Sat.Jan 08, 2022 - Fri.Jan 14, 2022

article thumbnail

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Mining 362
article thumbnail

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector. Last August, NTT , the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community

Big data 279
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Kicks Off 2022 With 96 Security Patches

Dark Reading

Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known.

Security 145
article thumbnail

Threat actors can bypass malware detection due to Microsoft Defender weakness

Security Affairs

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from scanning by the security solution.

Access 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Krebs on Security

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Libraries 281

More Trending

article thumbnail

The Cybersecurity Measures CTOs Are Actually Implementing

Dark Reading

Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.

article thumbnail

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure. The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials st

article thumbnail

Norton Put a Cryptominer in Its Antivirus Software

WIRED Threat Level

Plus: NFT thefts, a ransomware wave in schools, and more of the week’s top security news.

IT 145
article thumbnail

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

Working with personal data in today’s cyber threat landscape is inherently risky. Related: The dangers of normalizing encryption for government use. It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This can include: Security contours. Setting up security contours for certain types of personal data can be useful for: •Nullifying threats and risks applicable to general infrastructura

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Let's Play! Raising the Stakes for Threat Modeling With Card Games

Dark Reading

On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.

Risk 144
article thumbnail

US NCSC and DoS share best practices against surveillance tools

Security Affairs

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools.

Sales 145
article thumbnail

Open Source Sabotage Incident Hits Software Supply Chain

eSecurity Planet

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software. Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and color.js , two major NPM packages used by a huge range of other packages and projects.

Libraries 141
article thumbnail

Faking an iPhone Reboot

Schneier on Security

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown.

IT 134
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Redefining the CISO-CIO Relationship

Dark Reading

While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another.

141
141
article thumbnail

Unauthenticated RCE in H2 Database Console is similar to Log4Shell

Security Affairs

Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J vulnerability. The flaw, tracked as CVE-2021-42392 , could allow attackers to execute remote code on vulnerable systems, the good news is that unlike the Log4J issue it should not be as widespread.

IoT 145
article thumbnail

Cybersecurity Employment in 2022: Solving the Skills Gap

eSecurity Planet

As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. In fact, it’s gotten worse. There are currently about 435,000 cybersecurity job openings available in the United States, up from approximately 314,000 in 2019. The move to remote work in response to the COVID-19 pandemic increased the workloads for skilled IT professionals, and combined with the rising rate of ransomware attacks , many security pros are suffering from burnout.

article thumbnail

European Commission Defends Irish Data Protection Commissioner

Hunton Privacy

In a letter addressed to certain members of the European Parliament (“MEPs”), European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner (“DPC”). Background. On December 6, 2021, the concerned MEPs sent a letter to Commissioner Reynders to raise concerns about how the DPC enforces the EU General Data Protection (“GDPR”) and applies the GDPR’s cooperation mechanism.

GDPR 133
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to Protect Your Phone from Pegasus and Other APTs

Dark Reading

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime.

IT 136
article thumbnail

Russian submarines threatening undersea cables, UK defence chief warns

Security Affairs

Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin. UK defence chief Sir Tony Radakin warns of Russian submarines threatening the undersea network of internet cables, which are critical infrastructure of our society. Multiple activities heavily depend on the global network of undersea cables, including financial transactions and communications. “In the financial sector alone, undersea cables carry some $10 trillion of financial transf

article thumbnail

Using Foreign Nationals to Bypass US Surveillance Restrictions

Schneier on Security

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than previously believed. What’s most interesting to me about this new information is how the US used the Australians to get around domestic spying laws: For legal reasons, the FBI did not monitor outgoing me

article thumbnail

Best Distributed Denial of Service (DDoS) Protection Tools

eSecurity Planet

Distributed denial of service (DDoS) attacks can cripple an organization, a network, or even an entire country, and they show no sign of slowing down. DDoS attacks may only make up a small percentage of security threats, but their consequences can be devastating. The country of Estonia was brought offline a few years back by a DDoS attack. Over the past year or so, Google, Amazon and Microsoft have been subjected to massive DDoS incursions.

Cloud 126
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Cloud Apps Replace Web as Source for Most Malware Downloads

Dark Reading

Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.

Cloud 135
article thumbnail

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

US authorities warn critical infrastructure operators of the threat of cyberattacks orchestrated by Russia-linked threat actors. US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. “This joint Cybersecurity Advisory (CSA)—authored by the Cybersecurity and Infrastructure Security Agency (C

article thumbnail

Using EM Waves to Detect Malware

Schneier on Security

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity.

IoT 130
article thumbnail

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

How Can We Secure The Future of Digital Payments? divya. Tue, 01/11/2022 - 06:35. The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. This raises the question of where digital payment technologies will take us in the future, and how will this affect consumers? In the latest episode of Thales Security Sessions podcast , I was asked by Neira Jones to join Simon Keates, Head of Strategy and Payment Security at Thal

Retail 126
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

No Significant Intrusions Related to Log4j Flaw Yet, CISA Says

Dark Reading

But that could change anytime, officials warn, urging organizations to prioritize patching against the critical remote code execution flaw.

132
132
article thumbnail

USCYBERCOM: MuddyWater APT is linked to Iran’s MOIS intelligence

Security Affairs

US Cyber Command (USCYBERCOM) has officially linked the Iran-linked MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS). USCYBERCOM has officially linked the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros ) to Iran’s Ministry of Intelligence and Security (MOIS). The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East.

Security 144
article thumbnail

Fake QR Codes on Parking Meters

Schneier on Security

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.

Phishing 128