Security Affairs

MARCH 10, 2021

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations. The news was first reported by Bloomberg News who reported its to Verkada.

Surveillance 144

Surveillance Hacking Banking Firmware 144

Naked Security

MARCH 11, 2021

Caveat utilitor! Caveat emptor! Caveat programmator!

143

143

SecureBlitz

MARCH 11, 2021

This post will expose the top 5 DDoS attack challenges for Telecom companies. Today’s world runs on the Internet. From traffic control systems to shopping, banking, transaction processing and communication — without the worldwide web, many activities that we take for granted would be impossible and many vital services would fail. Similarly to a cellular.

DDOS 83

DDOS Banking Internet Internet 83

Krebs on Security

MARCH 8, 2021

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.

Hacking 362

Hacking Technology Software 362

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MARCH 12, 2021

Really interesting research : “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture.

Architecture 361

Architecture Software 361

Troy Hunt

MARCH 10, 2021

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something. now you are in my @home_assistant setup also :) Thanks @troyhunt pic.twitter.com/4d4Qxnlazl — Jón Ólafs (@jonolafs) March 3, 2021 Awesome!

Passwords 346

Passwords IoT Password Management Data breaches 346

Krebs on Security

MARCH 9, 2021

Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United States. Each hacked server has been retrofitted with a “web shell” backdoor that gives the bad guys total, remote control, the ability to read all email, and easy access to the victim’s other computers.

Backups 357

Backups Hacking Ransomware Cybercrime 357

Schneier on Security

MARCH 10, 2021

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During this time the attacker appeared to be relatively subtle, exploiting particular targets (although we generally lack insight into who was targeted).

Hacking 360

Hacking Internet Internet Ransomware 360

Troy Hunt

MARCH 12, 2021

A big, big week with a heap of different things on the boil. Cyber stuff, audio stuff, IoT stuff - it's all there! Sorry about the camera being a little blue at the start, if anyone knows why it's prone to do this I'd love to hear from you. But hey, at least the audio is spot on, hope you enjoy this week's video. References Complying with NIST Password Guidelines in 2021 (a piece from this week's sponsor, intro'd by yours truly) We're rapidly going cashless, but not everybody is happy (there are

Passwords 281

Passwords IoT Hacking 281

Javvad Malik

MARCH 9, 2021

The dangers of downloading untrusted code from the internet is well documented. You never know what is contained within someone else’s code, be it sloppy coding, or malicious intent. If it is a snippet of code that you can easily read, it can be relatively risk free. Because, why put in the effort to reinvent the wheel when there are so many wheels already available?

Banking 225

Banking Internet Internet Risk 225

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

MARCH 9, 2021

On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft’s “critical” rating, meaning they can be exploited by malware or miscreants with little or no help from users.

DNS 347

DNS Internet Internet Software 347

Schneier on Security

MARCH 9, 2021

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 2013­2017, which indicates a lack of recent software updates,” the reported stated. 26%!?

Technology 360

Technology Software Malware 360

Tech Republic Security

MARCH 9, 2021

The SolarWinds incident was a wake-up call for most of the security professionals surveyed by DomainTools.

Cybersecurity 217

Cybersecurity 217

The Last Watchdog

MARCH 6, 2021

Technology advancements have made it relatively easy for many employees to carry out their regular job duties from the comfort of their home. Related: Poll confirms rise of Covid 19-related hacks. This is something companies are under pressure to allow to help minimize the spread of Covid 19. The main problem for remote workers is the threat to online security.

VPN 214

VPN Passwords Firewall Risk 214

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Zero Day

MARCH 12, 2021

A ransomware variant is now also leveraging the critical vulnerabilities.

Hacking 145

Hacking Ransomware 145

Schneier on Security

MARCH 8, 2021

Interesting paper: “ Shadow Attacks: Hiding and Replacing Content in Signed PDFs “: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities in PDF viewer implementations.They showed attacks that could modify PDF documents without invalidating the signature.

Hacking 355

Hacking Authentication 355

Tech Republic Security

MARCH 8, 2021

Cybercriminals are racing to exploit four zero-day bugs in Exchange before more organizations can patch them.

Hacking 217

Hacking 217

The Last Watchdog

MARCH 8, 2021

Like a couple of WWE arch rivals, Apple’s Tim Cook and Facebook’s Mark Zuckerberg have squared off against each other in a donnybrook over consumer privacy. Cook initially body slammed Zuckerberg — when Apple issued new privacy policies aimed at giving U.S. consumers a smidgen more control over their personal data while online. Related: Raising kids who care about their privacy.

Data privacy 196

Data privacy Manufacturing Education Technology 196

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Zero Day

MARCH 12, 2021

IBM is working on future-proof encryption methods able to keep our data safe both in storage and active use.

Data privacy 145

Data privacy Encryption 145

Schneier on Security

MARCH 11, 2021

Science has a paper (and commentary ) on generating 250 random terabits per second with a laser. I don’t know how cryptographically secure they are, but that can be cleaned up with something like Fortuna.

327

327

Tech Republic Security

MARCH 10, 2021

Commentary: Enterprises try their best to secure their data, but running on-premises mail servers arguably doesn't do this. So why do they do it, anyway?

Hacking 210

Hacking 210

The Hacker News

MARCH 12, 2021

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.

145

145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureList

MARCH 12, 2021

Introduction. A short while ago, Apple released Mac computers with the new chip called Apple M1. The unexpected release was a milestone in the Apple hardware industry. However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This inevitably leads us to new malware samples compiled for the Apple Silicon platform.

Malware 145

Malware Adware Architecture Technology 145

Bleeping Computer

MARCH 11, 2021

An official version of the popular 7-zip archiving program has been released for Linux for the first time. [.].

Software 145

Software 145

Tech Republic Security

MARCH 11, 2021

Security analysts and an SEO expert explain how this new approach uses legitimate websites to trick users into downloading infected files.

Malware 204

Malware 204

The Hacker News

MARCH 11, 2021

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it.

145

145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MARCH 11, 2021

Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the arsenal of China-linked Winniti APT. Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets Linux endpoints and servers. The malware was likely developed by the China-linked cyber espionage group Winnti. “We have discovered an undocumented backdoor targeting Linux systems, masqueraded as polkit daemon.

Malware 145

Malware Encryption Authentication Passwords 145

We Live Security

MARCH 10, 2021

ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world. The post Exchange servers under siege from at least 10 APT groups appeared first on WeLiveSecurity.

Malware 145

Malware 145

Tech Republic Security

MARCH 8, 2021

DARPA's project could allow encrypted data to be used without ever having to decrypt it.

Encryption 202

Encryption 202

Bleeping Computer

MARCH 10, 2021

The Windows 10 KB5000802 and KB5000808 cumulative updates released yesterday are causing Blue Screen of Death crashes when printing to network printers. [.].

145

145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity