Sat.Jan 08, 2022 - Fri.Jan 14, 2022

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency.

Faking an iPhone Reboot

Schneier on Security

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of…

Anton on Security

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF].

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

The Russian government said today it arrested 14 people accused of working for “ REvil ,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.

Using Foreign Nationals to Bypass US Surveillance Restrictions

Schneier on Security

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation.

More Trending

Most Popular Cybersecurity Blog Posts from 2021

Lohrman on Security

What were the top government security blog posts in 2021? These metrics tell us what cybersecurity and technology infrastructure topics were most popular in the past year

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Krebs on Security

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems.

Using EM Waves to Detect Malware

Schneier on Security

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.”

Weekly Update 278

Troy Hunt

I recorded this a week after Charlotte appeared with me, fresh out of isolation with a negative COVID test. However. 9 year old Elle had tested positive on Monday (albeit entirely symptomatic, so no idea how long she'd been positive) but hey, hopefully she'd be clear today.

167
167

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

The Last Watchdog

Last month’s $125 million Security and Exchange Commission (SEC) fine combined with the $75 million U.S. Commodity Futures Trading Commission (CFTC) fine against JPMorgan sent shockwaves through financial and other regulated customer-facing industries. Related: Why third-party risks are on the rise.

Mobile 163

7 obstacles that organizations face migrating legacy data to the cloud

Tech Republic Security

Some of the major obstacles center on concerns about compliance, fears about security and infrastructure and uncertainty about budget requirements, says Archive360

171
171

Fake QR Codes on Parking Meters

Schneier on Security

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites. Uncategorized fraud phishing

The Cybersecurity Measures CTOs Are Actually Implementing

Dark Reading

Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

Working with personal data in today’s cyber threat landscape is inherently risky. Related: The dangers of normalizing encryption for government use. It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This can include: Security contours.

Risk 155

Russia arrests REvil ransomware gang members at request of US officials

Tech Republic Security

Russia's Federal Security Service said that 14 people were arrested and millions in currency has been seized

Apple’s Private Relay Is Being Blocked

Schneier on Security

Some European cell phone carriers , and now T-Mobile , are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread. Uncategorized anonymity Apple encryption privacy T-Mobile VPN web privacy

VPN 228

White House Meets With Software Firms and Open Source Orgs on Security

Dark Reading

The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

There is no substitute for a CISO…or is there?

Cisco Retail

You haven’t had an uninterrupted vacation in years, your presentation at the last board meeting fell short, and it’s hard for you to imagine how the organization would function without you at the helm. These are all very real situations for today’s CISO.

Retail 114

Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks

Tech Republic Security

The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s Security Visionaries 2022 series, on January 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022.

224
224

Maryland Dept. of Health Responds to Ransomware Attack

Dark Reading

An attack discovered on Dec. 4, 2021, forced the Maryland Department of Health to take some of its systems offline

A Cybersecurity Role Has Topped List of Best Jobs

CyberSecurity Insiders

“Information security analyst” tops the U.S. News & World Report 2022 Best Jobs list. The list ranks the 100 best jobs across 17 sectors including business, healthcare and technology, taking into account factors such as growth potential, salary and work-life balance.

9 ways that cybersecurity may change in 2022

Tech Republic Security

As malicious bot activity increases and attacks surge against APIs, MFA will become more of a mandate and the CISO will take on a greater role, predicts Ping Identity CEO and founder Andre Durand

CISO 171

Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys

The Hacker News

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007.

How to Protect Your Phone from Pegasus and Other APTs

Dark Reading

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime

114
114

How to Check If your JavaScript Security is Working

Security Boulevard

Knowing whether your JavaScript is secure is crucial to maintaining a safe user experience for your customers. Learn how to check! The post How to Check If your JavaScript Security is Working appeared first on Feroot.

114
114

Google Drive accounted for the most malware downloads from cloud storage sites in 2021

Tech Republic Security

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope

Russian cyber attack on Ukraine downs government websites

CyberSecurity Insiders

A few hours ago, Ukraine government’s critical websites were hit by a cyber attack, blocking access to thousands of users from the past 6 hours.

How Cybercriminals Are Cashing in on the Culture of 'Yes'

Dark Reading

The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself

114
114

5 Reasons Why You Shouldn’t Wait Any Longer to Deploy MFA

Security Boulevard

MFA, or multi-factor authentication, has the power to prevent the majority of data breaches. Yet many organizations are still lagging in implementation. The post 5 Reasons Why You Shouldn’t Wait Any Longer to Deploy MFA appeared first on Security Boulevard. Security Bloggers Network

The rise of the CISO: The escalation in cyberattacks makes this role increasingly important

Tech Republic Security

As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses

CISO 171

Threat actors can bypass malware detection due to Microsoft Defender weakness

Security Affairs

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning.