UL LLC, better known as Underwriters Laboratories, has suffered a ransomware attack that encrypted its servers and caused them to shut down systems while they recover. […]Read More Underwriters Laboratories (UL) certification giant hit by ransomware
A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users. A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users. The Tor mode implemented in the Brave web […]
The post Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider appeared first on Security Affairs.Read More Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider
A blend of the old way of working and the new is probably the future, a new Forbes research found. And this is essential because remote work is affecting different people in different ways. After all, one size does not fit all – women are enjoyin…Read More The Remote Working Marathon – Moral, Flexibility and The Gender Divide – Forbes
There’s an imaginary line that lives between efficiency and security and generally speaking, those that straddle these two are prone to falling towards one or the other side. I’d like to suggest that these two concepts are actually complimentary.
From the Monterey Bay Aquarium.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.Read More Kia Denies Ransomware Attack as IT Outage Continues
Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said.Read More Malformed URL Prefix Phishing Attacks Spike 6,000%
This podcast features a discussion with Dinah Davis of Arctic Wolf about the use of typosquatting to push COVID-19 vaccine scams, and a report on how attackers are getting into the IT networks of healthcare providers
The post Cyber Security Today – Wee…
A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer.Read More Kia outage may be the result of ransomware
A second malware that targets Macs with Apple’s in-house M1 chip is infecting machines worldwide — but it’s unclear why.Read More Mysterious Silver Sparrow Malware Found Nesting on 30K Macs
RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.Read More Credential-Stuffing Attack Targets Regional Internet Registry
Microsoft has added a ‘paste as plain text’ option to the Windows 10 clipboard history in the latest Preview build available for Windows Insiders in the Dev Channel. […]Read More Windows 10 clipboard history now lets you paste as plain text
Charges brought against alleged members of $50m fraud and money-laundering ringRead More US Arrests Six Alleged Cyber-Scam Money Launderers
Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.Read More New malformed URL phishing technique can make attacks harder to spot
Digital certificate issuer Let’s Encrypt has announced that it has upgraded its infrastructure to allow it to issue 200 million certificates in one day.
The post Let’s Encrypt upgrades infrastructure, can now issue 200 million certificates in a day fir…
Site Spoofing, Phishing Campaigns ProliferateAs tax season begins, the Internal Revenue Service is warning that it’s seeing signs of fraudsters spoofing the agency’s domains and incorporating its logos and language into phishing campaigns.Read More IRS Warns of Fresh Fraud Tactics as Tax Season Starts
Car maker says this week’s network outage was not linked to ransomwareRead More Kia Denies Ransomware Attack
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.Read More Attackers Already Targeting Apple’s M1 Chip with Custom Malware
MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. Cisco Talos experts uncovered attacks against users in Turkey, Latvia, and Italy, the […]
The post New Masslogger Trojan variant exfiltrates user credentials appeared first on Security Affairs.Read More New Masslogger Trojan variant exfiltrates user credentials
For most small businesses, the chances of falling prey to a long-term covert surveillance operation by well-resourced, likely state-backed actors are slim. To recap, that is what the evidence suggests happened in the SolarWinds compromise discovered last December. Many believe the company’s Orion update was used to conduct cyber espionage for months prior to being […]
The post Reducing the Time to Discovery: How to Determine if You Have Been Hacked appeared first on Webroot Blog.Read More Reducing the Time to Discovery: How to Determine if You Have Been Hacked
If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.Read More How to find details about user logins on Linux
Sharp month-on-month drop in US healthcare data breaches of 500 or more recordsRead More Healthcare Data Breaches Halved in January
He was either the smallest person who has ever lived, by an order of magnitude, or the heaviest person ever known, by two of them.Read More The massive coronavirus IT blunder with a funny side
Scammers are impersonating the IRS with emails carrying the subject line “Verifying your EFIN before e-filing.”Read More IRS issues urgent notice on scams aimed at tax professionals
The Center for Internet Security (CIS), a non-profit dedicated to securing IT systems and data, announced the launch of free ransomware protection for US private hospitals through the Malicious Domain Blocking and Reporting (MDBR) service. […]Read More CIS now offers free ransomware protection to all US hospitals
Buzzwords and acronyms abound in the MSP industry, an unfortunate byproduct of marketing years in the making. Cybersecurity is a hot watercooler topic at any business. Well, now probably more likely a virtual happy hour than a watercooler, but nevertheless cybersecurity remains top-of-mind. To sleep at night, MSPs feel they must enhance or expand their […]
The post Fools Rush in: 5 Things MSPs Should Know Before Adopting EDR appeared first on Webroot Blog.Read More Fools Rush in: 5 Things MSPs Should Know Before Adopting EDR
California DMV and Washington Cities Among Those Issuing Data Breach NotificationsThe “Cuba” ransomware gang has hit Seattle-based Automatic Funds Transfer Services, which processes data from California’s Department of Motor Vehicles as well as many ci…Read More ‘Cuba’ Ransomware Gang Hits Payment Processor, Steals Data
Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit. […]Read More Brave privacy bug exposes Tor onion URLs to your DNS provider
The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.Read More Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang
Avoid COVID-19 vaccine fraud and hoaxes – Romance scams cause record-high losses – Exaramel in the spotlight after attacks in France
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals
The post TDoS attacks could cost lives, warns FBI appeared first on WeLiveSecurity
According to Forrester, ZTE will be most helpful with securing and enabling remote workers while removing the difficult user VPNs.Read More Forrester report highlights Zero Trust Edge model for networking and security infrastructure
Nowadays, every single organization relies on software and Internet services. This dependence brings along a certain degree of vulnerability. Today’s marketplace businesses are more likely to be disrupted by cybercriminals than real-world crimina…Read More What Is a Zero-Day Vulnerability?
The UK urges the approval process to be quickly concludedRead More Draft Adequacy Decision Paves the Way for EU-UK Data Flows to Continue Freely
Microsoft announced the launch of Microsoft Office Long Term Servicing Channel (LTSC) and Office 2021 later this year for clients who don’t want to get an Office cloud subscription service and prefer a one-time purchase. […]Read More Microsoft to launch Office 2021 and Office LTSC later this year
Man allegedly organized teams of people in Canada and the US to launder millions of dollars obtained through ATM cash-out operations as well as a North Korean heist from a bank in MaltaRead More U.S. Justice Department says Canadian to plead guilty to laundering money stolen by North Korean cyberattackers
Security and privacy are a big selling point for Apple. The company has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of. Ne…Read More Apple details major security, privacy enhancements in its devices
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim’s Mastercard contactless card while believing it to be a Visa card.
The research, published by a group o…
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.Read More Linux 101: How to block users from setting up their own cron jobs
Apple is investing in next-generation 6G technology development. Why? What for? And should we get excited yet?What is 6G?
With most iPhone users only now making use of 5G, it seems way too early to make much fuss about the next fast wireless standar…
When it comes to cybersecurity incidents, your company’s endpoints are some of the most important IT assets you want to monitor and protect. The massive increase in remote work due to the Covid-19 pandemic brought a monumental rise in cyberattacks and …Read More EPP EDR: What Is Each and How They Differ
Over the past several months, many organizations have had to shift their operations to a fully digital platform. This sudden shift was more challenging for some industries, like government, than other industries, like technology. And aside from having …Read More AppSec Bites Part 3: Has the New Virtual Reality Created Opportunities for AppSec?
Heimdal™ Security, among other cybersecurity providers, has recently detected a phishing campaign that specifically targets Fan Courier business customers located in Romania. Several companies have reported receiving fraudulent Fan Courier-signed invoi…Read More SECURITY ALERT: Newly Discovered Fan Courier Phishing Campaign Targets Romanian Companies
A 31% fall in DDoS attacks was observed in Q4 of 2020Read More Kaspersky: Decline in DDoS Attacks Linked to Surge in Cryptocurrency Value
Microsoft is shortening the support lifecycle of Windows 10 Enterprise Long Term Servicing Channel (LTSC) releases from 10 years down to only five years. […]Read More Microsoft cuts down Windows 10 Enterprise LTSC support to 5 years
No one wants to sit in a crowded classroom in the middle of a pandemic. But that doesn’t mean we should resist opportunities to upgrade our skills. Want to transition your IT career to include cloud-based technologies and quickly? Then the 2021 Comp…Read More This $1,194 Microsoft Azure certification prep bundle is $30 for President’s Day
Life can turn on a dime. For proof, consider everything we’ve experienced in the past year. At the end of 2019, it was business as usual. Then, with little to no warning, everything came to a crashing halt. Stores closed, schools shuttered, and many…Read More Need simple IT infrastructure for a small business? Try V2 Cloud
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.Read More Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
The changing security perimeter requires new ways of thinking about cybersecurityRead More Shift to Remote Work Necessitating Greater Innovation in Cybersecurity
Productivity app Trello announced a major redesign this week, adding features to help businesses better manage third-party integrations, new customizable cards and the ability to access workloads beyond the core whiteboard view.The changes come afte…Read More Trello, now 10, offers up an ambitious platform overhaul
The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Here are tips on how businesses can try to thwart cybercrime.Read More 4 ways to defend against the Dark Web’s cybercrime ecosystem, according to MIT researchers
This podcast looks at a proposed law by a Canadian Senator to prevent teens from accessing online porn, an FBI warning to home buyers and a look inside a cryptojacking scheme
The post Cyber Security Today – Stop teens from accessing online porn, FBI w…
As a senior executive or CIO, how can you assure yourself that Artificial intelligence (AI) or Machine Learning (ML)-derived recommendations are reasonable and flow logically from the project work that has been performed?
The post Skeptical about the d…
Microsoft has completed its internal investigation about the Solorigate (SolarWinds) security incident, and has discovered that the attackers were very interested in the code of various Microsoft solutions. The attackers viewed some files here and ther…Read More Microsoft: Solorigate attackers grabbed Azure, Intune, Exchange component source code
US security giant pays $400m for log management firmRead More CrowdStrike Snaps Up London Start-Up Humio
Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring […]
The post Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning appeared first on Security Affairs.Read More Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning
This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security.
Read More Router Security
Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of Linux. Most devices are still powered with a 2.6 Linux kernel, which is no longer maintained for many years. This leads to a high number of critical and high severity CVEs affecting these devices.
Since Linux is the most used OS, exploit mitigation techniques could be enabled very easily. Anyhow, they are used quite rarely by most vendors except the NX feature…
White House briefing reveals extent of attack on tech industryRead More SolarWinds Attackers Breached 100+ Private Firms
Oh — hello there. So, you like uncovering awesome advanced powers for your Android phone browser, do ya? You’ve thoroughly explored all the carefully concealed settings for better browsing in the Chrome Android app from the other day, and you’re bac…Read More 6 secret settings for smarter sharing in Chrome on Android
Attackers unsuccessfully targeted its single sign-on serviceRead More Internet Registry RIPE NCC Warns of Credential Stuffing Attack
This week, the Washington Post had an interesting story about large companies turning to esports to strengthen teams and increase productivity. This approach can be better than than the physical sports often used for teambuilding, improving trust be…Read More Esports — the next enterprise productivity tool?
Failed credential-stuffing attack on RIPE NCC’s infrastructure. These assaults aim to compromise a large number of user accounts with stolen credentials. The group, which manages the IP address space for the EMEA region, is asking members to enab…Read More RIPE NCC reveals failed brute-force assault on its SSO service
The Canadian Revenue Agency says online accounts were locked because of an “external threat”, Facebook picks the nuclear option and bans news on its platform in Australia, and Uber takes down the UberCheats app.
The post Hashtag Trending, Feb. 19 – CRA…
This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloom…Read More Analysis: Sandworm’s Hacking Campaign
Zarraga will oversee the org’s technology and cybersecurityRead More Capital Group Appoints Marta Zarraga as Global Chief Information Officer
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.
Primarily directed against users in Turkey, Latvia, …
Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credit card data provided by customers of e-commerce websites. “Attackers use […]
The post Hackers steal credit card data abusing Google’s Apps Script appeared first on Security Affairs.Read More Hackers steal credit card data abusing Google’s Apps Script
Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there’s no evidence that they abused its internal systems to target other companies or gained access to producti…Read More SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune
I seem to have spread myself across a whole heap of different things this week which is fine (it’s all stuff I love doing), but it has made for rather a “varied” video. I’m talking (somewhat vaguely) about the book I’m working on, how Facebook has nuked all news inRead More Weekly Update 231