Sat.Aug 21, 2021 - Fri.Aug 27, 2021

article thumbnail

Surveillance of the Internet Backbone

Schneier on Security

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.

Internet 361
article thumbnail

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 258

Troy Hunt

A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style). Lots of little things this week, hoping next week will be the big "hey, Pwned Passwords just passed 1 billion", stay tuned for that one 😊 References You probably should have an OnlyFans account (no, not in the way it sounds like you should.

article thumbnail

Cyber in Afghanistan: Tech’s Vital Role in Kabul Evacuation

Lohrman on Security

The desperate images coming out of Afghanistan following the Taliban’s takeover last weekend underline the importance of technology and the real-life impacts when planning goes well — or not so well.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Interesting Privilege Escalation Vulnerability

Schneier on Security

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer.

Software 341
article thumbnail

How to create a hidden, nearly undeletable folder in Windows 10

Tech Republic Security

It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.

214
214

More Trending

article thumbnail

Man impersonates Apple support, steals 620,000 photos from iCloud accounts

We Live Security

The man was after sexually explicit photos and videos that he would then share online or store in his own collection. The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity.

article thumbnail

Details of the Recent T-Mobile Breach

Schneier on Security

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked.

Mobile 347
article thumbnail

Ransomware demands and payments skyrocket

Tech Republic Security

According to a ransomware report, the average ransom payment in the first half of 2021 jumped to $570,000. Learn more in TechRepublic's Karen Roby interview with writer Lance Whitney.

article thumbnail

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

Overview. As part of our continued goal to provide safer products for enterprises and consumers, we at McAfee Advanced Threat Research (ATR) recently investigated the B. Braun Infusomat Space Large Volume Pump along with the B. Braun SpaceStation , which are designed for use in both adult and pediatric medical facilities. This research was done with support from Culinda – a trusted leader in the medical cyber-security space.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

More and More Companies Are Getting Hit with Ransomware

Heimadal Security

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments. What motivates the ransomware actors to become even more […].

article thumbnail

AI-Fueled Deep Fakes Signal New Era of Cybercrime

Security Boulevard

Information manipulation has been around since Chinese general Sun Tzu wrote “The Art of War” in 550 BC. The Russians routinely use disinformation tactics to destabilize democracies. Events like the 2020 U.S. elections or COVID-19 vaccinations highlight how political opponents and rogue nations actively practice disinformation campaigns to undermine confidence in governments and science, sowing.

article thumbnail

Tech companies pledge to help toughen US cybersecurity in White House meeting

Tech Republic Security

Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.

article thumbnail

T-Mobile confirms fifth data breach in three years

Graham Cluley

T-Mobile has confirmed media reports from earlier this week that it had suffered a serious data breach. And it's not just existing T-Mobile users who should be alarmed, but former and prosepective customers as well.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Triada Trojan in WhatsApp MOD

SecureList

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the option of viewing messages that have been deleted by the sender.

Malware 145
article thumbnail

Cybercriminals Inducing Insiders to Plant Malware

Security Boulevard

Those who manage insider threat programs just got a healthy reminder from researchers at Abnormal Security who detailed how their deployed tools detected a new insider recruitment tactic—this time involving ransomware. Insider recruitment, be it sponsored by a nation-state, competitor or criminal enterprise, is not new. The means by which the adversary approaches the target.

Malware 145
article thumbnail

Google and mobile operating systems top list of privacy concerns, says Kaspersky

Tech Republic Security

Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.

Mobile 187
article thumbnail

Details of US State Department Cyber Attack

CyberSecurity Insiders

The US Department of Defense Cyber Command has disclosed in a tweet that the US State Department was hit by a cyber attack, just a couple of weeks ago, hinting at a serious data breach. However, for security reasons, the source did not reveal the nature of the attack and its impact on the operations taken up by the state department. Cybersecurity Insiders has learnt that the attack could have taken place in the first week of August and a state funded hacking gang seems to be behind the incident.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The T-Mobile data breach: A timeline

CSO Magazine

Telecommunications giant T-Mobile has warned that information including names, dates of birth, US Social Security numbers (SSNs), and driver’s license/ID of almost 50 million individuals comprising current, former, or prospective customers has been exposed via a data breach. While many details of the incident (including its root cause) remain unclear as of August 19, immediate fallout suggests this incident might be one of the most significant of recent times, not least due to the number of reco

article thumbnail

Cloud Workload Security

Security Boulevard

Cloud observability and security are quickly becoming mainstays necessary to manage and secure cloud-based applications and infrastructure. At Black Hat 2021, Datadog announced their new Cloud Workload Security offering, providing real-time eBPF-powered threat detection across containers and hosts. Datadog’s Nick Davis, senior product manager for cloud workload security, and Mitch Ashley discuss how the solution.

article thumbnail

Security alert: The threat is coming from inside your Docker container images

Tech Republic Security

Five malicious Docker container images were recently detected on Docker Hub, totaling more than 120,000 pulls.

217
217
article thumbnail

New zero-click iPhone exploit used to deploy NSO spyware

Bleeping Computer

Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. [.].

Spyware 144
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

4 most dangerous emerging ransomware threat groups to watch

CSO Magazine

New research from Palo Alto Networks’ Unit 42 has identified four emerging ransomware groups that have the potential to become bigger problems in the future. These are AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0. [ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the latest from CSO by signing up for our newsletters.

article thumbnail

Beyond the pandemic: Why are data breach costs at an all?time high?

We Live Security

It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity.

article thumbnail

Risk officers and board members don't agree on use of tech and data in business

Tech Republic Security

Survey by EY finds that board members are interested in spending more money on technology and data analytics for risk management.

Risk 191
article thumbnail

T-Mobile CEO: Hacker brute-forced his way through our network

Bleeping Computer

Today, T-Mobile's CEO Mike Sievert said that the hacker behind the carrier's latest massive data breach brute forced his way through T-Mobile's network after gaining access to testing environments. [.].

Mobile 143
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

How attackers could exploit breached T-Mobile user data

CSO Magazine

T-Mobile has confirmed a data breach that impacted nearly 50 million people, including current, former and prospective subscribers. The exposed details differed across different types of customers, so the level of risk users are exposed to varies. Victims of the T-Mobile or any other breach where personal data is stolen should be aware of follow-on attacks and take steps to mitigate them.

Mobile 144
article thumbnail

Cyber Attacks on Global Education Sector witness a jump

CyberSecurity Insiders

According to a study by Check Point Software, there has been an increase in cyber attacks on the Education Sector operating across the world. And the survey confirmed that the education sector operating in United States, UK, Israel, India and Italy were deeply affected from January to July this year. Educators have become vulnerable to cyber attacks, especially when most of the classes are being held online because of the fast spread of Corona Virus Pandemic.

Education 144
article thumbnail

Windows 365 Business: How this new tool can help your organization

Tech Republic Security

Simon Bisson tried out the new Microsoft 365 tool, which allows you to create virtual machines for your staff working from home. Here's what he learned.

166
166
article thumbnail

Top Code Debugging and Code Security Tools

eSecurity Planet

There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And as even a casual reader would know from the headlines, not all of that code is flawless. In fact, there are more than a few flaws present, as well as the occasional gaping security hole.

Software 143
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.