Sat.Jan 08, 2022 - Fri.Jan 14, 2022

article thumbnail

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Antivirus 360
article thumbnail

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of…

Anton on Security

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF]. If you missed them, the previous papers are: “Future of the SOC: Forces shaping modern security operations” [PDF] (Paper 1 of 4) “Future of the SOC: SOC People?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Faking an iPhone Reboot

Schneier on Security

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown.

Malware 328
article thumbnail

Google Drive accounted for the most malware downloads from cloud storage sites in 2021

Tech Republic Security

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Intel chips won't play Blu-ray disks due to SGX deprecation

Bleeping Computer

Intel has removed support for SGX (software guard extension) in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution. [.].

Software 145
article thumbnail

Open Source Sabotage Incident Hits Software Supply Chain

eSecurity Planet

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software. Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and color.js , two major NPM packages used by a huge range of other packages and projects.

Software 145

More Trending

article thumbnail

9 ways that cybersecurity may change in 2022

Tech Republic Security

As malicious bot activity increases and attacks surge against APIs, MFA will become more of a mandate and the CISO will take on a greater role, predicts Ping Identity CEO and founder Andre Durand.

CISO 218
article thumbnail

Android users can now disable 2G to block Stingray attacks

Bleeping Computer

Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators. [.].

145
145
article thumbnail

Hacking group accidentally infects itself with Remote Access Trojan horse

Graham Cluley

Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really c**k things up you need to be a cybercriminal.

Hacking 145
article thumbnail

Using EM Waves to Detect Malware

Schneier on Security

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity.

Malware 316
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

URL parsing: A ticking time bomb of security exploits

Tech Republic Security

The modern world would grind to a halt without URLs, but years of inconsistent parsing specifications have created an environment ripe for exploitation that puts countless businesses at risk.

Risk 214
article thumbnail

How to Check If your JavaScript Security is Working

Security Boulevard

Knowing whether your JavaScript is secure is crucial to maintaining a safe user experience for your customers. Learn how to check! The post How to Check If your JavaScript Security is Working appeared first on Feroot. The post How to Check If your JavaScript Security is Working appeared first on Security Boulevard.

145
145
article thumbnail

Microsoft pulls new Windows Server updates due to critical bugs

Bleeping Computer

Microsoft has pulled the January Windows Server cumulative updates after critical bugs caused domain controllers to reboot, Hyper-V to not work, and ReFS volume systems to become unavailable. [.].

145
145
article thumbnail

Apple’s Private Relay Is Being Blocked

Schneier on Security

Some European cell phone carriers , and now T-Mobile , are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread.

Mobile 301
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The rise of the CISO: The escalation in cyberattacks makes this role increasingly important

Tech Republic Security

As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.

CISO 215
article thumbnail

5 Reasons Why You Shouldn’t Wait Any Longer to Deploy MFA

Security Boulevard

MFA, or multi-factor authentication, has the power to prevent the majority of data breaches. Yet many organizations are still lagging in implementation. The post 5 Reasons Why You Shouldn’t Wait Any Longer to Deploy MFA appeared first on Security Boulevard.

article thumbnail

Oops: Cyberspies infect themselves with their own malware

Bleeping Computer

After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers. [.].

Malware 145
article thumbnail

Fake QR Codes on Parking Meters

Schneier on Security

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.

Phishing 312
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

US government urges organizations to prepare for Russian-sponsored cyber threats

Tech Republic Security

Though the feds don't cite any specific threat, a joint advisory from CISA, the FBI and the NSA offers advice on how to detect and mitigate cyberattacks sponsored by Russia.

article thumbnail

CES 2022 – the “anyone can make an electric car” edition

We Live Security

But as we learned in mashing up other technologies, the security devil is in the details. The post CES 2022 – the “anyone can make an electric car” edition appeared first on WeLiveSecurity.

article thumbnail

New Windows Server updates cause DC boot loops, break Hyper-V

Bleeping Computer

The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back [.].

145
145
article thumbnail

Is Your Supply Chain Secure?

Security Boulevard

In 2021, there were a number of major supply chain attacks that crippled multiple companies. Think back to the Kaseya attack in July, or, even before that, the SolarWinds attack that came to light in December 2020. In October 2021, Broward Health in Florida was compromised through a third-party supply chain vulnerability. For many CEOs, The post Is Your Supply Chain Secure?

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

7 obstacles that organizations face migrating legacy data to the cloud

Tech Republic Security

Some of the major obstacles center on concerns about compliance, fears about security and infrastructure and uncertainty about budget requirements, says Archive360.

208
208
article thumbnail

Russian submarines threatening undersea cables, UK defence chief warns

Security Affairs

Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin. UK defence chief Sir Tony Radakin warns of Russian submarines threatening the undersea network of internet cables, which are critical infrastructure of our society. Multiple activities heavily depend on the global network of undersea cables, including financial transactions and communications. “In the financial sector alone, undersea cables carry some $10 trillion of financial transf

article thumbnail

New Windows KB5009543, KB5009566 updates break L2TP VPN connections

Bleeping Computer

Windows 10 users and administrators report problems making L2TP VPN connections after installing the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates. [.].

VPN 143
article thumbnail

Hackers are posting out malicious USB drives to businesses

Graham Cluley

A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Behind the scenes: A day in the life of a security auditing manager

Tech Republic Security

Working with clients on finding vulnerabilities within their cybersecurity frameworks. is the key part of a security manager's job. Here's how one security auditing manager gets it done.

article thumbnail

Cryptocurrency scams: What to know and how to protect yourself

We Live Security

As you attempt to strike it rich in the digital gold rush, make sure you know how to recognize various schemes that want to part you from your digital coins. The post Cryptocurrency scams: What to know and how to protect yourself appeared first on WeLiveSecurity.

article thumbnail

Trojanized dnSpy app drops malware cocktail on researchers, devs

Bleeping Computer

Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy.NET application to install cryptocurrency stealers, remote access trojans, and miners. [.].

Malware 145
article thumbnail

A Cybersecurity Role Has Topped List of Best Jobs

CyberSecurity Insiders

“Information security analyst” tops the U.S. News & World Report 2022 Best Jobs list. The list ranks the 100 best jobs across 17 sectors including business, healthcare and technology, taking into account factors such as growth potential, salary and work-life balance. Having a cybersecurity position at the top of the list is exciting for a young industry that has struggled with perception problems.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.