Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.
The company blamed the incident on an unnamed employee who had been providing u…
This week we saw another ransomware shut down its operation and a significant attack against Cyberpunk 2077 game developer CD Projekt Red. […]
Read More The Week in Ransomware – February 12th 2021 – More keys releasedForward-thinking companies know they can’t skimp on the computers that keep users productive day in and day out. Regular device rotations are common practice, along with support plans to ensure devices are covered for the occasional, inevitable prob…
Read More BrandPost: How Regular Device Rotations Plus Support Plans Keep Users Productive and ThrivingHow squid fly.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Agency Offers Critical Infrastructure Security RemindersFollowing the hacking of a Florida water treatment plant, CISA is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating s…
Read More Water Treatment Hack Prompts Warning From CISAResearcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable APIs.
Read More mHealth Apps Expose Millions to CyberattacksMultiple senators have demanded a hearing on what court officials know about the hackers’ access to sensitive filings. The effects could make accessing documents harder for lawyers.
Read More US Court system demands massive changes to court documents after SolarWinds hackMicrosoft has started replacing the legacy version of the Edge browser with the new Chromium-based Edge in Windows 10 Dev builds. […]
Read More Microsoft replaces Edge Legacy in latest Windows 10 Dev buildIn a security notice, Yandex said an employee had been providing unauthorized access to users’ email accounts “for personal gain.”
Read More Yandex Data Breach Exposes 4K+ Email AccountsThe Internal Revenue Service (IRS) has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs). […]
Read More Scammers target US tax pros in ongoing IRS phishing attacksTo address this gap, six universities in Ontario have partnered to create the Indigenous and Black Engineering and Technology (IBET) Momentum Fellowship to expand the pathways for Indigenous and Black students pursuing doctoral degrees in engineering.
The post Universities form alliance to address ‘atrociously small’ number of Indigenous and Black engineering faculty in Ontario first appeared on IT World Canada.
Read More Universities form alliance to address ‘atrociously small’ number of Indigenous and Black engineering faculty in OntarioSonja Drummer describes (with photographs) two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second …
Read More Medieval Security TechniquesTelegram has fixed a security issue where self-destructing audio and video recording were not being deleted from user’s macOS devices as expected. […]
Read More Telegram privacy feature failed to delete self-destructing video filesTelegram has fixed a security issue where self-destructing audio and video recording were not being deleted from user’s macOS devices as expected. […]
Read More Telegram ‘Secret Chat’ didn’t delete self-destructing media filesA well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds.
Read More ‘Annoyingly Believable’ Tax Scam Targets Mobile UsersAgile thinking is important in dealing with cyberattacks. Read one psychologist’s tips for cybersecurity professionals on how to adapt and stop the attackers.
Read More How micro-drilling can enhance your cybersecurity trainingGoogle has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks. […]
Read More Google: Gmail users from US most targeted by phishing attacksRussian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts. The security incident was discovered […]
The post Yandex security team caught admin selling access to users’ inboxes appeared first on Security Affairs.
Read More Yandex security team caught admin selling access to users’ inboxesBaltimore County trio indicted over spoofed Moderna website selling fake coronavirus vaccines
Read More Three Charged Over Fraudulent Vaccine WebsitePatch Issued After Vulnerability Found in an Endpoint Used for Currency ConversionPayPal has patched a cross-site scripting – or XSS – vulnerability found by a bug-bounty hunter in its currency conversion endpoint which, if exploited, could enable mali…
Read More PayPal Mitigates XSS VulnerabilityLatest Victims: Telecom Company Singtel and Australian Medical Research Institute QIMR BerghoferTwo more breaches have been tied to the vulnerable 20-year-old Accellion File Transfer Appliance. The latest victims are Singapore telecom company Singtel a…
Read More 2 More Breaches Tied to Accellion File Transfer ApplianceMan who laundered millions of dollars stolen by Eastern European computer hackers is sent to prison
Read More US Jails Money Mule KingpinWith only 53 updates in the February Patch Tuesday collection released this week — and no updates for Microsoft browsers — you’d be forgiven for thinking we had another easy month (after a light December and January). Despite lower-than-average numb…
Read More What’s not to love with this month’s Patch Tuesday?If past cyberattacks are any indication, success begets imitation. In the wake of last week’s hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.
Read More Water Utility Hack Could Inspire More IntrudersThis week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan,…
Read More Copycats imitate novel supply chain attack that hit tech giantsThis week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan,…
Read More Copycat researchers imitate supply chain attack that hit tech giantsThe Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.
Read More Singtel Suffers Zero-Day Cyberattack, Damage UnknownFlaws, If Exploited, Could Enable Remote Control, Data ExfiltrationSiemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems …
Read More Siemens Patches 21 Vulnerabilities in 2 ToolsPractical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen.
Read More Fallen victim to online fraud? Here’s what to do…Cyber-criminals use Telegram to sell food bought with stolen credit cards to hungry users
Read More Diners Devour Made-to-Order FraudJoseph Blankenship of Forrester Shares Best PracticesOrganizations must adopt a new approach to security automation that’s tailor-made to addressing today’s threats, says Joseph Blankenship, vice president and research director at Forrester.
Read More How to Make the Most of Automation in the SOCEnterprises seeking tools with which to improve endpoint security for the new remote working business environment may want to spend a little time considering the Apple Watch.Access all areas
My argument is simple: Apple’s growing place in the enterp…
Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. […]
Read More Yandex suffers data breach after sysadmin sold access to user emailsRussian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. […]
Read More Russian Yandex informs of sysadmin giving access to user mailboxesESET’s Q4 2020 threat report is out – How smart sex toys can ruin your privacy – Protecting water supply systems
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
A combination of network hardening, attack surface reduction, network segmentation will thwart attacks on critical infrastructure, says researcher at Domain Tools
The post Researcher says Florida water plant attack was ‘immature, rushed or unintentiona…
Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life. Today, TIM’s Red Team Research led […]
The post TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server appeared first on Security Affairs.
Read More TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information ServerResearchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.
Read More Florida Water Plant Hack: Leaked Credentials Found in Breach DatabaseIn a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.
Read More You’ve Got Cloud Security All Wrong: Managing Identity in a Cloud WorldIn one of my previous articles, I’ve talked about what IT assets are and mentioned that IT asset discovery is essential for maintaining the integrity of a company’s data. Let’s see exactly what this means. IT Asset Discovery: Definitions As Investoped…
Read More Did You Know That IT Asset Discovery Is Essential for IT Asset Management?Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?
Read More Why cybersecurity insurance may be worth the costResearchers from Microsoft are warning that the number of monthly web shell attacks has doubled since last year. Microsoft reported that the number of monthly web shell attacks has almost doubled since last year, its experts observed an average of 140,000 of these software installs on servers on a monthly basis, while in 2020 they […]
The post Microsoft warns of the rise of web shell attacks appeared first on Security Affairs.
Read More Microsoft warns of the rise of web shell attacksU.S.-based cloud solutions company Accellion will soon retire FTA, its legacy enterprise file-sharing solution, vulnerabilities in which have recently been exploited by attackers to breach a variety of organizations, including the Australian Securities…
Read More Accellion to retire enterprise file-sharing product targeted in recent attacksMicrosoft has reminded customers that some editions of Windows 10, version 1909 (also known as the November 2019 Update) will reach end of service in May 2021. […]
Read More Microsoft: Windows 10 1909 reaches end of service in MayWhenever a company, whether a small, family business or a big corp, formulates a risk mitigation plan, DLP flares up. Data Loss Prevention – often confused with data leak – is that extra (mandatory) item on your business continuity plan you’ll definite…
Read More What is a DLP Solution and How does it Add up Your Company’s CybersecurityLockdown Has Led to a Surge in Fraudster Romeos Operating Remotely, Police WarnThe ongoing lockdown may be complicating Cupid’s arrows. But as another Valentine’s Day rolls around, authorities are warning that romance scammers – and other types of frau…
Read More Roses are Red, Romance Scammers Increasingly Make You BlueBeware of romance scams, a SIM-swapping gang broken, US can search devices without a warrant at its borders, how big tech companies were fooled and more
The post Cyber Security Today – Don’t be blue on Valentine’s Day, SIM-swapping gang broken, US can …
For the most part, today’s modern workplace has grown accustomed to cyberattacks directed by third parties that are external to the organization. But what can you do when the call is coming from inside the house? How can you successfully discover and m…
Read More Malicious Insider Explained: The Call is Coming from Inside the HouseValentine’s Day may be a day of love and romance, but if you’re not careful, you could end…
The post Five tips to ensure you’re not a victim of an online romance scam this Valentine’s Day appeared first on Quick Heal Blog | Latest computer security n…
Risk Based Security claims to have spotted 6767 more bugs than NVD
Read More Real Bug Volumes in 2020 Exceed Official CVEs by 29%: ReportVastaamo, the Finnish psychotherapy practice that covered up a horrific data breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.
Read more in my article on the Hot for Security blog.
Read More After hackers blackmailed their clients, Finnish therapy firm declares bankruptcyA water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it.
We don’t know who is behind this attack. Despite its similarities to a Russian attack of a Ukrainian power plant in 2015, my bet is that it’s a disgruntled insider: either a current or former employee. It just doesn’t make sense…
Read More Attack against Florida Water Treatment FacilitySimilar number in 2020 required no user interaction, says Redscan
Read More Nearly Two-Thirds of CVEs Are Low ComplexitySecurity expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users’ data. Summary: While understanding the implementation of various security and privacy measures in Telegram, I identified that telegram fails again in terms of handling the users data. My initial study started with understanding how self-destructing […]
The post The “P” in Telegram stands for Privacy appeared first on Security Affairs.
Read More The “P” in Telegram stands for PrivacyWhile you’re living out your fantasies, your internet-enabled sex toy may be setting you up for a privacy nightmare
The post Fifty shades of vulnerable: How to play it safe with your smart sex toy appeared first on WeLiveSecurity
Microsoft made an embarrassing goof in the release notes it published for the Patch Tuesday security updates it issued earlier this week.
Read More “Microosft”. Patch Tuesday goof points users to typo-bait websitePopular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats.
The vulnerability was discovered by security research…
Accellion’s legacy FTA product was also exploited in New Zealand bank attack
Read More Singtel Supply Chain Breach Traced to Zero-Day BugThe fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template. In the last few days, a new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19. This trojan has been distributed in Portugal […]
The post Lampion trojan disseminated in Portugal using COVID-19 template appeared first on Security Affairs.
Read More Lampion trojan disseminated in Portugal using COVID-19 templateFarmers are having to hack their own tractors just to keep it running, a new study suggests Bitcoin uses more electricity annually than the whole of Argentina, and frustration swells over Uber Eats’ pay system.
The post Hashtag Trending – Farmers hacki…
SunBird and HornBill Malicious Apps Mainly Target Users in South AsiaResearchers at the security firm Lookout have identified two new Android spyware tools used for cyberespionage campaigns in South Asia which they say are linked to “Confucius,” an pro…
Read More Pro-India APT Group Deploys Android SpywareCompany Issues Patch, Remediation AdviceSAP has issued a patch and remediation advice for a critical remote code execution vulnerability in its SAP Commerce product that could, if exploited, disrupt the entire system.
Read More SAP Commerce Product Has VulnerabilityThe latest edition of the ISMG Security Report features an analysis of the critical security issues raised by the hacking of a Florida city water treatment plant. Also featured: The CISO of the World Health Organization discusses supply chain security;…
Read More Analysis: Implications of Water Treatment Plant HackUni recognized for cybersecurity education program and work promoting cyber-skills in local community
Read More Queen’s University Belfast Recognized for Role in Growing Cybersecurity Awareness