Google has introduced a Workspace tier for front-line jobs such as retail, hospitality, and healthcare workers.The company today also unveiled new features around time management and productivity-tracking for the core Workspace — formerly G Suite — …Read More Google Workspace rolls out features for front-line workers
This is weird:
Read More Mysterious Macintosh Malware
Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.
Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question of why the mechanism exists…
Healthcare giant latest big name hit by financial tsunamiRead More Universal Health Services Estimates $67 Million in Ransomware Losses
Lawyers probe WhatsApp for more technical detailsRead More DoJ Steps Up Investigation into NSO Group – Report
A popular jailbreaking tool called “unc0ver” has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited i…Read More New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0 – 14.3
JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack. The ransomware attack only impacted JFC International’s Europe Group, the malware caused the disruption of some of its IT […]
The post Distributor of Asian food JFC International hit by Ransomware appeared first on Security Affairs.Read More Distributor of Asian food JFC International hit by Ransomware
Who is and what did Emil Apreda do? Emil Apreda, previously known as Emil A., a 33-year-old Italian that lives in Berlin, known to have a strong background in computing was accused of sending threatening emails to NHS starting April to June 2020. In th…Read More Berlin Resident Pronounced Guilty of Threatening to Bomb a Hospital
Also known as SIM splitting, simjacking, SIM hijacking, and port-out scamming, SIM swapping is a type of fraud that targets your personal information so that cybercriminals can pass themselves off as you and access your bank accounts. In short, the fra…Read More What is SIM Swapping?
For the Defense Industrial Base (DIB), the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) compliance requirement is the hot news topic of 2021. In fact, across the DIB market, CMMC compliance will probably stay a focus th…Read More Preparing for the Cybersecurity Maturity Model Certification onslaught
The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform Gootloader. It is actively d…Read More Multi-payload Gootloader platform stealthily delivers malware and ransomware
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. […]Read More Malicious NPM packages target Amazon, Slack with new dependency attacks
With the voice commands “Alexa Skills,” users can load numerous extra functions onto their Amazon voice assistant. Amazon screens special voice assistant functions for security. However, scammers can circumvent this check. These Skills can often have s…Read More Alexa Skills: Security gaps and data protection problems
Mozilla last week raised the Firefox version count to 86, adding multiple picture-in-picture video viewing and bolstering the browser’s anti-tracking defenses by isolating all cookies in the sites that create them.Security engineers also patched 12 …Read More What’s in the latest Firefox upgrade? Proliferating picture-in-picture, even more anti-tracking
Make sure you have anti-virus software installed on your computer and that it is automatically updating. However, keep in mind that no anti-virus can catch all malware; your computer can still be infected. That is why it’s so important you use common…Read More Anti-Virus
The majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk, a Netskope research reveals. “Cybe…Read More Cybercriminals continue to target trusted cloud apps
I subscribe to a newsletter from Gary Burnison, CEO of Korn Ferry. His messages address a wide variety of career and personal issues in a thoughtful and educational manner. A recent Special Edition message was titled Exceeding Potential. It specificall…Read More Cybersecurity Challenges: Understanding the What, How and When of Change
Misconfigurations remain one of the most common risks in the technology world. Simply telling organisations to “fix” this problem, however, is not as easy as it might first seem because there’s a myriad of technologies at play in modern infrastructure …Read More Cloud-Based Storage Misconfigurations – Understanding the Security Risks and Responses
There is ample opportunity for financial institutions to harness the power of AI to build more meaningful connections and experiences with customers — vastly improving both retention and acquisition, according to research findings released by NTT DATA….Read More Customers willing to share personal data in exchange for personalized services
Delivering on the SailPoint vision to embed identity into the cloud enterprise’s digital fabric, SailPoint announced additional extensibility functionality to its platform. To enable customers and partners to find value with the updates, SailPoint also…Read More SailPoint extensibility helps customers secure their digital ecosystem
Proact is launching a new version of its managed disaster recovery service, which allows customers to continue operating their businesses following disruptive events, regardless of where their data is located. Proact’s new and updated disaster recovery…Read More Proact disaster recovery service protects businesses from disruptive events
Maximus announced that it completed the acquisition of the Federal division of Attain. The contracted purchase price of $430 million is subject to certain reductions and adjustments. Privately-owned Attain serves the U.S. Federal Government, with a str…Read More Maximus’ acquisition of Federal Division of Attain boosts company’s long-term corporate strategy
Innodisk is announcing new PCIe Gen 4 NVMe flash storage, DDR4-3200 DRAM, and CANbus & LAN modules. PCIe Gen 4 NVMe — twice the transfer Innodisk’s NVMe flash storage series now supports the latest PCIe Gen 4 interface with a staggering 7.88 …Read More Innodisk announced PCIe Gen 4 NVMe flash storage, DDR4-3200 DRAM, CANbus & LAN modules
Axonius announced it has raised $100 million in Series D funding, led by Stripes, a leading New York-based growth equity firm, as well as participation from existing investors Bessemer Venture Partners (BVP), OpenView, Lightspeed, and Vertex. Ken Fox, …Read More Axonius raises $100M to expand, innovate, and fuel market growth
Trulioo announced the appointment of Hal Lonas as its chief technology officer. Lonas joins Trulioo’s senior leadership team to help accelerate the company’s next stage of growth and innovation. He is a recognized innovator in cloud security and machin…Read More Hal Lonas joins Trulioo as CTO
GyanSys has hired Anand Aboti as the company’s first Chief Business Officer. Aboti will be responsible for driving global business growth, expanding referenceable customer success, and strengthening alliances with strategic partners including SAP…Read More GyanSys hires Anand Aboti as Chief Business Officer
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. […]Read More Working Windows and Linux Spectre exploits found on VirusTotal
A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks.Read More Mobile Adware Booms, Online Banks Become Prime Target for Attacks
A Dutch e-Ticketing platform has suffered a data breach after a database was stolen from an unsecured staging server. […]Read More European e-ticketing platform Ticketcounter extorted in data breach
The post Gootkit delivery platform Gootloader used to deliver additional payloads appeared first on Security Affairs.Read More Gootkit delivery platform Gootloader used to deliver additional payloads
Akamai Describes How This Approach WorksA cryptomining botnet campaign is using bitcoin blockchain transactions to hide command-and-control server addresses and stay under the radar, defeating takedown attempts, according to security firm Akamai.Read More Cryptomining Botnet Uses Bitcoin Wallet to Avoid Detection
$650 Million Settlement Reached Under Illinois’ Groundbreaking Biometrics Privacy LawEnding six years of litigation, a federal judge has signed off on a $650 million settlement of a class action lawsuit against Facebook for violating Illinois’ groundbr…Read More Why This Facebook Privacy Settlement Is Unusual
Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction.Read More Malware Loader Abuses Google SEO to Expand Payload Delivery
The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack.Read More New Jailbreak Tool Works on Most iPhones
Earnings report points to diversion of care during incident for financial loss.Read More Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
The Distributed Denial of Secrets group claim they have received more than 70 gigabytes of data exfiltrated from social media platform Gab.Read More Passwords, Private Posts Exposed in Hack of Gab Social Network
We have moved from Industry 4.0 (inspired by WEF–World Economic Forum), Society 5.0 (Japan G20), Smart Humanity (KNVI, Royal Dutch IT Association) where digital transformation infuses all aspects of our lives–to the 5th Machine Age. AI is a key drive…Read More Supercluster cements global leadership in 5th Machine Age with ground-breaking protein production addressing global food insecurity
Flaw Could Enable Access to Secret Encryption KeyA critical authentication bypass vulnerability could enable hackers to remotely compromise programmable logic controllers made by industrial automation giant Rockwell Automation, according to the cyberse…Read More Rockwell Controllers Vulnerable
Incidents Spotlight Growing COVID-19-Related CyberthreatsTwo Indian vaccine makers and an Oxford University lab are reportedly among the latest targets of hackers apparently seeking to steal COVID-19 research data.Read More Indian Vaccine Makers, Oxford Lab Reportedly Hacked
Lactalis, the world’s leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company’s systems. […]Read More World’s leading dairy group Lactalis hit by cyberattack
‘Supply Chain Security Is Broken, and It’s Time for a Change’Jamil Farshchi has been there. As CISO of Equifax, he knows what it’s like to be a victim of a high-profile cyberattack. And he knows breached companies have a choice: “Are they going to be a…Read More Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains
At the beginning of Fraud Prevention Month, we look at the causes of business email compromise scams and how to reduce the odds of being victimized
The post Fraud Prevention Month: Fight business email fraud first appeared on IT World Canada.
No patches are available just yet.
The post Max level vulnerability found in Logix PLCs first appeared on IT World Canada.
The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Go…Read More Hackers use black hat SEO to push ransomware, trojans via Google
Airline accused of defrauding USPS with false automated delivery scan dataRead More United Airlines to Pay $49m to Settle False Data Claim
The global digital workplace and app delivery solutions provider company Citrix announced today that it has finally completed the acquisition of SaaS collaborative work management solutions provider company Wrike, for approximately US$2.25 billion in c…Read More Citrix completes acquisition of Wrike
Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million. […]Read More Universal Health Services lost $67 million due to Ryuk ransomware attack
A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.Read More Is Your Browser Extension a Botnet Backdoor?
Posted by Matt Levine, Director, Risk Management In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a series in support of #ShareTheMicInCyber that aims to elevate and celebrate th…Read More #ShareTheMicInCyber: Rob Duhart
Sting operation nets a dozen alleged sexual predators who targeted children onlineRead More Florida Police Arrest 12 Alleged Online Predators
The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. […]Read More NSW Transport agency extorted by ransomware gang after Accellion attack
NinjaRMM, which provides tools for managed service providers, aims to create a red team capability following years of attacks against MSPs.Read More MSP Provider Builds Red Team as Attackers Target Industry
Judge approves $650m settlement of privacy lawsuit brought against social networkRead More Facebook Photo-tagging Lawsuit Settled for $650m
While the trackers in LastPass’ Android app don’t collect any personal data, the news may not sit well with some privacy-minded users
The post Popular password manager in the spotlight over web trackers appeared first on WeLiveSecurity
A. What Is the Locky Ransomware? Locky Ransomware is a piece of malware that encrypts important files on your computer, rendering them inaccessible and unusable. It holds them ‘hostage’, and in the meanwhile, demanding a ransom payment, in …Read More Locky Ransomware 101: Everything You Need to Know
Prolific Ransomware Can ‘Spread Automatically’ Inside Networks, CERT-FR WarnsProlific Ryuk ransomware has a new trick up its sleeve. “A Ryuk sample with worm-like capabilities – allowing it to spread automatically within networks it infects” was recent…Read More Ryuk Ransomware Updated With ‘Worm-Like Capabilities’
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users.Read More Firewall Vendor Patches Critical Auth Bypass Flaw
Resist the lure of catching up with award nominees by trolling for free views. Free, when offered by bad actors, could end up costing you much more than it would for a one-time rental.Read More Why what you watch can make you a target for cybercriminals
Remote employees have engaged in certain risky behaviors, such as storing sensitive data, using inappropriate admin access and failing to update software, says Tanium.Read More How to manage the security challenges triggered by remote work
USDT cryptocurrency developer Tether has said they are being extorted by threat actors who are demanding 500 bitcoins, or approximately $24 million, not to leak allegedly stolen emails and documents. […]Read More Tether cryptocurrency firm says docs in $24 million ransom are ‘forged’
Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing the company to hack. Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Initial […]
The post Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says appeared first on Security Affairs.Read More Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says
80% of orgs admitted that a portion of their workforce are using personal computersRead More Half of Orgs Concerned Remote Working Puts Them at Greater Risk of Cyber-Attacks
Here’s the latest Naked Security Live talk – watch now!Read More Naked Security Live – Beware copyright scams
iPhones, iPads, and Macs seem set for even steeper performance and power management gains come 2022, as it looks like the company’s plans to switch to 3-nanometer (nm) chips are falling into place.Apple’s processor development road map
A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads.
“The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality ce…
Introduction The trojan is a sneaky impersonator that behaves like a legitimate program. It can hide in the background and steal information from the device. Trojan samples often delete, modify, block, and copy data to disrupt services provided by the …Read More Understanding Android Malware Families (UAMF) – The Trojan: An impersonator in the background (Article 2)
Tanium report finds only a third of businesses consider cybersecurity a top priority for 2021Read More 70% of Orgs Facing New Security Challenges Due to #COVID19 Pandemic
After an undisclosed number of subscribers were reportedly hit by malicious SIM swapping attacks, American telecommunications company T-Mobile has announced a data breach. The telecom giant revealed in a security breach notice sent to affected consumer…Read More T-Mobile Confirms Data Breach and SIM Swapping Attacks
Today’s podcast describes ways to avoid being victimized by fraud, and more
The post Cyber Security Today – Fraud Prevention Month starts, cyber incident costs hospital chain $67 million and problems with COVID apps first appeared on IT World Canada.
Gab, the Twitter-like social networking service known for its far-right userbase, has reportedly been hacked – putting more than 40 million public and private posts, messages, as well as user profiles and hashed passwords, at risk of exposure.
Read …Read More “Mentally ill demon hackers” blamed for massive Gab data leak
Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.
It was a huge attack, with major implications for US national security. The Senate Intelligence Committee is scheduled to …Read More National Security Risks of Late-Stage Capitalism
Google Workspace launched new tools and features to help users make the most of their time, collaborate equally, and deliver more impact—wherever they are. According to Gartner, 90% of survey respondents plan to allow employees to work remotely at leas…Read More Google Workspace enables better connection between onsite and remote workers
Intezer warns of growing threat from programming languageRead More Go Malware Detections Increase 2000%
A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers (PLCs) and to install new (malicious) firmware, alter the device’s config…Read More Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681)
You might have heard of the social network Gab after the dramatic incidents that took place on the 6th of January in the USA. DDoSecrets stated that JaXpArO and My Little Anonymous Revival Project, a hacktivist, has siphoned over 70 GB of data out of G…Read More Gab Platform Hacked by Activist Group DDoSecrets
Riddle me this: What exactly is a “note-taking app”?It seems almost painfully obvious, I know — but it’s a question I’ve found myself struggling to answer as I’ve been exploring a new breed of information-storing services.The services allow you to c…Read More 3 next-level note-taking apps that’ll change the way you work
On Friday, popular tech news site Gizmodo published an article with the title: “Go Update Your Passwords Right Now”.
The problem is, it’s just not good advice…Read More Gizmodo gives poor password advice
Micro-businesses and sole traders urged to take the testRead More Self-Assessment Tool Aims to Enhance Small Biz Security
It was recently discovered that a new Ryuk variant lists all the IP addresses in the local ARP cache to propagate itself over the local network, and sends what looks like Wake-on-LAN (WOL) packets to each of the discovered devices, BleepingComputer wri…Read More Ryuk Ransomware Now Self-Spreads to Other Windows LAN Devices
Let’s first take a look back at 2020!
Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data.
A whopping 20 billion records wer…
Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India’s critical infrastructure, including the nation’s power grid, from Chinese state-sponsored groups.
The attacks, which co…
There’s a lot of chatter about France’s new repairability index, a story about a surgeon’s Zoom call in the middle of surgery turns heads, and the comments of SolarWinds’ CEO It’s all the tech news that’s popular right now. Welcome to Hashtag Tre…Read More Hashtag Trending, March 1, 2021 – France’s new ‘repairability’ index; Zoom call during surgery; More tips to fight Zoom fatigue
COVID-19 struck IT like a tsunami in early 2020, sweeping away long-established operations and processes, forcing CIOs to quickly identify and deploy acceptable alternatives. Now, as the virus threat appears to be gradually receding, IT leaders are vie…Read More 7 ways COVID-19 has changed IT forever
ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection. ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users. The settlement has yet to be approved by a federal judge. The Chinese firm was accused to have failed […]
The post ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection appeared first on Security Affairs.Read More ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection
Italian also threatened MPs and Black Lives Matters protestersRead More Berlin Resident Jailed for NHS Bomb Threats
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.
I’m pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT, now has full and free access to query their government domains across the entire scope of data in HIBP.
This is now the 12th government onboarded to HIBP andRead More Welcoming the Portuguese Government to Have I Been Pwned
The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security Agency (NSA) recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process. Modern infrastructure are complex environments that combine multiple technologies and that are exposed to […]Read More NSA embraces the Zero Trust Security Model
How to Make Ransomware? Ransomware is a type of malware that operates by either locking you out of your computer or mobile device or by manipulating your files in such…
The post Ransomware: The Types of and How to Make Ransomware? appeared first on Hacker Combat.Read More Ransomware: The Types of and How to Make Ransomware?
COVID-19 propelled the world of IT years into the future. Organizations considering long-term digital transformation plans were abruptly forced to accelerate their timeline, so employees could work remotely amid shelter-in-place orders. While this shif…Read More Protecting the digital workplace with an integrated security strategy
Attackers increasingly strive to leverage cloud weaknesses that enable them to deliver malware to end users, gain unauthorized access to production environments or their data, or completely compromise a target environment. This strategy is known as a w…Read More How do I select a cloud security solution for my business?
78% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges, according to an IDG R…Read More Most IT security leaders lack confidence in their company’s security posture
In a recent report, Trend Micro announced it detected 119,000 cyber threats per minute in 2020 as home workers and infrastructure came under new pressure from attacks. Attacks on homes surged The report also shows that home networks were a major draw l…Read More Insights for navigating a drastically changing threat landscape
AppDynamics released its global research study, exploring the impact of the rapid acceleration of digital transformation created in response to the COVID-19 pandemic and the repercussions for global technologists. The findings reveal a dramatic increas…Read More Full-stack observability: The only way technologists can deal with IT complexity
95% of IT leaders say that client and company data is at risk on email, an Egress report reveals. Additionally, an overwhelming 83% of organizations have suffered data breaches via this channel in the last 12 months. Human error was at the root of near…Read More Data is most at risk on email, with 83% of organizations experiencing email data breaches
Last year, Verizon’s data breaches report showed that “human error” was the only factor with year-over-year increases in reported incidents. The average cost of data breaches from human error stands at $3.33 million, according to IBM’s Cost of a …Read More Fixing the “Human Error” Problem
Checkmarx announced the launch of KICS (Keeping Infrastructure as Code Secure), an open source static analysis solution that enables developers to write more secure infrastructure as code (IaC). With KICS, Checkmarx expands its AST product line, provid…Read More Checkmarx KICS enables developers to detect and fix configuration issues
Assured Data Protection announced the launch of its eXtended Detection and Response (XDR) service, providing businesses and MSPs with a fully automated and managed XDR solution powered by Confluera. The service delivers XDR across multiple data streams…Read More Assured Data Protection enhances cloud data management portfolio with XDR powered by Confluera
Featurespace introduces Automated Deep Behavioral Networks for the card and payments industry, providing a deeper layer of defense to protect consumers from scams, account takeover, card and payments fraud, which cost an estimated $42 billion in 2020. …Read More Featurespace Automated Deep Behavioral Networks protects from card and payments fraud
Transmit Security announced the release of BindID, customer authentication service that is completely password-free. BindID requires no customer software or dedicated hardware and can be used across any channel or device. Customers can authenticate and…Read More Transmit Security BindID: A password-free customer authentication service
The uCIFI Alliance announced the public release of the first unified data model to provide interoperability and interchangeability between connected devices to unlock smart cities, reduce cost and guarantee investments’ sustainability. The open-source …Read More uCIFI Alliance releases unified data model for smart city and utility devices