An early one today as I made space in the schedule to get out on the water 😎 I’m really liking the new Apple AirTags, I’m disliking some of the international media coverage about Australia’s COVID situation, another gov onto HIBP and a blogRead More Weekly Update 260
A Canadian man, who helped North Korean threat actors to launder stolen funds, plead guilty to laundering tens of millions of dollars stolen in bank fraud schemes. A Canadian man who conspired to launder tens of millions of dollars stolen bank fraud schemes has been sentenced to 140 months in prison. The man is Ghaleb […]
The post International money launderer sentenced to more than 11 years appeared first on Security Affairs.Read More International money launderer sentenced to more than 11 years
Summer vacations are coming to a close and, for many, the children are finally going back to school providing some quiet time. I hope everyone is well rested because the fall is already shaping up to be a busy time. Microsoft has released Server 2022 a…Read More September 2021 Patch Tuesday forecast: It’s new operating system season
Here’s a look at the most interesting product releases from the past week, featuring releases from Attivo Networks, Code42, Commvault, ForgeRock and IPKeys Power Partners. Code42 Incydr Flows accelerates incident response for insider risk events Fully …Read More New infosec products of the week: September 10, 2021
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been weaponized by a malicious actor “to access other customers’ information” in what the researchers described as the “first cros…Read More Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances
The pandemic has had a significant impact on the way we work, and one of our recent research studies found that nearly 65% of companies expect some or all their workforce to remain remote indefinitely. Unfortunately, last year’s sudden transition has c…Read More A zero-trust future: Why cybersecurity should be prioritized for the hybrid working world
Privacy settings on social networks can be confusing to configure and change often. Ultimately, if you do not want your parents or boss reading one of your posts, do not post the message or photo.Read More Social Media Privacy Settings
Threat Actors Offered Credentials for UN’s ERP Software; NATO Hit as WellThe United Nations says on Thursday that its networks were accessed by intruders earlier this year, which lead to follow-on intrusions. Cybercrime analysts say they warned the age…Read More United Nations Says Intruders Breached Its Systems
The growing number of ransomware attacks has burdened many oganizations, but it has also greatly impacted the cyber insurance industry, which found itself having to cover large ransomware demands. This called for a chenge in policies but also the need …Read More The impact of ransomware on cyber insurance driving the need for broader cybersecurity knowlege
Enterprises across the globe are showing renewed interest in the Internet of Things (IoT) and the Industrial Internet of Things (IIoT), and they are looking to service providers to help manage and secure their installations, according to a report publi…Read More IoT interest is growing, but so are cybersecurity concerns
33% of emails employees report as phishing attempts are either malicious or highly suspect, according to new research. The finding comes from an analysis of emails reported by employees from organizations across the globe during the first half of 2021,…Read More Phishing attempts: Employees can be the first line of defense
The global security information and event management (SIEM) market size is projected to reach $6436.2 million by 2027, from $3938.3 million in 2020, at a CAGR of 6.8% during the forecast period 2021-2027, Valuates Reports reveals. Major factors driving…Read More SIEM market size to reach $6436.2 million by 2027
LogDNA unveiled LogDNA Streaming. LogDNA’s Data Ingestion Pipeline can ingest, parse, and normalize massive, fluctuating amounts of structured and unstructured log data. LogDNA Streaming now automatically sends that data to any application or analysis …Read More LogDNA Streaming ingests and normalizes large amounts of log data
EMS now offers a fully managed WhatsApp Bridging service (powered by Tulir’s open source mautrix-whatsapp bridge). Element gives a company a powerful end-to-end encrypted collaboration and messaging platform, and one that interoperates with WhatsApp to…Read More EMS announces fully managed bridge with WhatsApp, keeps an audit trail of conversation
Acronis released the newly-rebranded Acronis Cyber Protect Home Office (formerly Acronis True Image). This new name for the company’s flagship personal solution reflects its evolution from data and system backup software to a solution that delive…Read More Acronis rebrands its cyber protection solution as Acronis Cyber Protect Home Office
castLabs announced that it has successfully completed validation testing and supports version 2.0 of the Secure Packager and Encoder Key Exchange (SPEKE) API in its leading digital rights management (DRM) licensing solution – DRMtoday. Amazon Web Servi…Read More castLabs completes validation testing and supports version 2.0 of the SPEKE API in DRMtoday
HCL Technologies has expanded its strategic collaboration with Dell Technologies to provide clients with an advanced cyber recovery solution that protects against ransomware and other sophisticated cyber attacks. HCL Cyber Resiliency with Dell Technolo…Read More HCL Technologies partners with Dell Technologies to protect customers against sophisticated cyberattacks
They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit.Read More Thousands of Fortinet VPN Account Credentials Leaked
Red Hat shared that leading banks such as Alliance Bank (Malaysia) and the Asian Development Bank (Philippines) have adopted Red Hat Ansible Automation Platform as its enterprise-grade, agentless automation platform in their journey to the cloud. Both …Read More Asian Development Bank and Alliance Bank choose Red Hat platform to better align automation strategies
euNetworks announced that it has completed a strategic investment of critical fibre-based internet infrastructure linking London and Amsterdam, including the delivery of a new subsea high fibre count cable system named Scylla that is now in service. Th…Read More euNetworks invests in critical fibre-based internet infrastructure linking London and Amsterdam
A new phishing scam is targeting celebrity Instagram accounts.Read More Instagram Phishing Scam Targets Celebrities
DOJ: High-Level Operative Moved Funds for North Korean HackersA dual U.S.-Canadian national has been sentenced to more than 11 years in federal prison for conspiring to launder tens of millions of dollars in wire and bank fraud schemes, according to th…Read More Cybercrime Money Launderer Handed 11-Year Sentence
The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as Mēris. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the […]
The post A new botnet named Mēris is behind massive DDoS attack that hit Yandex appeared first on Security Affairs.Read More A new botnet named Mēris is behind massive DDoS attack that hit Yandex
Babuk Ransomware Spinoff Seeks Recruits for More Opportunistically Driven CybercrimeApparent Babuk ransomware operation spinoff Groove, self-described as being an “aggressive financially motivated criminal organization,” has launched as part of the new…Read More Groove Promises Maximum Profits for Ransomware Affiliates
Chris Inglis: ‘Too Soon To Tell’ If Gangs Have Changed Their BehaviorDespite a recent slowdown in incidents and some cybercriminals claiming they have stopped or abandoned ransomware attacks, National Cyber Director Chris Inglis says it’s “too soon to …Read More National Cyber Director Sees Ransomware As Continuing Threat
Fraudsters Deploy MFA to Give Victims False Sense of SecurityResearchers have discovered email fraud campaigns in which unidentified threat actors are swindling victims out of bitcoin by tempting them with a substantial amount of tax-free cryptocurrenc…Read More Bitcoin Scam Run by Fake Exchange, Report Says
Usernames, passwords for database sent in prize redemption emails.Read More McDonald’s Email Blast Includes Password to Monopoly Game Database
The university suffered a ransomware attack, however there is no evidence so far of data being accessed or stolen.
The post Howard University suffers cyberattack, suspends online classes in aftermath appeared first on WeLiveSecurity
Dual US-Canadian national sentenced for laundering millions of dollars for cyber-criminalsRead More Prison for BEC Scheme Money Launderer
Threat actor takes over entrepreneurial couple’s Instagram account, demands $40K for its returnRead More Cyber-criminal Targets Dadsnet Founders
Apple’s next event, titled “California Streaming,” will occur on Tuesday, September 14 at 10 a.m. PT. It’s expected that Apple will announce the iPhone 13, Apple Watch Series 7 and new set of AirPods. Potential new iPhone features include the abilit…Read More Podcast: iPhone 13 announcement: What to expect at Apple’s September 14 event
Some of these phrasings are standard day-to-day subject lines, but as one expert explained, “the attacker wants you to be moving too fast to stop and question if it’s legitimate.”Read More The top keywords used in phishing email subject lines
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.Read More Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’
Finding the right fit for your security team remains a daunting and somewhat challenging task in today’s world. There’s a well-documented shortage of talent across the cybersecurity industry dating back several years. The COVID-19 pandemic and the chal…Read More Hacking the Hire: Three Ways to Recruit and Retain Cyber Talent
Small scale hacks can be harder to detect, but they still present a danger.
The post What the Hack Episode Nine: Ed’s Crash Facebook Diet appeared first on Adam Levin.Read More What the Hack Episode Nine: Ed’s Crash Facebook Diet
Data swiped from UN earlier this year by unknown hackers using stolen credentialsRead More Hackers Steal Data from United Nations
Due to the ease, flexibility and low cost of securely storing and sharing data between commercial cloud providers, by 2025 cloud deployments are expected to be a $68 billion market.
Cyberattacks and ransomware demands are on the rise. Microsoft security solutions and managed security service providers help organizations enable a proactive cybersecurity approach.
The post Combat attacks with security solutions from Trustwave and Microsoft appeared first on Microsoft Security Blog.Read More Combat attacks with security solutions from Trustwave and Microsoft
Posted by Suzanne Frey, VP, Product, Android & Play Security and PrivacyWe introduced Android’s Private Compute Core in Android 12 Beta. Today, we’re excited to announce a new suite of services that provide a privacy-preserving bridge between Private C…Read More Introducing Android’s Private Compute Services
Latest episode – listen now!Read More S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast]
A chain of exploits could allow a malicious Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering.Read More ‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise
California couple convicted of multi-million-dollar Covid-19 relief fraud cut ankle bracelets and turn fugitiveRead More ID Theft Couple on the Run
In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.Read More SPDX becomes internationally recognized standard
LinkedIn Chief Information Security Officer Geoff Belknap talks with Microsoft’s Bret Arsenault about recruiting cybersecurity talent and solving the skills gap.
The post Why diversity is important for a strong cybersecurity team appeared first on Microsoft Security Blog.Read More Why diversity is important for a strong cybersecurity team
Focus on closing the vulnerabilities attackers will target in your organization, cyber conference told
The post Ransomware is ‘a solvable problem’, expert maintains first appeared on IT World Canada.Read More Ransomware is ‘a solvable problem’, expert maintains
Chances are good you’re not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.Read More Stop using your web browser security wrong
Cyberattacks have surged during the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious office docs have been on the rise for months, per a new report.Read More Malicious office documents: The latest trend in cybercriminal exploitation
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.
A Canadian and U.S. dual-national was sentenced to 11 years in prison for laundering illicit funds from cybercrime schemes such as business email compromise, ATM cash-outs, and bank cyber-heists.
In the course of two months (July and August), security experts at GitHub Robert Chen and Philip Papurt have discovered arbitrary code execution vulnerabilities in the open-source Node.js packages, tar, and @npmcli/arborist. According to BleepingComput…Read More GitHub Identifies Arbitrary Code Execution Bugs in the Open-source Node.js Packages
Microsoft has patched an Azure Container Instances (ACI) vulnerability that could have allowed users to access the information of other Azure customers.
CyberNews researchers identified more than 2 million web servers worldwide still running on outdated and vulnerable versions of Microsoft Internet Information Services software. These legacy versions are no longer supported by Microsoft, which makes millions of web servers easy targets for threat actors and cybercriminals. Original post @ https://cybernews.com/security/millions-of-microsoft-web-servers-powered-by-vulnerable-legacy-software/ Boasting a market share of 12.4%, Microsoft […]
The post Millions of Microsoft web servers powered by vulnerable legacy software appeared first on Security Affairs.Read More Millions of Microsoft web servers powered by vulnerable legacy software
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers.Read More SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’
In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations.
Read more in my article on the Tripwire State of Security blog.Read More Microsoft warns of a Windows zero-day security hole that is being actively exploited
The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group, aimed at organizations worldwide. Evidence collected by the experts suggests that the campaign began on July 25, 2021, threat actors […]
The post TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide appeared first on Security Affairs.Read More TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide
In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations. The security hole, dubbed CVE-2021-40444, is a previously unknown remote code exe…Read More Microsoft warns of a Windows zero-day security hole that is being actively exploited
We’ve hit that time of year when enterprise IT prepares to support teams as they upgrade all their Apple operating systems across smartphones, tablets, and Macs.The need for a stress-free upgrade process is accompanied by refreshed demand for hardwa…Read More A business user’s guide to Apple’s upgrade season
The vulnerability in question is allowing the malicious actors to take control of the system. ADSelfService Plus is designed for larger companies that require a single sign-on solution for Active Directory and cloud apps as well as integrated self-serv…Read More Zoho’s Critical ADSelfService Plus Bug Was Patched
The largest DDoS attack in the history of the Russian Internet was carried out on Yandex’ servers last weekend. The record scale of the cyberattack was confirmed by American company Cloudflare. Without providing additional details, a Yandex spokesman c…Read More Russian Internet Giant Yandex Targeted by Massive DDoS Attack
Linux is increasingly targeted by ransomware. Researchers have now detected indications that the PYSA ransomware, often also known as Mespinoza, is also being readied for Linux targets.
An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom.Read More Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix
Howard University in Washington recently revealed it was the victim of a ransomware attack and is currently working to restore affected systems. According to university representatives, although work is being done to remediate the situation as quickly …Read More Howard University Hit with Ransomware
Pro-Kurd Facebook profiles deliver ‘888 RAT’ and ‘SpyNote’ trojans, masked as legitimate apps, to perform mobile espionage.Read More BladeHawk Attackers Target Kurds with Android Apps
Two-step verification can better secure and safeguard your account. Here’s how to set it up.Read More How to set up two-step verification for your Google account
On Wednesday, Acting United States Attorney Karin Hoppmann announced the extradition of a 28-year old Ukrainian cybercriminal named Glib Oleksandr Ivanov-Tolpintsev. The U.S. has charged him for using a malware botnet to conduct brute-force attacks mea…Read More Ukrainian Hacker Extradited After Allegedly Sold Thousands of Passwords on the Dark Web
We knew the basics of this story, but it’s good to have more detail.
Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.
I’m excited to be participating in two webinars next Thursday (16 September 2021), and you’re welcome to attend them for free.
Spaces are limited, and both events should be a lot of fun, so register now if you’re interested in attending.Read More Hear me speak about endpoint security and ransomware at two free webinars next week
IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a “thankless task” and that they’re the “bad guys” for implementing these rules.Read More WFH is a cybersecurity “ticking time bomb,” according to a new report
The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library. What is OpenSSL? OpenSSL contain an open-source implementation of the SSL and TLS protocols, which provide the ability to secu…Read More OpenSSL 3.0: A new FIPS module, new algorithms, support for Linux Kernel TLS, and more
The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country […]
The post Yandex is under the largest DDoS attack in the history of Runet appeared first on Security Affairs.Read More Yandex is under the largest DDoS attack in the history of Runet
The threat actor says that the exploited Fortinet vulnerability has been patched but, many VPN credentials remain valid. This could be considered a serious incident as the leaked VPN credentials could allow malicious actors to access a network and perf…Read More List Containing Almost 500,000 Fortinet VPN Login Names and Passwords Was Leaked
HP report warns of remote user pushback against policiesRead More Security Now a “Thankless Task” For 80% of IT Teams
Microsoft’s cloud storage, OneDrive, can back up your files online. It’s built into Windows 10. With it you can sync files on your Windows 10 PC to the cloud and to your other Windows PCs, your smartphone or tablet (with the OneDrive app for Android, i…Read More Microsoft OneDrive cheat sheet
The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.
Two of the dark web portals, i…
ProtonMail finds itself in a privacy pickle, the big problem with Facebook’s algorithmic amplification, and strange things are happening on Banksy’s website.
All this and much more is discussed in the latest edition of the award-winning “Smashing Se…Read More Smashing Security podcast #242: ProtonMail privacy questioned, and Banksy blunder
As the COVID-19 vaccination drive kicks off in India, phishing scammers are looking to cash in on people’s…
The post Scam Alert: Covid-19 Vaccine Phishing and Money Scam Hits India appeared first on Quick Heal Blog | Latest computer security ne…
CrowdStrike warns rapid lateral movement is becoming the normRead More Attacker Breakout Time Now Less Than 30 Minutes
Amazon opens a state-of-the-art warehouse in Mexico, Twitter tests out an Instagram-like feature, and PayPal implements a fee for inactive accounts. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Thursday, September 9, and I’m your host, Jori Negin-Shecter. Amazon is set to open a $21 million highscale warehouse in […]
The post Hashtag Trending September 9- Amazon warehouse; New Twitter feature; PayPal inactive account fee first appeared on IT World Canada.Read More Hashtag Trending September 9- Amazon warehouse; New Twitter feature; PayPal inactive account fee
Encrypted email service under fire after complying with Swiss lawRead More Berners-Lee Joins ProtonMail Following Privacy Debacle
There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need mor…Read More Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge
111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence. We’ve all since watched enough crime shows to understand that fingerprints are unique personal biometric attributes and to date, no two people have everRead More You Don’t Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices.
“These credentials were obtained from systems that remained unpat…