Fri.Jan 21, 2022

China’s Olympics App Is Horribly Insecure

Schneier on Security

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Weekly Update 279

Troy Hunt

It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I should speak about the one that frankly, upset me, but I felt it would be somewhat disingenuous not to.

Retail 191

China’s Olympics App Is Horribly Insecure

Security Boulevard

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

The Hacker News

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites.

REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums

Dark Reading

Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say

More Trending

Fraud Is On the Rise, and It's Going to Get Worse

Dark Reading

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud

The Rise of the 24/7 Security Scanning Access Point

Security Boulevard

An astonishing 90% of enterprise data breaches are caused by phishing attacks, costing businesses billions every year in lost revenue and downtime. Rogue devices are often the gateway to such attacks.

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

The Hacker News

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41).

How to Build a Security Awareness Training Program

Security Boulevard

With increased digitization of everything post-pandemic, cybersecurity has become a top concern for global CEOs with almost half planning to increase cybersecurity investment by 9%, according to PwC.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

MoonBounce UEFI implant spotted in a targeted APT41 attack

Security Affairs

Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the China-linked APT41 cyberespionage group using a UEFI implant , dubbed MoonBounce, to maintain persistence.

IT Leaders Consider Security Tech a Part of Business Transformation

Dark Reading

Security makes the top 10 list of technologies changing how organizations operate, an indicator of how information security is increasingly viewed as a strategic business initiative

Biden Signs Authority for NSS to NSA: Think CISA for Military, Intel Systems

Security Boulevard

Looking Beyond Biden's Binding Security Directive

Dark Reading

Implementing these and other security procedures will greatly improve the security posture of the United States and its private partners

106
106

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft

Naked Security

The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'. Cryptocurrency Vulnerability 2FA Crypto.com cryptocurrency

Do you fear being wrong?

Security Boulevard

Do you fear being wrong? We’re under a lot of pressure to always know the right answer. What is it you fear the most – being wrong, not knowing the answer, or something else?

104
104

CISA, Microsoft Warn of Wiper Malware Amid Russia-Ukraine Tensions

eSecurity Planet

The U.S. government agency overseeing cybersecurity is urging the country’s businesses and other organizations to take the necessary steps to protect their networks from any spillover that might occur from the ongoing cyberattacks aimed at Ukraine government agencies and private companies.

Cybersecurity News Round-Up: Week of January 17, 2022

Security Boulevard

No Content. The post Cybersecurity News Round-Up: Week of January 17, 2022 appeared first on Security Boulevard. Security Bloggers Network

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Relevant and Extended Detection with SecureX, Part Three: Behaviour-Based Detections with Secure Network Analytics

Cisco CSR

Retail 100

Analysis of Xloader’s C2 Network Encryption

Security Boulevard

Introduction. Xloader is an information stealing malware that is the successor to Formbook, which had been sold in hacking forums since early 2016.

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

The Hacker News

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers.

AMAZON S3 BUCKET – A Quick Overview

Security Boulevard

In the last few years, Amazon S3 buckets have been linked to around 16 percent of cloud security breaches. link] What are Amazon S3 buckets, and what can users do to avoid becoming the next headline?

100
100

Google Project Zero discloses details of two Zoom zero-day flaws

Security Affairs

Google Project Zero experts disclosed details of two zero-day flaws impacting Zoom clients and Multimedia Router (MMR) servers. Google Project Zero researchers Natalie Silvanovich disclosed details of two zero-day vulnerabilities in Zoom clients and Multimedia Router (MMR) servers.

Joy Of Tech® ‘The Internet Isn’t Fair’

Security Boulevard

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® ! Permalink. The post Joy Of Tech® ‘The Internet Isn’t Fair’ appeared first on Security Boulevard. Humor Security Bloggers Network Joy of Tech® Nitrozac and Snaggy Sarcasm satire Tech Humor

Russia ban on Cryptocurrency to curb ransomware spread

CyberSecurity Insiders

Russia’s Central Bank is seeking government’s inputs to impose a ban on the mining and use of cryptocurrencies- all to curb the spread of cyber crimes such as ransomware spread and cyber terrorism.

How to Back Up and Restore Your Linux System Using the Rsync Utility

Security Boulevard

Don't take server backups for granted. Learn how to back up and restore your Linux system using the rsync utility. The post How to Back Up and Restore Your Linux System Using the Rsync Utility appeared first on JumpCloud.

Experts warn of anomalous spyware campaigns targeting industrial firms

Security Affairs

Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud.

How to Automate Response to Credential Compromises

Security Boulevard

When enterprises implement low-code security automation solutions, they have the opportunity to mature as a security team by expanding actionability beyond the security operations center (SOC).

McAfee Agent bug lets hackers run code with Windows SYSTEM privileges

Bleeping Computer

McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges. [.]. Security

New Log4j 1.x CVEs, and critical Chainsaw Vulnerability — What to Do?

Security Boulevard

This week Apache disclosed 3 vulnerabilities impacting Log4j 1.x versions. The post New Log4j 1.x CVEs, and critical Chainsaw Vulnerability — What to Do? appeared first on Security Boulevard. Security Bloggers Network Vulnerabilities FEATURED Log4j Nexus Firewall Nexus Intelligence Insights

Over 90 WordPress themes, plugins backdoored in supply chain attack

Bleeping Computer

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. [.]. Security

114
114

Is reCAPTCHA Enterprise Worth it for Businesses?

Security Boulevard

For the last 15 years, Google has offered businesses its free reCAPTCHA tool as a way to stop bad bots from attacking their site and to try to determine if a user is human or not. The original reCAPTCHA asked users to translate scanned texts to try and identify that the user was a human […].

91

Microsoft disables Excel 4.0 macros by default to block malware

Bleeping Computer

?Microsoft has announced that Excel 4.0 (XLM) XLM) macros will now be disabled by default to protect customers from malicious documents. [.]. Microsoft Security