Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Banking 362

Banking Phishing Scams Accountability 362

Troy Hunt

NOVEMBER 8, 2021

When someone passed me hundreds of thousands of records on kids taken from CloudPets a few years ago , I had a nightmare of a time getting in touch with the company. They'd left a MongoDB instance exposed to the public without a password and someone had snagged all their data. Within the data were references that granted access to voice recordings made by children, stored in an S3 bucket that also had no auth.

Scams 68

Scams Data breaches InfoSec Social Engineering 68

Lohrman on Security

NOVEMBER 7, 2021

Not only is ransomware the top cybersecurity story in 2021, but new twists, turns and countermeasures keep coming. Here are the latest headlines and what news you need.

Ransomware 336

Ransomware Cybersecurity 336

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” It’s pretty good.

Risk 328

Risk Cybersecurity 328

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

NOVEMBER 8, 2021

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

Ransomware 330

Ransomware Cybercrime System Administration Passwords 330

The Last Watchdog

NOVEMBER 8, 2021

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers. However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, sto

Healthcare 268

Healthcare Technology Architecture IoT 268

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Hacking 320

Hacking Firmware Engineering Software 320

Krebs on Security

NOVEMBER 9, 2021

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Backups 288

Backups Authentication Passwords Internet 288

Malwarebytes

NOVEMBER 12, 2021

This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif (perhaps in reference to Moscow’s emergency hospital ) created a GitHub account and uploaded the first part of the attack on November 8.

Energy and Utilities 145

Energy and Utilities Encryption Accountability 145

Tech Republic Security

NOVEMBER 9, 2021

The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti.

Ransomware 217

Ransomware 217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

NOVEMBER 12, 2021

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article : Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers.

Hacking 313

Hacking Malware Cybersecurity 313

The Hacker News

NOVEMBER 12, 2021

Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads.

Phishing 145

Phishing Malware Banking Ransomware 145

WIRED Threat Level

NOVEMBER 11, 2021

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more.

Media 145

Media Malware Hacking 145

Tech Republic Security

NOVEMBER 9, 2021

The security company expects these attacks to keep rising through the end of the year.

DDOS 217

DDOS 217

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

NOVEMBER 8, 2021

We’ve now had an (unsuccessful) assassination attempt by explosive-laden drones.

303

303

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability ( CVE-2021-30869 ) unpatched in macOS Catalina.

Malware 145

Malware Media Surveillance Encryption 145

IT Security Guru

NOVEMBER 11, 2021

What keeps OT security specialists up at night? It’s mostly problems from the IT world, says Andy Norton, European Cyber Risk Officer at Armis. Operational technology (OT) used to be the specialist networks nobody in IT bothered with, or perhaps thought they didn’t need to. For a while, that seemed reasonable; OT networks were usually isolated from IT operations, sat behind air gaps, and ran on obscure operating systems.

Cybersecurity 145

Cybersecurity Wireless Cyber Risk Risk 145

Tech Republic Security

NOVEMBER 9, 2021

Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. He also shows you how.

217

217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

NOVEMBER 12, 2021

Recent ransomware attacks have dominated the headlines this year. Predictions estimate that the financial impact caused by ransomware could reach $265 billion globally by 2031. That means cyberattacks targeting enterprises and individuals are happening at a rate of about one attack every few seconds. The average ransom payment made by a business to.

Cyber Insurance 145

Cyber Insurance Insurance Ransomware Cybersecurity 145

Security Affairs

NOVEMBER 10, 2021

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South Korean victims.

Spyware 145

Spyware Mobile Social Engineering Malware 145

The Hacker News

NOVEMBER 9, 2021

Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor. The commission-free stock trading and investing platform said the incident happened "late in the evening of November 3," adding it's in the process of notifying affected users.

Data breaches 145

Data breaches 145

Tech Republic Security

NOVEMBER 9, 2021

One person fingered for the July 2021 attack against Kaseya is in custody, while the other individual is still at large.

Ransomware 211

Ransomware 211

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

NOVEMBER 11, 2021

It’s often said that data breaches are no longer a matter of ‘if’, but ‘when’ – here’s what your organization should do, and avoid doing, in the case of a security breach. The post When the alarms go off: 10 key steps to take after a data breach appeared first on WeLiveSecurity.

Data breaches 145

Data breaches Cybersecurity 145

Security Affairs

NOVEMBER 8, 2021

The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July. The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4. The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22), who was arrested for cybercriminal activity on October 8

Ransomware 145

Ransomware Government Hacking Technology 145

The Hacker News

NOVEMBER 10, 2021

Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

NOVEMBER 10, 2021

After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top.

Ransomware 210

Ransomware 210

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

NOVEMBER 9, 2021

Red Teams are a necessary part of a good cybersecurity program. The Red Team is offensive security, explained Richard Tychansky, a security researcher speaking at (ISC)2 Security Congress. During the Red Team process, Tychansky said there are several stages to follow: • The organization and the Red Team (whether in-house or externally contracted) will agree.

Cybersecurity 145

Cybersecurity Social Engineering Engineering Malware 145

Security Affairs

NOVEMBER 12, 2021

Wiz Research Team disclosed technical details about the discovery of the ChaosDB vulnerability in Azure Cosmos DB database solution. In August, 2021 the Wiz Research Team disclosed ChaosDB – a severe vulnerability in the popular Azure Cosmos DB database solution that allowed for complete, unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies.

Accountability 145

Accountability Authentication Internet Internet 145

The Hacker News

NOVEMBER 7, 2021

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts.

Accountability 145

Accountability Software 145

Tech Republic Security

NOVEMBER 11, 2021

With a bait attack, criminals try to obtain the necessary details to plan future attacks against their targets, says Barracuda.

194

194

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity