Sat.Aug 07, 2021 - Fri.Aug 13, 2021

article thumbnail

Mobile Malware: Threats and Solutions

eSecurity Planet

As users have increasingly moved from desktop operating systems to mobile devices as their primary form of computing, cyber attackers have taken notice and malware has followed. While the total volume of mobile malware is a fraction of that created for desktops, it is nonetheless a growing security concern, as more and more high-value and sensitive tasks are performed on mobile devices.

article thumbnail

Why No HTTPS? The 2021 Version

Troy Hunt

More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path.

Archiving 143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

QR Code Scammers Get Creative with Bitcoin ATMs

Threatpost

Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users.

Security 118
article thumbnail

Cybercriminals Reportedly Created Blockchain Analytics Tool

Data Breach Today

Researchers Say the Tool Is Designed To Help Gangs Launder Bitcoin Cybercriminals have developed a blockchain analytics tool on the darknet that could help a gang launder illegally obtained bitcoin, and they are actively marketing it, according to the cryptocurrency analytics firm Elliptic. The tool, however, is rated as not entirely effective.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “ Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.

More Trending

article thumbnail

Accenture has been hit by a LockBit 2.0 ransomware attack

Security Affairs

Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators, the group announced the hack on its leak site, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider.

article thumbnail

Hackers Target Critical Infrastructure in Southeast Asia

Data Breach Today

Symantec: China-Linked Actors Investigate SCADA Systems An unidentified hacking group with suspected Chinese ties is targeting critical infrastructure in Southeast Asia as part of a cyberespionage campaign to exfiltrate information about the victim's SCADA systems, says a report by security firm Symantec.

Security 363
article thumbnail

Microsoft Patch Tuesday, August 2021 Edition

Krebs on Security

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.

Risk 335
article thumbnail

Top Cybersecurity Companies for 2021

eSecurity Planet

As the demand for robust security defense grows by the day, the market for cybersecurity technology has exploded, as well as the number of available solutions. To help you navigate this growing marketplace, we provide our recommendations for the world’s leading cybersecurity technology providers, based on user reviews, product features and benefits, vendor information, analyst reports, independent security tests, and use cases.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Apple Adds a Backdoor to iMesssage and iCloud Storage

Schneier on Security

Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.

article thumbnail

BlackMatter Group Debuts Linux-Targeting Ransomware

Data Breach Today

VMware ESXi Servers Targeted by Crypto-Locking Malware, MalwareHunterTeam Warns The new BlackMatter Russian-speaking ransomware-as-a-service group, which announced its launch last month, has created a Linux version of its malware designed to target VmWare's ESXi servers hosting virtual machines, according to MalwareHunterTeam.

article thumbnail

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free. The gang has now rebranded as the new El_Cometa group. The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “T

article thumbnail

Malvertising Campaign Targets IoT Devices: GeoEdge

eSecurity Planet

A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers. The executives said the “malvertising” campaign – which was uncovered by GeoEdge’s security research team with AdTech partners InMobi and Verve Group – came out of Ukraine and Slovenia and reached as fa

IoT 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Defeating Microsoft’s Trusted Platform Module

Schneier on Security

This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization.

article thumbnail

Flaws in John Deere Systems Show Agriculture's Cyber Risk

Data Breach Today

John Deere, Researchers Spar Over Impact of Vulnerabilities Flaws uncovered in tractor manufacturer John Deere's systems underscore the cyber risks that come in tandem with the productivity gains from high-tech farming. John Deere claims the issues would not affect machines in use, but a researcher who presented at the Def Con security conference on Sunday disagrees.

article thumbnail

AI Wrote Better Phishing Emails Than Humans in a Recent Test

WIRED Threat Level

Researchers found that tools like OpenAI's GPT-3 helped craft devilishly effective spearphishing messages.

Phishing 145
article thumbnail

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot. “A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthent

IoT 145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

eSecurity Planet

Cybercriminals using an IP address in China are trying to exploit a vulnerability disclosed earlier this month to deploy a variant of the Mirai malware on network routers affected by the vulnerability, according to researchers with Juniper Threat Labs. In a recent blog post , the researchers said the bad actors are looking to leverage a path traversal vulnerability that could affect millions of home routers and other Internet of Things (IoT) devices that use the same code base and are manufactur

IoT 144
article thumbnail

NortonLifeLock to Buy Avast for Over $8 Billion

Data Breach Today

Deal Will 'Strengthen Cyber Safety Program' Antivirus and identity protection firm NortonLifeLock confirmed Tuesday that it has entered into an agreement to acquire its rival, Avast, for $8.1 billion to $8.6 billion.

IT 344
article thumbnail

The NYPD Had a Secret Fund for Surveillance Tools

WIRED Threat Level

Documents reveal that police bought facial-recognition software, vans equipped with x-ray machines, and “stingray” cell site simulators—with no public oversight.

Security 145
article thumbnail

Cobolt Strike Vulnerability Affects Botnet Servers

Schneier on Security

Cobolt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the Cobalt Strike client — also known as a Beacon — and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

A zero-day RCE in Cisco ADSM has yet to be fixed

Security Affairs

A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ADSM) Launcher disclosed in July has yet to be addressed. Cisco provided an update on a remote code execution (RCE) vulnerability (CVE-2021-1585) in the Adaptive Security Device Manager (ADSM) Launcher, the IT giant confirmed that the flaw has yet to be addressed.

article thumbnail

FTC Warns: SMS Phishing Scam Impersonates State Agencies

Data Breach Today

Millions of Smartphone Users Nationwide Are Targets The Federal Trade Commission has issued a warning about a new smishing scheme targeting millions of smartphones nationwide that impersonates state workforce agencies in an attempt to obtain personal data.

Phishing 344
article thumbnail

All the Ways Spotify Tracks You—and How to Stop It

WIRED Threat Level

Whether you're listening to workout music or a "cooking dinner" playlist, the app can show you ads based on your mood and what you're doing right now.

IT 145
article thumbnail

Welcoming the Turkish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

Taiwanese vendor Synology has warned customers that the StealthWorker botnet is targeting their NAS devices to deliver ransomware. Taiwan-based vendor Synology has warned customers that the StealthWorker botnet is conducting brute-force attacks in an attempt to implant ransomware. Once compromised the device, threat actors employed it in a botnet used in attacks aimed at Linux systems, including Synology NAS. “Synology PSIRT (Product Security Incident Response Team) has recently seen and r

article thumbnail

2 Plead Guilty in Vast Money Laundering Scheme

Data Breach Today

Prosecutors Say Operation Aided Cybercriminals Two Latvian men tied to an extensive international money laundering operation that aided prominent cybercriminals have pleaded guilty to conspiracy charges.

338
338
article thumbnail

Using AI to Scale Spear Phishing

Schneier on Security

The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAI’s GPT-3 platform in conjunction with other AI-as-a-service products focused on personality analysis to generate phishing emails tailored to their colleagues’ backgrounds and traits.

Phishing 142