Sat.Dec 25, 2021 - Fri.Dec 31, 2021

article thumbnail

Apple AirTags Are Being Used to Track People and Cars

Schneier on Security

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apple’s mobile operating system. Those devices then report where an AirTag has last been seen.

Mobile 324
article thumbnail

Weekly Update 276

Troy Hunt

2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme. But hey, there was some positive stuff too, not least the bits about some of the wonderful organisations I've worked with this year, bought products from or otherwise just been a big part of my digital life in 2021.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The 10 worst tech stories of 2021

Tech Republic Security

Have fond memories of 2021? They probably don't include these 10 stories or the products and services surrounding them.

216
216
article thumbnail

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex capacity features and allow to implant a malicious code in a hidden area of SSDs called over-provisioning.

Malware 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

University loses 77TB of research data due to backup error

Bleeping Computer

The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer. [.].

Backups 145
article thumbnail

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

The Hacker News

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems.

More Trending

article thumbnail

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by the popular info-stealer.

article thumbnail

LastPass users warned their master passwords are compromised

Bleeping Computer

Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. [.].

Passwords 145
article thumbnail

New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks

The Hacker News

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems.

Firmware 145
article thumbnail

Get a lifetime of protection for your files and sensitive data for only $90

Tech Republic Security

Enjoy the peace of mind that comes from having a lifetime backup plan and VPN subscription — at a price you can afford.

VPN 198
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

T-Mobile suffered a new data breach

Security Affairs

T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts.

article thumbnail

22 cybersecurity statistics to know for 2022

We Live Security

As we usher in the New Year, let’s take a look at some statistics that will help you stay up-to-date on recent cybersecurity trends. The post 22 cybersecurity statistics to know for 2022 appeared first on WeLiveSecurity.

article thumbnail

Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics

The Hacker News

An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed.

Malware 145
article thumbnail

The dangers of dark data: How to manage it and mitigate the risks

Tech Republic Security

Dark data is a major challenge in enterprises, and it's not going away soon. Fortunately, there are ways to reduce dark data and the risks that come with it.

Risk 190
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Experts monitor ongoing attacks using exploits for Log4j library flaws

Security Affairs

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures. The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, trigger a Denial of Service condition, or disclose confidential informa

Hacking 145
article thumbnail

Log4j 2.17.1 out now, fixes new remote code execution bug

Bleeping Computer

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved. [.].

145
145
article thumbnail

4 ways employee home networks and smart devices change your threat model

CSO Magazine

Many employees at businesses worldwide have been forced to work from home because of COVID-19 related social distancing mandates. The security of employee home networks, and of the devices connected to them, are becoming increasingly important considerations for organizations that need to continue to support a large remote workforce for the foreseeable future.

article thumbnail

Tips for providing digital security benefits to employees

Tech Republic Security

Many employers are now offering digital security benefits to help protect their employees. Learn about such arrangements and see how you can get started implementing them.

186
186
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Apple fixed macOS flaw that could allow to bypass Gatekeeper security feature

Security Affairs

Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature. Apple recently addressed a vulnerability in the macOS operating system, tracked as CVE-2021-30853, that could be potentially exploited by an attacker to bypass the Gatekeeper security feature and run arbitrary code.

Malware 145
article thumbnail

T-Mobile says new data breach caused by SIM swap attacks

Bleeping Computer

T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" that they fell victim to SIM swap attacks. [.].

article thumbnail

Cybersecurity Predictions for 2022: Stay Ahead of Threats

Security Boulevard

What do you think will happen next in the domain of cybersecurity? Which new developments or challenges will become the talk of the town in the year ahead? Who will make the most progress in the constant war waged between cybercriminals and organizations worldwide? When it comes to cybersecurity, it always pays to stay prepared. […]. The post Cybersecurity Predictions for 2022: Stay Ahead of Threats appeared first on Kratikal Blogs.

article thumbnail

How to install the Pritunl VPN server on AlmaLinux

Tech Republic Security

If you're looking for a VPN server to host in-house, look no further than the AlmaLinux/Pritunl combination. See how easy it is to get this service up and running.

VPN 186
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. .

Malware 145
article thumbnail

RedLine malware shows why passwords shouldn't be saved in browsers

Bleeping Computer

The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. [.].

Passwords 145
article thumbnail

Top DevOps Trends That Will Dominate in 2022

Security Boulevard

The post Top DevOps Trends That Will Dominate in 2022 appeared first on PeoplActive. The post Top DevOps Trends That Will Dominate in 2022 appeared first on Security Boulevard.

144
144
article thumbnail

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

The Hacker News

The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.

Software 144
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New Android banking Malware targets Brazil’s Itaú Unibanco Bank

Security Affairs

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim’s knowledge.

Banking 145
article thumbnail

Netgear leaves vulnerabilities unpatched in Nighthawk router

Bleeping Computer

Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched. [.].

Firmware 144
article thumbnail

Instagram copyright infringment scams – don’t get sucked in!

Naked Security

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams.

Scams 142
article thumbnail

Best of 2021 – What We Can Learn From the 2021 Microsoft Data Breach

Security Boulevard

In this blog, we’ll review the details of the most recent breach against the Microsoft Exchange Server. However, this blog’s point is that these forms of cyber attacks will continue and could likely accelerate. Trying to react after the fact is not the way to do business. If your toolsets or MSSP services don’t enable you to automatically detect and stop these types of sophisticated intrusion attacks, such as the recent Solarwinds attack, or whatever the next attack is—you have the wrong approac

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!