Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.
The company blamed the incident on an unnamed employee who had been providing u…
Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.
This week we saw another ransomware shut down its operation and a significant attack against Cyberpunk 2077 game developer CD Projekt Red. […]Read More The Week in Ransomware – February 12th 2021 – More keys released
Forward-thinking companies know they can’t skimp on the computers that keep users productive day in and day out. Regular device rotations are common practice, along with support plans to ensure devices are covered for the occasional, inevitable prob…Read More BrandPost: How Regular Device Rotations Plus Support Plans Keep Users Productive and Thriving
How squid fly.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Agency Offers Critical Infrastructure Security RemindersFollowing the hacking of a Florida water treatment plant, CISA is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating s…Read More Water Treatment Hack Prompts Warning From CISA
Researcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable APIs.Read More mHealth Apps Expose Millions to Cyberattacks
Multiple senators have demanded a hearing on what court officials know about the hackers’ access to sensitive filings. The effects could make accessing documents harder for lawyers.Read More US Court system demands massive changes to court documents after SolarWinds hack
Microsoft has started replacing the legacy version of the Edge browser with the new Chromium-based Edge in Windows 10 Dev builds. […]Read More Microsoft replaces Edge Legacy in latest Windows 10 Dev build
In a security notice, Yandex said an employee had been providing unauthorized access to users’ email accounts “for personal gain.”Read More Yandex Data Breach Exposes 4K+ Email Accounts
The Internal Revenue Service (IRS) has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs). […]Read More Scammers target US tax pros in ongoing IRS phishing attacks
To address this gap, six universities in Ontario have partnered to create the Indigenous and Black Engineering and Technology (IBET) Momentum Fellowship to expand the pathways for Indigenous and Black students pursuing doctoral degrees in engineering.Read More Universities form alliance to address ‘atrociously small’ number of Indigenous and Black engineering faculty in Ontario
Sonja Drummer describes (with photographs) two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second …Read More Medieval Security Techniques
Telegram has fixed a security issue where self-destructing audio and video recording were not being deleted from user’s macOS devices as expected. […]Read More Telegram privacy feature failed to delete self-destructing video files
Telegram has fixed a security issue where self-destructing audio and video recording were not being deleted from user’s macOS devices as expected. […]Read More Telegram ‘Secret Chat’ didn’t delete self-destructing media files
A well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds.Read More ‘Annoyingly Believable’ Tax Scam Targets Mobile Users
Agile thinking is important in dealing with cyberattacks. Read one psychologist’s tips for cybersecurity professionals on how to adapt and stop the attackers.Read More How micro-drilling can enhance your cybersecurity training
Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks. […]Read More Google: Gmail users from US most targeted by phishing attacks
Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts. The security incident was discovered […]
The post Yandex security team caught admin selling access to users’ inboxes appeared first on Security Affairs.Read More Yandex security team caught admin selling access to users’ inboxes
Baltimore County trio indicted over spoofed Moderna website selling fake coronavirus vaccinesRead More Three Charged Over Fraudulent Vaccine Website
Patch Issued After Vulnerability Found in an Endpoint Used for Currency ConversionPayPal has patched a cross-site scripting – or XSS – vulnerability found by a bug-bounty hunter in its currency conversion endpoint which, if exploited, could enable mali…Read More PayPal Mitigates XSS Vulnerability
Latest Victims: Telecom Company Singtel and Australian Medical Research Institute QIMR BerghoferTwo more breaches have been tied to the vulnerable 20-year-old Accellion File Transfer Appliance. The latest victims are Singapore telecom company Singtel a…Read More 2 More Breaches Tied to Accellion File Transfer Appliance
Man who laundered millions of dollars stolen by Eastern European computer hackers is sent to prisonRead More US Jails Money Mule Kingpin
With only 53 updates in the February Patch Tuesday collection released this week — and no updates for Microsoft browsers — you’d be forgiven for thinking we had another easy month (after a light December and January). Despite lower-than-average numb…Read More What’s not to love with this month’s Patch Tuesday?
If past cyberattacks are any indication, success begets imitation. In the wake of last week’s hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.Read More Water Utility Hack Could Inspire More Intruders
This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan,…Read More Copycats imitate novel supply chain attack that hit tech giants
This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan,…Read More Copycat researchers imitate supply chain attack that hit tech giants
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.Read More Singtel Suffers Zero-Day Cyberattack, Damage Unknown
Flaws, If Exploited, Could Enable Remote Control, Data ExfiltrationSiemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems …Read More Siemens Patches 21 Vulnerabilities in 2 Tools
Practical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen.Read More Fallen victim to online fraud? Here’s what to do…
Cyber-criminals use Telegram to sell food bought with stolen credit cards to hungry usersRead More Diners Devour Made-to-Order Fraud
Joseph Blankenship of Forrester Shares Best PracticesOrganizations must adopt a new approach to security automation that’s tailor-made to addressing today’s threats, says Joseph Blankenship, vice president and research director at Forrester.Read More How to Make the Most of Automation in the SOC
Enterprises seeking tools with which to improve endpoint security for the new remote working business environment may want to spend a little time considering the Apple Watch.Access all areas
My argument is simple: Apple’s growing place in the enterp…
Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. […]Read More Yandex suffers data breach after sysadmin sold access to user emails
Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. […]Read More Russian Yandex informs of sysadmin giving access to user mailboxes
ESET’s Q4 2020 threat report is out – How smart sex toys can ruin your privacy – Protecting water supply systems
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
A combination of network hardening, attack surface reduction, network segmentation will thwart attacks on critical infrastructure, says researcher at Domain Tools
The post Researcher says Florida water plant attack was ‘immature, rushed or unintentiona…
Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 22.214.171.124 is in End-of-life. Today, TIM’s Red Team Research led […]Read More TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.Read More Florida Water Plant Hack: Leaked Credentials Found in Breach Database
In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.Read More You’ve Got Cloud Security All Wrong: Managing Identity in a Cloud World
In one of my previous articles, I’ve talked about what IT assets are and mentioned that IT asset discovery is essential for maintaining the integrity of a company’s data. Let’s see exactly what this means. IT Asset Discovery: Definitions As Investoped…Read More Did You Know That IT Asset Discovery Is Essential for IT Asset Management?
Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?Read More Why cybersecurity insurance may be worth the cost
Researchers from Microsoft are warning that the number of monthly web shell attacks has doubled since last year. Microsoft reported that the number of monthly web shell attacks has almost doubled since last year, its experts observed an average of 140,000 of these software installs on servers on a monthly basis, while in 2020 they […]Read More Microsoft warns of the rise of web shell attacks
U.S.-based cloud solutions company Accellion will soon retire FTA, its legacy enterprise file-sharing solution, vulnerabilities in which have recently been exploited by attackers to breach a variety of organizations, including the Australian Securities…Read More Accellion to retire enterprise file-sharing product targeted in recent attacks
Microsoft has reminded customers that some editions of Windows 10, version 1909 (also known as the November 2019 Update) will reach end of service in May 2021. […]Read More Microsoft: Windows 10 1909 reaches end of service in May
Whenever a company, whether a small, family business or a big corp, formulates a risk mitigation plan, DLP flares up. Data Loss Prevention – often confused with data leak – is that extra (mandatory) item on your business continuity plan you’ll definite…Read More What is a DLP Solution and How does it Add up Your Company’s Cybersecurity
Lockdown Has Led to a Surge in Fraudster Romeos Operating Remotely, Police WarnThe ongoing lockdown may be complicating Cupid’s arrows. But as another Valentine’s Day rolls around, authorities are warning that romance scammers – and other types of frau…Read More Roses are Red, Romance Scammers Increasingly Make You Blue
Beware of romance scams, a SIM-swapping gang broken, US can search devices without a warrant at its borders, how big tech companies were fooled and more
The post Cyber Security Today – Don’t be blue on Valentine’s Day, SIM-swapping gang broken, US can …
For the most part, today’s modern workplace has grown accustomed to cyberattacks directed by third parties that are external to the organization. But what can you do when the call is coming from inside the house? How can you successfully discover and m…Read More Malicious Insider Explained: The Call is Coming from Inside the House
Valentine’s Day may be a day of love and romance, but if you’re not careful, you could end…
The post Five tips to ensure you’re not a victim of an online romance scam this Valentine’s Day appeared first on Quick Heal Blog | Latest computer security n…
Risk Based Security claims to have spotted 6767 more bugs than NVDRead More Real Bug Volumes in 2020 Exceed Official CVEs by 29%: Report
Vastaamo, the Finnish psychotherapy practice that covered up a horrific data breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.
Read more in my article on the Hot for Security blog.Read More After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy
A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it.
We don’t know who is behind this attack. Despite its similarities to a Russian attack of a Ukrainian power plant in 2015, my bet is that it’s a disgruntled insider: either a current or former employee. It just doesn’t make sense…Read More Attack against Florida Water Treatment Facility
Similar number in 2020 required no user interaction, says RedscanRead More Nearly Two-Thirds of CVEs Are Low Complexity
Security expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users’ data. Summary: While understanding the implementation of various security and privacy measures in Telegram, I identified that telegram fails again in terms of handling the users data. My initial study started with understanding how self-destructing […]Read More The “P” in Telegram stands for Privacy
While you’re living out your fantasies, your internet-enabled sex toy may be setting you up for a privacy nightmare
The post Fifty shades of vulnerable: How to play it safe with your smart sex toy appeared first on WeLiveSecurity
Microsoft made an embarrassing goof in the release notes it published for the Patch Tuesday security updates it issued earlier this week.Read More “Microosft”. Patch Tuesday goof points users to typo-bait website
Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats.
The vulnerability was discovered by security research…
Accellion’s legacy FTA product was also exploited in New Zealand bank attackRead More Singtel Supply Chain Breach Traced to Zero-Day Bug
The fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template. In the last few days, a new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19. This trojan has been distributed in Portugal […]
The post Lampion trojan disseminated in Portugal using COVID-19 template appeared first on Security Affairs.Read More Lampion trojan disseminated in Portugal using COVID-19 template
Farmers are having to hack their own tractors just to keep it running, a new study suggests Bitcoin uses more electricity annually than the whole of Argentina, and frustration swells over Uber Eats’ pay system.
The post Hashtag Trending – Farmers hacki…
SunBird and HornBill Malicious Apps Mainly Target Users in South AsiaResearchers at the security firm Lookout have identified two new Android spyware tools used for cyberespionage campaigns in South Asia which they say are linked to “Confucius,” an pro…Read More Pro-India APT Group Deploys Android Spyware
Company Issues Patch, Remediation AdviceSAP has issued a patch and remediation advice for a critical remote code execution vulnerability in its SAP Commerce product that could, if exploited, disrupt the entire system.Read More SAP Commerce Product Has Vulnerability
The latest edition of the ISMG Security Report features an analysis of the critical security issues raised by the hacking of a Florida city water treatment plant. Also featured: The CISO of the World Health Organization discusses supply chain security;…Read More Analysis: Implications of Water Treatment Plant Hack
Uni recognized for cybersecurity education program and work promoting cyber-skills in local communityRead More Queen’s University Belfast Recognized for Role in Growing Cybersecurity Awareness