Entrust introduced the Production Analytics Solution, designed to provide real-time data and actionable insights to optimize card issuance operations. The solution is part of the Entrust Adaptive Issuance software platform trusted by banks, governments…Read More Entrust Production Analytics Solution optimizes card issuance operations
LogDNA launched a new browser logging capability, which makes it easier for full-stack and frontend developers to ingest frontend log data in LogDNA to more efficiently debug web applications. The code running on end-user devices has become increasingl…Read More LogDNA Browser Logger empowers developers to more efficiently debug web applications
Ivanti Wavelink announced that Ivanti Speakeasy, Ivanti Velocity Web Browser and Velocity Telnet (TE) are now available on SAP Store. These solutions are integrated with SAP Extended Warehouse Management (SAP EWM), with a second integration available f…Read More Three Ivanti Wavelink applications now available on SAP Store
MariaDB announced major new updates to MariaDB SkySQL cloud database, including expanded support for Amazon Web Services (AWS). With this release, SkySQL gains new strength with transparent high availability that immunizes applications against database…Read More MariaDB updates MariaDB SkySQL cloud database, expands support for AWS
Intermedia Cloud Communications announced the release of two new versions of its cloud-based communications and collaboration solution, Intermedia Unite, designed to work within or alongside Microsoft Teams. Intermedia Unite offers a complete and fully…Read More Intermedia Unite offers enterprise-grade business phone features to Microsoft Teams
Datadog announced the appointment of Adam Blitzer as Chief Operating Officer. Mr. Blitzer brings fourteen years of experience in the SaaS space. Mr. Blitzer was at Salesforce for eight years, culminating in his role as Executive Vice President and Gene…Read More Adam Blitzer joins Datadog as COO
Security Compass announced the expansion of its executive leadership team. In addition to the internal advancement of multiple strategic leaders, Rob Bentley has been named the company’s first Chief Revenue Officer (CRO). Led by CEO Rohit Sethi, and CO…Read More Security Compass names Rob Bentley as CRO
While ransomware attacks continued throughout the week, for the most part, it has been quieter than usual, with only a few new variants released. […]Read More The Week in Ransomware – May 7th 2021 – Attacking healthcare
Check Point Report Describes Flaw’s Technical DetailsA severe vulnerability in a system on certain Qualcomm chips, which has been patched, potentially could have enabled attackers to remotely control Android smartphones, access users’ text messages and…Read More How Patched Android Chip Flaw Could Have Enabled Spying
A town in Japan built a giant squid statue with its COVID relief grant.
One local told the Chunichi Shimbun newspaper that while the statue may be effective in the long run, the money could have been used for “urgent support,” such as for medical staff and long-term care facilities.
But a spokesperson for the town told Fuji News Network that the statue would be a tourist attraction and part of a long term strategy to help promote Noto’s famous flying squid.
I am impressed by the town’s sense of priorities.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered…Read More Friday Squid Blogging: COVID Relief Funds
The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The […]
The post Russia-linked APT29 group changes TTPs following April advisories appeared first on Security Affairs.Read More Russia-linked APT29 group changes TTPs following April advisories
Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organization using typo-squatted domains registered days before the attacks began. […]Read More Microsoft: Business email compromise attack targeted dozens of orgs
U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem.Read More iPhone Hack Allegedly Used to Spy on China’s Uyghurs
Researchers find differences in Kimsuky’s operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.Read More How North Korean APT Kimsuky Is Evolving Its Tactics
Four individuals from Eastern Europe are facing 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to running a bulletproof hosting service as a safe haven for cybercrime operations targeting US entiti…Read More Bulletproof hosting admins plead guilty to running cybercrime safe haven
Malware Spread Through Spam Email CampaignResearchers at Trend Micro have uncovered a new cryptocurrency stealer variant that uses a fileless approach in its global spam email distribution campaign to evade detection.Read More ‘Panda Stealer’ Targets Cryptocurrency Wallets
Microsoft has reportedly paused the development of Windows 10X, its Chrome OS competitor for single-screen and dual-screen devices. […]Read More Microsoft pauses development of Windows 10X, its Chrome OS competitor
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.Read More Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader. […]Read More Foxit Reader bug lets attackers run malicious code via PDFs
The report provides additional details on tactics of Russia’s Foreign Intelligence Service following public attribution of the group to last year’s SolarWinds attack.Read More FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity
Defendants charged in connection with dating and BEC scams that netted over $2.3mRead More Three Marylanders Indicted Over BEC Scam
Agency Offers In-Depth Analysis, Risk Mitigation AdviceThe Cybersecurity and Infrastructure Security Agency has issued an alert providing more details on the threat posed by FiveHands ransomware attacks and offering risk mitigation tips.Read More CISA Alert Describes FiveHands Ransomware Threat
Can you imagine life without the internet?Yet, 23 years ago when Apple introduced the iMac, internet access was expensive and unreliable. Even so, then-CEO Steve Jobs was among the first to see that connectivity should be baked inside the product th…Read More Apple, EarthLink, and the digital transformation of everything
Can you imagine life without the internet?Yet, 23 years ago when Apple introduced the iMac, internet access was expensive and unreliable. Even so, then-CEO Steve Jobs was among the first to see that connectivity should be baked inside the product th…Read More Apple, Earthlink and the digital transformation of everything
CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, […]
The post 19 petabytes of data exposed across 29,000+ unprotected databases appeared first on Security Affairs.Read More 19 petabytes of data exposed across 29,000+ unprotected databases
State of Pennsylvania and Insight Global accused of cybersecurity failures after PHI exposedRead More Lawsuit Filed Over Contact Tracing Data Breach
Researchers Release Open-Source Detection ToolSecurity researchers have uncovered a flaw dubbed TsuNAME in DNS resolver software that attackers could used to carry out distributed denial-of-service attacks against authoritative DNS servers. Google and …Read More DNS Flaw Can Be Exploited for DDoS Attacks
The lax access policy for students allowed the organization to be compromised after credentials stolen
The post How a student’s hunt for free software led to a research institute being crippled by ransomware first appeared on IT World Canada.Read More How a student’s hunt for free software led to a research institute being crippled by ransomware
Majority of security leaders view bot mitigation as a top priorityRead More Bot Attacks a Top Cybersecurity Concern
Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android a…Read More 4 Major Privacy and Security Updates From Google You Should Know About
See Beyond Endpoints to Stay Secure From Increasing ThreatsRead More Why Visibility Is Critical for Reducing Endpoint Security Complexity
Have you received an SMS with a link that says, “Register for vaccine using COVID-19 app”? Well, beware!…
The post Beware! Hackers target users with fake COVID-19 vaccine registration app appeared first on Quick Heal Blog | Latest compute…
Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks….Read More Russian state hackers switch targets after US joint advisories
A Microsoft Edge bug is causing the browser to become unresponsive and crash while watching YouTube videos or reading comments. […]Read More Microsoft Edge crashes when watching full screen YouTube videos
Having a VPN Isn’t Enough AnymoreRead More Hybrid Work Means SASE: Rethinking Traditional Network and Security Architecture
Researchers from SecureLink and the Ponemon Institute recently released the “A Crisis in Third-Party Remote Access Security” report. Their analysis details the discrepancy between organizations’ perceived third-party access threat and their deployed se…Read More 51% of Organizations Have Suffered Data Breaches Caused by Third-Party Remote Access
Peloton Interactive, Inc., an exercise equipment and media company based in New York declared that its treadmill products are dangerous after a child died and other people were injured while it was operating. The company is currently recalling all the …Read More Peloton Shares Price Drop 14% After Suffering Data Breach and Recalling All Its Treadmills
Ousaban banking trojan targeting Brazil – How to help your kids use safe passwords – DDoS attack takes Belgian government websites offline
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
With 21 years of experience, CaptureRx is a San Antonio-based healthcare technology company and leading 340B solution provider that serves over 500 hospitals and health centers in 45 states via a robust pharmacy network of more than 3,500 contracted lo…Read More Multiple Healthcare Provider Clients Affected by CaptureRx Ransomware Attack
Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account.Read More The Edge Pro Quote: Password Empowerment
Panel Also Tackles Critical Ransomware IssuesFour editors at Information Security Media Group discuss timely cybersecurity issues, including a call for cryptocurrency regulation and the surge in hospital ransomware attacks.Read More ISMG Editors Discuss Cryptocurrency Regulations and More
Web scraping attacks, like Facebook’s recent data leak, can easily lead to more significant breaches.Read More Defending Against Web Scraping Attacks
NY’s AG: Millions of fake comments – in favor and against – came from a secret broadband-funded campaign or from a 19-year-old’s fake identities.Read More 80% of Net Neutrality Comments to FCC Were Fudged
Insurance giant AXA has said that it is no longer writing cyberinsurance policies in France that cover ransom payments to extortionists.
Read more in my article on the Hot for Security blog.Read More Insurer AXA says it will no longer cover ransomware payments in France
A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity:
Read More Teaching Cybersecurity to Children
The proposed curriculum aims to teach five-year-old children — an age at which Australian kids first attend school — not to share information such as date of birth or full names with strangers, and that they should consult parents or guardians before entering personal information online.
Six-and-seven-year-olds will be taught how to use usernames and passwords, and the pitfalls of clicking on pop-up links to competitions.
By the time kids are in third and fourth grade, they’ll be taught how to identify the personal data that may be stored by online services, and how that can reveal their location or identity. Teachers will also discuss “the use of nicknames and why these are important when playing online games.”…
HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Prologue: After my first success in bypassing APPROTECT readout protection of the NRF52-based Slok smartlock with #PocketGlitcher (i.e. video below), I started looking around […]
The post [Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure) appeared first on Security Affairs.Read More [Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)
The guidance is designed to help local authorities in the UK build secure smart citiesRead More NCSC Sets Out Security Principles for Smart Cities
According to a recent Which? investigation, millions of people around the UK could be at risk of using routers with security flaws, or that are no longer being supported with firmware updates. Image Source: BBC After surveying over 6,000 adults in Dece…Read More Millions of Old Broadband Routers in the UK Have Serious Security Flaws
Identities of more than 200,000 individuals who appear to be involved in Amazon fake product review schemes, were leaked on an open database. It’s a well-known fact that between the e-commerce giant and dubious sellers, worldwide exists an ongoing batt…Read More Data of Over 200,000 People Involved in Amazon Fake Product Review Schemes Was Leaked
As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction.
The unpatched flaws, collectively named ‘Mouse Trap,’ were disclosed on Wednesda…
Disclosure: Dell is a client of the author.One of the things that makes Dell Technologies World, which took place this weerk, unlike other vendor events is the amount of non-vendor content. One year, the company had former President Bill Clinton tal…Read More Rethinking business as usual: How to thrive as a manager In the ‘20s
John Bernard, a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish and head of a new “private office” called Hempton Business Management LLP.Read More Investment Scammer John Davies Reinvents Himself?
This week Twitter has begun experimenting with a new feature called ‘Tip Jar,’ which lets Twitter users tip select profiles to support their work.. But the feature has sparked multiple concerns among Twitter users: from the sender’s PayPal shipping add…Read More Twitter Tip Jar may expose PayPal address, sparks privacy concerns
We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here’s what you had to say.Read More 11 Reasons Why You Sorta Love Passwords
VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware vRealize Business for Cloud. vRealize Business for Cloud is an automated cloud business management solution that allows customers to […]
The post VMware addresses critical RCE in vRealize Business for Cloud appeared first on Security Affairs.Read More VMware addresses critical RCE in vRealize Business for Cloud
DevOps is speeding up software release cycles like never before. But according to GitLab’s latest survey, finger-pointing over who should be in charge of security remains an issue – as do some familiar old developer headaches.Read More DevOps is getting code released faster than ever. But security is lagging behind
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.Read More Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data. […]Read More Data leak marketplaces aim to take over the extortion economy
Following in the footsteps of Apple, Google LLC recently announced its intention to execute a new Google Play policy that will allow users to see what personal information is being collected by app developers and what for. The announcement comes six mo…Read More Google Will Require Android App Developers to Disclose Data Collection Procedures
This specific DNS vulnerability is distributing DDoS attacks, whilst targeting authoritative DNS servers. The targeted servers and their protocols are the ones translating web domains to IP addresses and passing this info to recursive DNS servers. The …Read More A New DNS Bug Called TsuNAME Could Be Used to DDoS Key DNS Servers.
It’s finally time to go paperless. The pandemic has forced organizations to change the way they work. Tedious paper and in-person processes are out. Digitization and e-signatures are a must. Now, the ability to do business remotely is a necessity, said David Gaudio, Senior Content Writer at OneSpan. “The anywhere economy is here to stay,” […]Read More E-signatures essential for the anywhere economy
Multifactor authentication is increasingly being demanded as a price of cyber insurance, a Vancouver insurance broker says
The post Cyber insurers now demanding firms have MFA, says Canadian broker first appeared on IT World Canada.Read More Cyber insurers now demanding firms have MFA, says Canadian broker
Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers.
This podcast reports on a series of hacks at restaurant online ordering platforms, Google forces users to add two-factor login authentication and a fake online product review scam revealed
The post Cyber Security Today, May 7, 2021 – Security of restaurant online ordering platforms questioned, Google gets tough with 2FA and product review scam revealed first appeared on IT World Canada.Read More Cyber Security Today, May 7, 2021 – Security of restaurant online ordering platforms questioned, Google gets tough with 2FA and product review scam revealed
LinkedIn publishes its list of Canada’s top companies, and the tech industry is well-represented, Facebook shuts down advertisements from Signal, and it’s Google Docs versus Word on TwitterRead More Hashtag Trending, May 7, 2021 – Canada’s top tech companies in 2021; Facebook shuts down Signal ads; Google Docs VS Word
A security flaw affecting Qualcomm’s mobile station modems (MSM) was recently disclosed by Check Point’s research team, who claims that the vulnerability could be exploited to inject malicious code into the phone by using the Android OS as an entry poi…Read More Qualcomm’s Mobile Station Modems Vulnerability Puts Android Users’ Privacy at Risk
It looks like an unknown threat actor had used a new and seemingly stealthy rootkit in order to backdoor target Windows systems. The attack looks very similar to the ongoing espionage campaign called TunnelSnake going back to at least 2018. What are Ro…Read More New Moriya Rootkit Being Used in The Wild
Deborah Golden, who leads the U.S Cyber & Strategic Risk practice at Deloitte has a rule that any staff videoconferences held on a Friday must proceed with cameras off. Giving people permission not to apply makeup or put on a dress shirt is one …Read More The loneliness of the long-distance worker
Millions of smart TVs in China may have collected data without the knowledge of viewers about Wi-Fi networks found within range and attached devices.
Read more in my article on the Bitdefender BOX blog.Read More Chinese smart TVs caught hoovering up data about devices on customers’ networks
Which report warns many lack regular firmware updatesRead More Millions of Households at Risk from Outdated Routers
A Ryuk ransomware attack accidentally caused by a student who was only trying to save money by buying unlicensed software led to a European biomolecular research institute losing seven days’ worth of research data. According to cybersecurity specialist…Read More Ryuk Ransomware Infects Bio Research Institute After Student Installs Pirated Software
Sophos traces attack back to a stolen passwordRead More #COVID19 Researchers Lose a Week’s Work to Ryuk Ransomware
The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […]
The post Connecting the Bots – Hancitor fuels Cuba Ransomware Operations appeared first on Security Affairs.Read More Connecting the Bots – Hancitor fuels Cuba Ransomware Operations
The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks. […]Read More Cuba Ransomware partners with Hancitor for spam-fueled attacks
An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018.
Called ‘Moriya,’ the malware is a “pass…
The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite’s mobile device forensic tools. Also featured: Report shows attackers’ dwell times plummeting; a call for partnership with …Read More Can Evidence Collected by Cellebrite’s Tools Be Trusted?
Let’s look at what types of threats each layer of the TCP/IP protocol stack may be susceptible to. The task of a computer security system is to safeguard the information transmitted over the network and to adequately preserve the data stored in it. Excluding in this discussion threats due to natural disasters, we can classify […]
The post Possible attacks on the TCP/IP protocol stack and countermeasures appeared first on Security Affairs.Read More Possible attacks on the TCP/IP protocol stack and countermeasures
The use of proper software applications can help any business move forward, but, if you want to minimize cybersecurity risks and avoid all the negative consequences that a security incident could bring, you should be aware of the software deployment co…Read More What Is Software Deployment: Definition, Specific Activities, Challenges and Advantages
Mass scheme designed to trick e-commerce customersRead More Misconfigured Database Exposes 200K Fake Amazon Reviewers