Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Antivirus 345

Antivirus Cryptocurrency Identity Theft Software 345

Anton on Security

JANUARY 10, 2022

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF]. If you missed them, the previous papers are: “Future of the SOC: Forces shaping modern security operations” [PDF] (Paper 1 of 4) “Future of the SOC: SOC People?

Engineering 339

Engineering Technology Cybersecurity 339

Schneier on Security

JANUARY 12, 2022

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown.

Malware 306

Malware Software Hacking 306

Tech Republic Security

JANUARY 11, 2022

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.

Accountability 218

Accountability Malware 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JANUARY 14, 2022

Intel has removed support for SGX (software guard extension) in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution. [.].

Software 145

Software Technology 145

Security Boulevard

JANUARY 11, 2022

Knowing whether your JavaScript is secure is crucial to maintaining a safe user experience for your customers. Learn how to check! The post How to Check If your JavaScript Security is Working appeared first on Feroot. The post How to Check If your JavaScript Security is Working appeared first on Security Boulevard.

145

145

Tech Republic Security

JANUARY 11, 2022

As malicious bot activity increases and attacks surge against APIs, MFA will become more of a mandate and the CISO will take on a greater role, predicts Ping Identity CEO and founder Andre Durand.

CISO 218

CISO Cybersecurity 218

Bleeping Computer

JANUARY 13, 2022

Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators. [.].

145

145

Security Boulevard

JANUARY 11, 2022

MFA, or multi-factor authentication, has the power to prevent the majority of data breaches. Yet many organizations are still lagging in implementation. The post 5 Reasons Why You Shouldn’t Wait Any Longer to Deploy MFA appeared first on Security Boulevard.

Data breaches 145

Data breaches Authentication 145

Schneier on Security

JANUARY 14, 2022

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity.

Malware 291

Malware IoT Firmware Internet 291

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 10, 2022

The modern world would grind to a halt without URLs, but years of inconsistent parsing specifications have created an environment ripe for exploitation that puts countless businesses at risk.

Risk 216

Risk 216

Bleeping Computer

JANUARY 13, 2022

Microsoft has pulled the January Windows Server cumulative updates after critical bugs caused domain controllers to reboot, Hyper-V to not work, and ReFS volume systems to become unavailable. [.].

145

145

Graham Cluley

JANUARY 11, 2022

Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really c**k things up you need to be a cybercriminal.

Hacking 145

Hacking Phishing Malware 145

Schneier on Security

JANUARY 11, 2022

Some European cell phone carriers , and now T-Mobile , are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread.

Mobile 286

Mobile VPN Encryption 286

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JANUARY 10, 2022

As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.

CISO 216

CISO Cybersecurity 216

Bleeping Computer

JANUARY 10, 2022

After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers. [.].

Malware 145

Malware 145

Security Boulevard

JANUARY 10, 2022

In 2021, there were a number of major supply chain attacks that crippled multiple companies. Think back to the Kaseya attack in July, or, even before that, the SolarWinds attack that came to light in December 2020. In October 2021, Broward Health in Florida was compromised through a third-party supply chain vulnerability. For many CEOs, The post Is Your Supply Chain Secure?

Security Awareness 144

Security Awareness Ransomware Malware Cybersecurity 144

Schneier on Security

JANUARY 10, 2022

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.

Phishing 295

Phishing 295

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JANUARY 12, 2022

Though the feds don't cite any specific threat, a joint advisory from CISA, the FBI and the NSA offers advice on how to detect and mitigate cyberattacks sponsored by Russia.

Cyber threats 211

Cyber threats Government 211

Bleeping Computer

JANUARY 8, 2022

Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy.NET application to install cryptocurrency stealers, remote access trojans, and miners. [.].

Malware 145

Malware Cryptocurrency Cybersecurity 145

We Live Security

JANUARY 10, 2022

But as we learned in mashing up other technologies, the security devil is in the details. The post CES 2022 – the “anyone can make an electric car” edition appeared first on WeLiveSecurity.

Technology 145

Technology Cybersecurity 145

CyberSecurity Insiders

JANUARY 14, 2022

“Information security analyst” tops the U.S. News & World Report 2022 Best Jobs list. The list ranks the 100 best jobs across 17 sectors including business, healthcare and technology, taking into account factors such as growth potential, salary and work-life balance. Having a cybersecurity position at the top of the list is exciting for a young industry that has struggled with perception problems.

Cybersecurity 142

Cybersecurity Healthcare Information Security CISO 142

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JANUARY 14, 2022

Some of the major obstacles center on concerns about compliance, fears about security and infrastructure and uncertainty about budget requirements, says Archive360.

211

211

Bleeping Computer

JANUARY 12, 2022

The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back [.].

145

145

We Live Security

JANUARY 12, 2022

As you attempt to strike it rich in the digital gold rush, make sure you know how to recognize various schemes that want to part you from your digital coins. The post Cryptocurrency scams: What to know and how to protect yourself appeared first on WeLiveSecurity.

Cryptocurrency 143

Cryptocurrency Scams 143

Security Boulevard

JANUARY 10, 2022

2021 was a busy year for the cyber security community. Emerging threats posed many challenges to security professionals and created many opportunities for threat actors. Picus has curated a list of the top five threats observed in 2021, detailing ten lessons defenders can learn from them. . Microsoft Exchange Server Vulnerabilities. In January 2021, Volexity detected a large amount of egress data traffic on its customers’ Microsoft Exchange Servers [1].

Cyber threats 141

Cyber threats Ransomware Risk Architecture 141

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JANUARY 13, 2022

A new study at unprecedented scale revealed that embedded phishing training in simulations run by organizations doesn't work well. Yet crowd-sourcing phishing detection is.

Phishing 182

Phishing 182

Bleeping Computer

JANUARY 12, 2022

Windows 10 users and administrators report problems making L2TP VPN connections after installing the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates. [.].

VPN 143

VPN 143

Graham Cluley

JANUARY 13, 2022

A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. Read more in my article on the Tripwire State of Security blog.

Cybercrime 140

Cybercrime Ransomware Malware 140

We Live Security

JANUARY 11, 2022

ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation. The post Signed kernel drivers – Unguarded gateway to Windows’ core appeared first on WeLiveSecurity.

Malware 145

Malware 145

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk