Sat.Jan 01, 2022 - Fri.Jan 07, 2022

article thumbnail

Norton 360 Now Comes With a Cryptominer

Krebs on Security

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it.

Mining 357
article thumbnail

Google Docs Comments Weaponized in New Phishing Campaign

Dark Reading

Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links.

Phishing 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

Security Affairs

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA! — Powerful Greek Army (@PowerfulGRArmy) January 2, 2022.

article thumbnail

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.

Access 279
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

6 Ways to Delete Yourself From the Internet

WIRED Threat Level

You’ll never be able to get a clean slate—but you can significantly downsize your digital footprint.

Privacy 145

More Trending

article thumbnail

Over 3.7 million accounts were compromised in the FlexBooker data breach

Security Affairs

The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays. Stolen data are now available for sale on multiple cybercrime forums. FlexBooker is an online appointment scheduling platform that allows users to schedule appointments and sync employee calendars.

article thumbnail

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022.

Security 260
article thumbnail

Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells

Dark Reading

Microsoft says vulnerabilities present a "real and present" danger, citing high volume of scanning and attack activity targeting the widely used Apache logging framework.

140
140
article thumbnail

People Are Increasingly Choosing Private Web Search

Schneier on Security

DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% jump over 2020 (23.6 billion). That’s big. Even so, the company, which bills itself as the “Internet privacy company,” offering a search engine and other products designed to “empower you to seamlessly take control of your personal information online without any tradeoffs,” remains a rounding error compared to Google

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Night Sky, a new ransomware operation in the threat landscape

Security Affairs

Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names.

article thumbnail

Cybersecurity Outlook 2022: Third-party, Ransomware and AI Attacks Will Get Worse

eSecurity Planet

About the only consensus on cybersecurity in 2022 is that things will get uglier, but in what ways? Third-party security, ransomware , artificial intelligence (AI) and decentralized finance (DeFi) are some of the threats you can expect to see more of this year – with the potential for far worse results than we’ve seen in the past. Here are some of the more interesting predictions for 2022 we’ve seen from cybersecurity researchers.

article thumbnail

Name That Edge Toon: In Your Face!

Dark Reading

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

137
137
article thumbnail

Norton’s Antivirus Product Now Includes an Ethereum Miner

Schneier on Security

Norton 360 can now mine Ethereum. It’s opt-in, and the company keeps 15%. It’s hard to uninstall this option.

Mining 135
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

North Korea-linked Konni APT targets Russian diplomatic bodies

Security Affairs

North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants. The APT group carried out spear-phishing attacks using New Year’s Eve festivities as a lure.

Phishing 145
article thumbnail

Signal's Cryptocurrency Feature Has Gone Worldwide

WIRED Threat Level

A beta “payments” feature now lets users of the popular encrypted messaging app send MobileCoin around the globe.

article thumbnail

Vinnie Liu Has a Mission: Keeping People Safe Online and Offline

Dark Reading

Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.

Security 135
article thumbnail

India’s Draft Data Protection Bill Moves Closer to Passage

Hunton Privacy

Stephen Mathias from Kochhar & Co. reports that on December 16, 2021, the Indian Joint Parliamentary Committee (the “JPC”) submitted its report on India’s draft Data Protection Bill (the “Bill”). The Bill is now likely to be passed by Parliament in its next session, beginning in February 2022, and likely will enter into force in the first half of 2022.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate

Security Affairs

The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. Impresa owns SIC TV channel, and Expresso newspaper, among other leading media, like several magazine publications. The attack took place during the New Year holiday, the websites of the Impresa group, the SIC TV channels, and the Expresso were forced offline.

article thumbnail

QNAP: Get NAS Devices Off the Internet Now

Threatpost

There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.

article thumbnail

New Attack Campaign Exploits Microsoft Signature Verification

Dark Reading

The Malsmoke attack group is behind a campaign that has exploited the Microsoft e-signature verification tool to target 2,100 victims.

132
132
article thumbnail

More Russian Cyber Operations against Ukraine

Schneier on Security

Both Russia and Ukraine are preparing for military operations in cyberspace.

Military 127
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

PulseTV discloses potential credit card breach

Security Affairs

U.S. online store PulseTV disclosed a potential credit card data breach, more than 200,000 customers have been impacted. U.S. online store PulseTV has disclosed a credit card data breach that has impacted more than 200,000 customers. According to the notification letter published by the Office of the Maine Attorney General, VISA informed the company on March 8, 2021, that its website (www.pulsetv.com) was a common point of purchase for some unauthorized credit card transactions due to a possible

article thumbnail

Trends and Predictions for 2022 – More of the Same?

Thales Cloud Protection & Licensing

Trends and Predictions for 2022 – More of the Same? madhav. Wed, 01/05/2022 - 05:12. What will 2022 bring for cybersecurity? Are we going to see more of the same as we did in 2021? During the latest Thales Security Sessions podcast , hosted by Neira Jones, I had the pleasure to discuss what we can expect in 2022 with Andy Green, CISO at Gemserv, and how the many changes have impacted the security landscape.

Phishing 127
article thumbnail

New Mac Malware Samples Underscore Growing Threat

Dark Reading

A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments.

130
130
article thumbnail

Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago

WIRED Threat Level

Unless you go out of your way to install the patch, your system could be exposed.

Security 122
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Security Affairs

Microsoft released an emergency patch to fix the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Microsoft has rolled out an emergency fix that addresses the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers since January 1st, 2022. “We have addressed the issue causing messages to be stuck in transport queues of on-premises Exchange Server 2016 and Exchange Server 2019.

IT 145
article thumbnail

Attackers Exploit Flaw in Google Docs’ Comments Feature

Threatpost

A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said.

Phishing 118
article thumbnail

How to Proactively Limit Damage From BlackMatter Ransomware

Dark Reading

Logic flaw exists in malware that can be used to prevent it from encrypting remote shares, security vendor says.