The cryptocurrency Litecoin soared in value earlier this week upon the news that supermarket giant Walmart would accept it as a form of payment at its retail stores across America.
The only problem was… it simply wasn’t true.
Read more in my ar…
Read More Fake Walmart press release causes cryptocurrency price surge
The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration’s efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect z…
Read More Is White House Crackdown on Ransomware Having Any Effect?
Calls for Global Cryptocurrency Regulation Escalate as US Explores OptionsAmid growing calls for cryptocurrency regulations, the U.S. acting comptroller of the currency has made a definitive statement on safeguarding investors and how cryptocurrency sh…
Read More OCC’s Hsu Addresses Need for Cryptocurrency Oversight
Here’s a look at the most interesting product releases from the past week, featuring releases from Alation, IDrive, Hornetsecurity, Palo Alto Networks, Qualys, ThreatConnect and Titania. Qualys Patch Management keeps endpoints up to date to reduce risk…
Read More New infosec products of the week: September 17, 2021
The ever-evolving shift to digital means that most of our day-to-day activities are carried out online. We’re now accustomed to simply toggling through a few apps to book a ride, order dinner and scroll through content from friends and public figures a…
Read More The digital identity imperative
Sonatype released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream …
Read More Open source cyberattacks increasing by 650%, popular projects more vulnerable
A report on the skills and salaries of professionals in the technology sector reveals the true value of certification. It also identifies the number one reason for leaving a job is a lack of career growth and professional development. Questionmark, the…
Read More Highest paying IT certifications in 2021
COVID-19 quickly ushered in the era of remote work, introducing new risks that IT professionals are struggling to manage with existing security tools, according to a Thales study. Six in 10 respondents said traditional security tools such as VPNs are s…
Read More Modern security strategies key to support remote workforce demands
O’Reilly announced the results of a survey, which revealed that 64% of respondents took part in training or obtained new certifications in the past year to build upon their professional skills. The survey also found that 61% of respondents participated…
Read More Data and AI professionals prioritize learning new skills amid labor shortage
5G trends are continuing to accelerate, with 5G SA Core evaluation, testing and launch activities growing significantly across all geographic regions, according to Spirent. In particular, there is considerable demand for managed solutions and XaaS (Any…
Read More 5G trends accelerating, all major regions pursuing 5G Core testing and deployments
Safe Systems released CloudInsight M365 Security Basics, which provides financial institutions visibility into their security settings for Azure Active Directory and O365/M365 tenants. Digital security will continue to be a growing concern for modern f…
Read More Safe Systems CloudInsight M365 Security Basics provides visibility into Microsoft security settings
Sentry announced new capabilities that reduce management overhead and accelerate issue response times for enterprise development teams. With percent-based alerts, Code Owners for GitHub and GitLab, team and personal notifications in Slack, and SCIM sup…
Read More Sentry’s capabilities enable enterprise teams to reduce risk and management overhead
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
Read More Trial Ends in Guilty Verdict for DDoS-for-Hire Boss
Man, who shared millions of child sexual abuse images on the dark web, sent to prison for 27 years
Read More US Imprisons World’s Largest Facilitator of CSAM
Push Technology announced new personalized client data delivery capability in the company’s Diffusion Intelligent Event-Data Platform, that delivers data among applications, systems and devices. Introducing personalization with Session Trees The new re…
Read More Push Technology Diffusion 6.7 secures personalized data delivery to individual clients
Cooperation around cyber capabilities, critical technology, AI and more under new AUKUS agreement
Read More Australia, UK, and US Announce Security Partnership
Versa Networks launched 5G-native products for the wide area network (WAN) edge delivering complete SASE integration and SASE services to the network edge. Natively supporting private 5G functions, Versa enables ease of deployment and equips organizsat…
Read More Versa Networks offers 5G WAN Edge products to deliver SASE services to the network edge
US Federal Trade Commission says health apps that don’t disclose data breaches to consumers will be fined
Read More FTC: Health Apps Must Notify Consumers of Data Breaches
DDN and Tintri announced the IntelliFlash N6000 series. This next-generation NVMe-based system optimizes the user experience across all workloads, eliminating IO contention and enhancing IT efficiencies with autonomous AI-driven operations. DDN and Tin…
Read More DDN and Tintri announces IntelliFlash N6000 series to enhance latency and throughput for file services
Beazley has named Raf Sanchez as its new Global Head of Cyber Services. Sanchez, currently International Manager of Beazley Breach Response Services, assumes his new Global Head of Cyber Services role on the 1st October, and joins the Global Cyber &…
Read More Beazley names Raf Sanchez as Global Head of Cyber Services
Analysts Say the Gang Is Escalating Rhetoric to Scare VictimsRegarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim’s data and decryption key if the victim engages a ransom negotiator, analysts are ca…
Read More Is Grief’s Threat to Wipe Decryption Key Believable?
The Mutually Agreed Norms for Routing Security (MANRS) initiative, supported by the Internet Society, announced an Equipment Vendor Program to help reduce the most common threats to the Internet’s routing system. Founding participants in this new MANRS…
Read More Internet Society introduces MANRS initiative to improve the resilience and security of the routing infrastructure
Wells Fargo announced new digital infrastructure strategy, combining a multi-cloud approach with third-party data centers to drive technological speed, agility, and scalability for its customers and employees. Central to the digital infrastructure stra…
Read More Wells Fargo launches digital infrastructure strategy for its customers and employees
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn of state-sponsored attacks that are actively exploiting CVE-2021-40539 Zoho flaw. The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn that nation-state APT groups are actively exploiting a critical vulnerability, tracked as CVE-2021-40539, in the Zoho ManageEngine ADSelfService Plus software. ManageEngine ADSelfService Plus […]
The post FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug appeared first on Security Affairs.
Read More FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
Read More CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug
Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date.
Read More Endpoint Security Platform Kolide Banks $17 Million Investment
Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.
Read More Google Helps OSTIF Boost Security of Open Source Projects
Breach Notification Report Reveals Some PII Could Have Been ExposedThe Republican Governors Association was one of several U.S. organizations targeted in March when a nation-state group took advantage of vulnerabilities in Microsoft Exchange email serv…
Read More Republican Governors Association Targeted in Exchange Attacks
Samsung Pay users can now add their TD access and debit cards.
The post Samsung Pay now supports TD cards first appeared on IT World Canada.
Read More Samsung Pay now supports TD cards
The concept of a fourth industrial revolution was first introduced a decade ago as “Industry 4.0” by scientists developing a high-tech strategy for the German government. This concept has since gone global, and most would agree we are entering a new era featuring many exciting advances in areas like AI, nanotech and robotics. But making […]
The post It’s time to harness AI for business impacts first appeared on IT World Canada.
Read More It’s time to harness AI for business impacts
Apple announced its latest additions to its iPhone lineup, as well as a new iPad mini, at its “California Streaming” event on Tuesday. Both devices will be powered by Apple’s new A15 Bionic processor. Macworld executive editor Michael Simon and Comp…
Read More Podcast: Apple introduces the A15-powered iPhone 13, plus iOS 14.8 patches Pegasus spyware flaw
Kaspersky this week published its first transparency report to share information on the government and law enforcement agency requests received in 2020 and in the first half of 2021.
Read More Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021
A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom.
Read More Airline Credential-Theft Takes Off in Widening Campaign
Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations. The IT giant says that threat actors started targeting […]
The post Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug appeared first on Security Affairs.
Read More Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug
In a world that has hit the digital fast track, the industrial sector is looking to connected and autonomous machines to help them perform better, produce more, and reduce costs. Earlier assumptions about job loss and disruption seem to have flown out the window as decision-makers in this sector see the many and varied benefits […]
The post A new world of connected and autonomous heavy equipment first appeared on IT World Canada.
Read More A new world of connected and autonomous heavy equipment
Canonical announced that its managed services had MSPCV Certification. Jack Wallen believes this milestone should help big businesses realize it is time to trust open source software.
Read More It’s time enterprise businesses place their complete trust in open source
The Implementing ISO Format 4 PIN Blocks Information Supplement provides guidance to help PIN acquiring entities with the planning, migration, and testing of the implementation of ISO Format 4 PIN blocks in conformance with the requiremen…
Read More Information Supplement: Implementing ISO Format 4 PIN Blocks
Got Linux? Here’s a bug you weren’t expecting, in software you might not even know you have.
Read More OMIGOD, an exploitable hole in Microsoft open source code!
The free decryption tool will help victims restore their encrypted files from attacks made before July 13, 2021, says Bitdefender.
Read More Bitdefender offers free decryptor for REvil ransomware victims
Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by …
Read More To Detect or Not to Detect, Is that the Question?
Apple is the perfect illustration of what happens to a company when it achieves mass-market presence – it’s a problem of scale.Develop, manufacture, supply
Read More Apple’s challenge now: innovation at scale
More particularly, it’s a problem of delivery. Take the iPhone, for instance.During the first…
Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation that allows past victims to recover their files for free. Good news for the victims of REvil ransomware gangs that were infected before the operations were temporarily halted on July 13th, Bitdefender released a free master decryptor that allows them to recover […]
The post Bitdefender released free REvil ransomware decryptor that works for past victims appeared first on Security Affairs.
Read More Bitdefender released free REvil ransomware decryptor that works for past victims
The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskI…
Read More CVE-2021-40444 exploitation: Researchers find connections to previous attacks
Google recently released various new updated features targeting its collaboration and productivity platform, Workspace. The features will help eliminate existing barriers between colleagues in different locations. Further, the giant technology…
The post Google Releases more Updated Features for Workspace to Facilitate Hybrid Work appeared first on Hacker Combat.
Read More Google Releases more Updated Features for Workspace to Facilitate Hybrid Work
The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a…
Read More Partnerships –The Key to Navigating the Industrial Security Landscape
Microsoft addressed a number of critical vulnerabilities that were collectively known as OMIGOD. The vulnerabilities were identified in the Open Management Infrastructure (OMI) software agent, which was quietly installed on more than half of Azure Linu…
Read More Microsoft Fixes Critical Vulnerabilities in Linux App
A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple’s mobile processors and used the findings to devise a cache timing attack.
Read More Researchers Create Toolkit for Hardware Security Tests on Apple’s Mobile Processors
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks.
Read More Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
The issue — tracke…
One of the absolute worst parts about browsing this dusty ol’ web of ours is when you innocently open up some site — maybe, say, a tech news publication — and a video you didn’t ask for suddenly starts blaring annoying audio into your unexpecting ea…
Read More A handy hidden shortcut for taking control in Chrome on Android
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices.
Read More Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
The flaw — dubbed “Seventh …
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.
Read More Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.
Read More Financial Cybercrime: Following Cryptocurrency via Public Ledgers
As adversaries changed their view of an attack to include vectors across an organization, defenders have had to evolve their approach as well. This is best captured by Mark Harris from Gartner who observed that adversaries have shifted their focus of a…
Read More How Threat Response is Evolving
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil’s servers went belly-up on July 13.
Read More REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out
Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
Read More DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast
MikroTik, the Latvian-based manufacturer of network equipment has shared in yesterday’s blog post some mitigation measures to fight against Mēris botnet. These Mēris Botnet mitigation measures can be used by clients to secure their compromised routers….
Read More Mēris Botnet Mitigation Measures Shared by MikroTik
Windows Users Can Now Use Other Methods to Access Microsoft ProductsMicrosoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into …
Read More Microsoft Fully Ditches the Password
White House Has Been Identifying Top Suspects and Sharing Intelligence With MoscowSenior U.S. officials say that there have been no signs that Moscow has begun to crack down on ransomware-wielding criminals operating from inside Russia’s borders. Presi…
Read More Russia Has Taken No Action to Combat Ransomware, FBI Says
Attacks such as SolarWinds and Colonial Pipeline show that adversaries are not only stealthy, persistent and patient … but they also are taking advantage of our complexity – the sheer number of disparate tools, vendors and over-burdened staff that ente…
Read More Live Study Results Webinar: 2021 Cybersecurity Complexity Research Survey
CISA And FTC Could Benefit From $3.5 Trillion Budget Reconciliation BillA pair of House committees this week said they want to spend additional millions on cybersecurity by injecting funds into CISA and the FTC, as part of the debate over the Biden adm…
Read More House Committees Seek to Spend Millions on Cybersecurity
It’s the largest attack surface in history, and adversaries are taking advantage by launching attacks at an unprecedented volume and velocity. Shashi Prakash of Bolster discusses how to monitor and manage this new and shifting range.
Read More Navigating the New Internet Attack Surface
Group Specializing in Big Game Hunting Has Amassed Millions in Ransom PaymentsSecurity experts say the notorious REvil – aka Sodinokibi – ransomware-as-a-service operation, which went dark in July, appears to be back in business. The group’s data leak …
Read More Bad News: Innovative REvil Ransomware Operation Is Back
State Prosecutors Charged Company With Defrauding Thousands of InvestorsNew York officials won a court order shuttering cryptocurrency trading platform Coinseed, after it allegedly defrauded thousands of investors out of millions of dollars, according …
Read More New York Court Shuts Down Crypto Platform ‘Coinseed’
Drupal developers on Wednesday informed users that updates released for Drupal 8.9, 9.1 and 9.2 patch five vulnerabilities that can be exploited for cross-site request forgery (CSRF) and access bypass.
Read More Several Access Bypass, CSRF Vulnerabilities Patched in Drupal
A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.
Read More HP Omen Hub Exposes Millions of Gamers to Cyberattack
Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. As a software test, access control policy verification relies on methods such as model proof, data structure, system
Read More Machine Learning for Access Control Policy Verification: NISTIR 8360 Published
Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday.
Read More Mass Personal Data Theft From Paris Covid Tests: Hospitals
Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.
Read More Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk
Application security startup Neosec this week emerged from stealth mode after closing a $20.7 million Series A funding round.
Read More Neosec Emerges From Stealth With $20.7 Million in Funding
Microsoft and threat intelligence company RiskIQ reported finding links between the exploitation of a recently patched Windows zero-day vulnerability and known ransomware operators.
Read More Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations
The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives in an attempt to resolve criminal charges relating to their offering of hacking services to a foreign government. A deferred prosecution ag…
Read More Former U.S. Intelligence Operatives Will Have to Pay $1.6M
On the 6th of September, South Africa’s Department of Justice was hit by a ransomware attack that targeted its network and managed to encrypt its entire systems, thus electronic services were not available anymore, neither internally, nor to the public…
Read More South Africa Ransomware Attacks Go On with One More Hit: the Whole Network of the Department of Justice Affected
This week brought updates that I consider critical for the “Big Three” — my operating system (Windows), my browser (Google Chrome) and my phone (from Apple). All three releases patch major zero-day vulnerabilities on all three platforms.While I stro…
Read More It’s been a big week for patches
It will be one thing, say, later this year or in 2022, to buy a new PC with Windows 11. We can be reasonably certain that Windows 11 will run on your new Dell, HP, or Lenovo PC. Maybe some of your drivers and programs won’t run, but Windows 11 itsel…
Read More Windows 11: Just say no
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. The Passwordless account option “Beginning today, you can now completely remov…
Read More Microsoft announces passwordless authentication option for consumers
We Buy Any Car, Sports Direct and Saga all singled out by the regulator
Read More Household Names Hit with £500K Fine for Spamming Consumers
With files from Tom Li Remote work is prolonging our work days, Saskatchewan calls on the federal government to connect rural areas, and TikTok releases new mental health features. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Thursday, September 16, and I’m your host, Jori Negin-Shecter. Microsoft remote work […]
The post Hashtag Trending September 16 – Longer remote work days; rural broadband needs attention; TikTok’s mental health announcement first appeared on IT World Canada.
Read More Hashtag Trending September 16 – Longer remote work days; rural broadband needs attention; TikTok’s mental health announcement
What is Cryptocurrency? Cryptocurrency is a type of digital currency that generally only exists electronically. There is no…
Read More Blockchain & Fraud Prevention: Strategies to overcome the cryptocurrency scam
The post Blockchain & Fraud Prevention: Strategies to overcome the cryptocurrency scam appeared first on Quick Heal Blo…
At the start of February 2021, Bazarloader malware was in the news about its mechanism of delivering the…
Read More What you need to know about the BazarLoader Malware?
The post What you need to know about the BazarLoader Malware? appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.
Read More You Can Now Sign-in to Your Microsoft Accounts Without a Password
The change is exp…