Threatpost The First Stop For Security News
by Becky Bracken on July 29, 2021 at 7:16 pm
Employee email takeover exposed personal, medical data of students, employees and patients.
by Lisa Vaas on July 29, 2021 at 6:39 pm
There are patches or remediations for all of them, but they’re still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do?
by Elizabeth Montalbano on July 29, 2021 at 4:25 pm
Authorities opened an investigation into the secretive Israeli security firm.
by Threatpost on July 29, 2021 at 1:00 pm
Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them.
by Lisa Vaas on July 28, 2021 at 6:33 pm
They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling.
WeLiveSecurity News, views, and insight from the ESET security community
by Amer Owaida on July 29, 2021 at 5:04 pm
There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet
The post Leading cybersecurity agencies reveal list of most exploited vulnerabilities of the past 2 years appeared first on WeLiveSecurity
by Phil Muncaster on July 29, 2021 at 9:30 am
Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can – willingly or unwitingly – pose.
The post Tackling the insider threat to the new hybrid workplace appeared first on WeLiveSecurity
by Amer Owaida on July 28, 2021 at 7:15 pm
Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option
The post Most Twitter users haven’t enabled 2FA yet, report reveals appeared first on WeLiveSecurity
by Amer Owaida on July 28, 2021 at 2:45 pm
With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation.
The post Booking your next holiday? Watch out for these Airbnb scams appeared first on WeLiveSecurity
by Amer Owaida on July 27, 2021 at 6:00 pm
The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.
The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity
McAfee Blogs Securing Tomorrow. Today.
by Sadik Al-Abdulla on July 29, 2021 at 3:17 pm
Architected for the cloud-first and remote-first deployments, MVISION Cloud Firewall secures access to applications and resources on the internet, accessed from every remote site and location, through a cloud-native service model. The solution inspects end-to-end user traffic – across all ports and protocols, enabling unified visibility and policy enforcement across the organizational footprint. Powered by
The post Introducing MVISION Cloud Firewall – Delivering Protection Across All Ports and Protocols appeared first on McAfee Blogs.
by Thibault Seret on July 29, 2021 at 4:01 am
Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the occasional dedicated Unix or Linux based ransomware, but cross-platform ransomware was not happening yet. However, cybercriminals never sleep and in recent months we noticed that several ransomware gangs were experimenting
The post Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? appeared first on McAfee Blogs.
by Steve Grobman on July 28, 2021 at 2:06 pm
This week, McAfee took an exciting new step in our journey—we are now a pure-play consumer company. What does that mean for consumers? It means that McAfee will be able to focus 100% of our talent and expertise on innovation and development that directly enables and improves the products and services that protect you and your family. It’s the right time to take
The post It’s All About You: McAfee’s New All-Consumer Focus appeared first on McAfee Blogs.
by Baker Nanduru on July 27, 2021 at 12:23 pm
There’s a lot of misinformation about Virtual Private Networks, what they do, and the security benefits they offer. For this article, I’d like to do some myth-busting about how a VPN actually works and why you should use one. What is a VPN and how does it protect me? A VPN is an app that you install on your device to help keep your personal data safe as you browse the internet You may
The post What is a VPN and Can it Hide My IP Address? appeared first on McAfee Blogs.
by Toni Birdsong on July 26, 2021 at 12:22 pm
There’s a lot of conversation going on right now around digital apps; only it’s not about TikTok or Twitch. Instead, it’s about the spike in the number of app scams taking place every day—many of them impacting younger consumers. In a recent report from The Washington Post, nearly two percent of the apps downloaded from the Apple store in a single day were scams costing consumers an estimated $48 million. A similar report this week in Tech Republic estimates more than
The post 9 Tips to Help Kids Avoid Popular App Scams appeared first on McAfee Blogs.
Hacker News Links for the intellectually curious, ranked by readers.
- Google Translate pronounces ‘rooster’ in Spanish
on July 30, 2021 at 4:03 am
- Descriptorless Files for Io_uring
on July 30, 2021 at 2:13 am
- Against Overuse of the Gini Coefficient
on July 30, 2021 at 1:25 am
- Our Tesla Model 3 Hasn’t Delivered Big Savings in Maintenance Costs
on July 29, 2021 at 11:37 pm
- One Tenth of a Second
on July 29, 2021 at 10:09 pm
Krebs on Security In-depth security news and investigation
by BrianKrebs on July 29, 2021 at 4:20 pm
Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.
Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse.
by BrianKrebs on July 26, 2021 at 6:18 pm
One day after last summer’s mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph “PlugwalkJoe” O’Connor appeared to have been involved in the incident. When the Justice Department last week announced O’Connor’s arrest and indictment, his alleged role in the Twitter compromise was well covered in the media.
But most of the coverage so far seem to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks — all in a bid to seize control over highly-prized social media accounts.
by BrianKrebs on July 21, 2021 at 7:59 pm
A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that lead to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.
by BrianKrebs on July 20, 2021 at 9:30 pm
A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.
by BrianKrebs on July 19, 2021 at 9:11 pm
Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.
Dark Reading: Dark Reading: Connecting the Information and Security Community
by Ericka Chickowski Contributing Writer on July 28, 2021 at 7:00 pm
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
by Tanner Johnson Principal Analyst, Data Security, Omdia on July 23, 2021 at 6:50 pm
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
by Ericka Chickowski Contributing Writer on July 22, 2021 at 4:45 pm
A sneak peek of some of the main themes at Black Hat USA next month.
by Dark Reading Staff on July 19, 2021 at 9:24 pm
Campbell Conroy & O’Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
by Jai Vijayan Contributing Writer on July 19, 2021 at 8:40 pm
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
- AirDropped Gun Photo Causes Terrorist Scare
by Bruce Schneier on July 29, 2021 at 11:52 am
A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched.
The teen was not allowed to reboard. I can’t find any information about whether he was charged with any of those vague “terrorist threat” crimes.
It’s been a long time since we’ve had one of these sorts of overreactions.
- De-anonymization Story
by Bruce Schneier on July 28, 2021 at 11:03 am
This is important:
Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work, vacation home, family members’ addresses, and more.
The data that resulted in Burrill’s ouster was reportedly obtained through legal means. Mobile carriers sold — and still sell — location data to brokers who aggregate it and sell it to a range of buyers, including advertisers, …
- Hiding Malware in ML Models
by Bruce Schneier on July 27, 2021 at 11:25 am
Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”.
Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and have a good generalization ability. By embedding malware into the neurons, malware can be delivered covertly with minor or even no impact on the performance of neural networks. Meanwhile, since the structure of the neural network models remains unchanged, they can pass the security scan of antivirus engines. Experiments show that 36.9MB of malware can be embedded into a 178MB-AlexNet model within 1% accuracy loss, and no suspicious are raised by antivirus engines in VirusTotal, which verifies the feasibility of this method. With the widespread application of artificial intelligence, utilizing neural networks becomes a forwarding trend of malware. We hope this work could provide a referenceable scenario for the defense on neural network-assisted attacks…
- Disrupting Ransomware by Disrupting Bitcoin
by Bruce Schneier on July 26, 2021 at 11:30 am
Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. The first is the realization that no one values data more than its original owner, and it makes more sense to ransom it back to them — sometimes with the added extortion of threatening to make it public — than it does to sell it to anyone else. The second is a safe way of collecting ransoms: bitcoin.
This is where the suggestion to ban cryptocurrencies as a way to “solve” ransomware comes from. Lee Reiners, executive director of the Global Financial Markets Center at Duke Law, …
- Friday Squid Blogging: The Evolution of Squid
by Bruce Schneier on July 23, 2021 at 8:58 pm
Good video about the evolutionary history of squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Naked Security Computer Security News, Advice and Research
by Paul Ducklin on July 29, 2021 at 1:20 am
Ut tensio, sic uis! Does twice the bug pile on twice the pressure to fix it?
by Paul Ducklin on July 27, 2021 at 6:39 pm
You’re probably expecting us to say, “Patch early, patch often.” And that is EXACTLY what we’re saying!
by Paul Ducklin on July 26, 2021 at 6:10 pm
A cute name but an annoying and potentially damaging attack. Here’s what to do.
by Paul Ducklin on July 23, 2021 at 6:40 pm
O, what a tangled web we weave/When first we practise to deceive!
by Paul Ducklin on July 22, 2021 at 6:38 pm
Latest episode – listen now!