Close

May 31, 2019

Latest Cyber Security News

Threatpost The First Stop For Security News

WeLiveSecurity News, views, and insight from the ESET security community

McAfee Blogs Securing Tomorrow. Today.

  • Introducing MVISION Cloud Firewall – Delivering Protection Across All Ports and Protocols

    by Sadik Al-Abdulla on July 29, 2021 at 3:17 pm

    Architected for the cloud-first and remote-first deployments, MVISION Cloud Firewall secures access to applications and resources on the internet, accessed from every remote site and location, through a cloud-native service model. The solution inspects end-to-end user traffic – across all ports and protocols, enabling unified visibility and policy enforcement across the organizational footprint. Powered by
    The post Introducing MVISION Cloud Firewall – Delivering Protection Across All Ports and Protocols appeared first on McAfee Blogs.

  • Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems?

    by Thibault Seret on July 29, 2021 at 4:01 am

    Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the occasional dedicated Unix or Linux based ransomware, but cross-platform ransomware was not happening yet. However, cybercriminals never sleep and in recent months we noticed that several ransomware gangs were experimenting
    The post Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? appeared first on McAfee Blogs.

  • It’s All About You: McAfee’s New All-Consumer Focus

    by Steve Grobman on July 28, 2021 at 2:06 pm

    This week, McAfee took an exciting new step in our journey—we are now a pure-play consumer company. What does that mean for consumers? It means that McAfee will be able to focus 100% of our talent and expertise on innovation and development that directly enables and improves the products and services that protect you and your family.  It’s the right time to take
    The post It’s All About You: McAfee’s New All-Consumer Focus appeared first on McAfee Blogs.

  • What is a VPN and Can it Hide My IP Address?

    by Baker Nanduru on July 27, 2021 at 12:23 pm

    There’s a lot of misinformation about Virtual Private Networks, what they do, and the security benefits they offer. For this article, I’d like to do some myth-busting about how a VPN actually works and why you should use one.  What is a VPN and how does it protect me?  A VPN is an app that you install on your device to help keep your personal data safe as you browse the internet   You may
    The post What is a VPN and Can it Hide My IP Address? appeared first on McAfee Blogs.

  • 9 Tips to Help Kids Avoid Popular App Scams

    by Toni Birdsong on July 26, 2021 at 12:22 pm

     There’s a lot of conversation going on right now around digital apps; only it’s not about TikTok or Twitch. Instead, it’s about the spike in the number of app scams taking place every day—many of them impacting younger consumers.  In a recent report from The Washington Post, nearly two percent of the apps downloaded from the Apple store in a single day were scams costing consumers an estimated $48 million. A similar report this week in Tech Republic estimates more than
    The post 9 Tips to Help Kids Avoid Popular App Scams appeared first on McAfee Blogs.

Hacker News Links for the intellectually curious, ranked by readers.

Krebs on Security In-depth security news and investigation

  • The Life Cycle of a Breached Database

    by BrianKrebs on July 29, 2021 at 4:20 pm

    Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

    Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse.

  • PlugwalkJoe Does the Perp Walk

    by BrianKrebs on July 26, 2021 at 6:18 pm

    One day after last summer’s mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph “PlugwalkJoe” O’Connor appeared to have been involved in the incident. When the Justice Department last week announced O’Connor’s arrest and indictment, his alleged role in the Twitter compromise was well covered in the media.

    But most of the coverage so far seem to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks — all in a bid to seize control over highly-prized social media accounts.

  • Serial Swatter Who Caused Death Gets Five Years in Prison

    by BrianKrebs on July 21, 2021 at 7:59 pm

    A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that lead to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.

  • Spam Kingpin Peter Levashov Gets Time Served

    by BrianKrebs on July 20, 2021 at 9:30 pm

    A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.

  • Don’t Wanna Pay Ransom Gangs? Test Your Backups.

    by BrianKrebs on July 19, 2021 at 9:11 pm

    Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective. 

Dark Reading: Dark Reading: Connecting the Information and Security Community

  • AirDropped Gun Photo Causes Terrorist Scare
    by Bruce Schneier on July 29, 2021 at 11:52 am

    A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched.
    The teen was not allowed to reboard. I can’t find any information about whether he was charged with any of those vague “terrorist threat” crimes.
    It’s been a long time since we’ve had one of these sorts of overreactions.

  • De-anonymization Story
    by Bruce Schneier on July 28, 2021 at 11:03 am

    This is important:
    Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work, vacation home, family members’ addresses, and more.

    The data that resulted in Burrill’s ouster was reportedly obtained through legal means. Mobile carriers sold­ — and still sell — ­location data to brokers who aggregate it and sell it to a range of buyers, including advertisers, …

  • Hiding Malware in ML Models
    by Bruce Schneier on July 27, 2021 at 11:25 am

    Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”.
    Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and have a good generalization ability. By embedding malware into the neurons, malware can be delivered covertly with minor or even no impact on the performance of neural networks. Meanwhile, since the structure of the neural network models remains unchanged, they can pass the security scan of antivirus engines. Experiments show that 36.9MB of malware can be embedded into a 178MB-AlexNet model within 1% accuracy loss, and no suspicious are raised by antivirus engines in VirusTotal, which verifies the feasibility of this method. With the widespread application of artificial intelligence, utilizing neural networks becomes a forwarding trend of malware. We hope this work could provide a referenceable scenario for the defense on neural network-assisted attacks…

  • Disrupting Ransomware by Disrupting Bitcoin
    by Bruce Schneier on July 26, 2021 at 11:30 am

    Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. The first is the realization that no one values data more than its original owner, and it makes more sense to ransom it back to them — sometimes with the added extortion of threatening to make it public — than it does to sell it to anyone else. The second is a safe way of collecting ransoms: bitcoin.
    This is where the suggestion to ban cryptocurrencies as a way to “solve” ransomware comes from. Lee Reiners, executive director of the Global Financial Markets Center at Duke Law, …

  • Friday Squid Blogging: The Evolution of Squid
    by Bruce Schneier on July 23, 2021 at 8:58 pm

    Good video about the evolutionary history of squid.
    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
    Read my blog posting guidelines here.

Naked Security Computer Security News, Advice and Research

Subscribe To Newsletter

News and campaigns you will enjoy to hear...