country amid conflict with Ukraine

Security Affairs

Global internet monitor working group NetBlocks reported that Twitter has been restricted in Russia amid conflict with Ukraine. Global internet monitor working organization NetBlocks shared its metrics confirming the restriction of Twitter in Russia from early morning amid conflict with Ukraine. Multiple local providers (Rostelecom, MTS, Beeline and MegaFon) were blocking access to the popular platform to prevent the vision of videos and images of the attacks carried out by Russian army in Ukrai

Media 96
article thumbnail

Ukrainian military personnel targeted with phishing attacks

Graham Cluley

CERT-UA, the national Computer Emergency Response Team for Ukraine, has issued a warning of a major phishing campaign launched against military personnel. The attack is being blamed on the UNC1151 hacking group , which is based in Minsk and whose members are said to be officers of the Ministry of Defence in Belarus. Read more in my article on the Hot for Security blog.

article thumbnail

Fileless SockDetour backdoor targets U.S.-based defense contractors

Security Affairs

Researchers provided details about a stealthy custom malware dubbed SockDetour that targeted U.S.-based defense contractors. Cybersecurity researchers from Palo Alto Networks’ Unit 42 have analyzed a previously undocumented and custom backdoor tracked as SockDetour that targeted U.S.-based defense contractors. According to the experts, the SockDetour backdoor has been in the wild since at least July 2019.

Backups 92
article thumbnail

The Quiet Way Advertisers Are Tracking Your Browsing

WIRED Threat Level

Cookies are on the way out—but not enough is being done about browser fingerprinting. So what is it?

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

UK’s NHS Digital warns of an RCE in Okta Advanced Server Access client

Security Affairs

The UK’s NHS Digital agency warns of an RCE in the Windows client for the Okta Advanced Server Access authentication management platform. The UK’s NHS Digital agency published a security advisory to warn organizations of a remote code execution flaw, tracked as CVE-2022-24295 , impacting the Windows client for the Okta Advanced Server Access authentication management platform.

article thumbnail

DDoS Attempts Hit Russia as Ukraine Conflict Intensifies

WIRED Threat Level

Plus: Hacker recruits, NFT thefts, and more of the week’s top security news.

DDOS 97
article thumbnail

“Military Telegraph During the Civil War: The Federal and Confederate Cipher System”

Security Boulevard

William Plum published a book in 1882 called “The Military Telegraph During the Civil War in the United States: an Exposition of Ancient and Modern Means of Communication, and of the Federal and Confederate Cipher System“. Inside you will find gems of history such as page 185: the time when a U.S. Army operator let … Continue reading “Military Telegraph During the Civil War: The Federal and Confederate Cipher System” ?.

52
article thumbnail

Anonymous hacked the Russian Defense Ministry and is targeting Russian companies

Security Affairs

Anonymous collective has hacked the Russian Defense Ministry and leaked the data of its employees in response to the Ukraine invasion. A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.

Hacking 126
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.