Trending Articles

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

GUEST ESSAY: A primer on why AI could be your company’s cybersecurity secret weapon in 2022

The Last Watchdog

Artificial intelligence (AI) is woven into the fabric of today’s business world. However, business model integration of AI is in its infancy and smaller companies often lack the resources to leverage AI. Related: Deploying human security sensors. Even so, AI is useful across a wide spectrum of industries. There already are many human work models augmented by AI. Understanding the established models before integrating AI is critical.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

IRS Will Soon Require Selfies for Online Access

Krebs on Security

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year.

Access 284

Are You Prepared to Defend Against a USB Attack?

Dark Reading

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause

112
112

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Emotet spam uses unconventional IP address formats to evade detection

Security Affairs

Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection.

More Trending

GUEST ESSAY: Here’s why EDR and XDR systems failed to curtail the ransomware wave of 2021

The Last Watchdog

Looking back, 2021 was a breakout year for ransomware around the globe, with ransoms spiking to unprecedented multi-million dollar amounts. Related: Colonial Pipeline attack ups ransomware ante. All this while Endpoint Detection and Response system (EDR) installations are at an all-time high. EDR systems are supposed to protect IT system endpoints against these very malware, ransomware, and other types of malicious code.

REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums

Dark Reading

Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say

Molerats cyberespionage group uses public cloud services as attack infrastructure

Security Affairs

Cyberespionage group Molerats has been observed abusing legitimate cloud services, like Google Drive and Dropbox as attack infrastructure.

Cloud 110

Europe’s Move Against Google Analytics Is Just the Beginning

WIRED Threat Level

Austria’s data regulator has found that the use of Google Analytics is a breach of GDPR. In the absence of a new EU-US data deal, other countries may follow. Security Security / Privacy

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents?

San Francisco Police Illegally Spying on Protesters

Schneier on Security

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests.

IT 97

Fraud Is On the Rise, and It's Going to Get Worse

Dark Reading

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud

A bug in McAfee Agent allows running code with Windows SYSTEM privileges

Security Affairs

McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166 , that resides in McAfee Agent software for Windows.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Crypto.com Finally Admits It Lost $30 Million in a Hack

WIRED Threat Level

Plus: Scammer arrests, the NSA plays defense, and more of the week's top security news. Security Security / Security News

IT 82

CISA, Microsoft Warn of Wiper Malware Amid Russia-Ukraine Tensions

eSecurity Planet

The U.S. government agency overseeing cybersecurity is urging the country’s businesses and other organizations to take the necessary steps to protect their networks from any spillover that might occur from the ongoing cyberattacks aimed at Ukraine government agencies and private companies.

Are Fake COVID Testing Sites Harvesting Data?

Schneier on Security

Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results.

IT Leaders Consider Security Tech a Part of Business Transformation

Dark Reading

Security makes the top 10 list of technologies changing how organizations operate, an indicator of how information security is increasingly viewed as a strategic business initiative

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

MoonBounce UEFI implant spotted in a targeted APT41 attack

Security Affairs

Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the China-linked APT41 cyberespionage group using a UEFI implant , dubbed MoonBounce, to maintain persistence.

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

Threatpost

McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges. Vulnerabilities Web Security

IT 114

How to activate multifactor authentication everywhere

Thales Cloud Protection & Licensing

How to activate multifactor authentication everywhere. divya. Thu, 01/20/2022 - 10:19. The impact of not having multifactor authentication (MFA) activated for all users is now well known by enterprises.

Linux-Targeted Malware Increased by 35%

Schneier on Security

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021.

84

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

A Level-Set on Russia-Borne Cyber Threats

Dark Reading

As hostilities mount between Russia and Ukraine, new and more dangerous cyberattacks are likely to develop. Pinpointing sources and motives will remain elusive, but enterprises should prepare for an escalation in cyberspace

100
100

Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack

Security Affairs

Two critical security vulnerabilities in Control Web Panel potentially expose Linux servers to remote code execution attacks. Researchers from Octagon Networks disclosed details of two critical security flaws in Control Web Panel that potentially expose Linux servers to remote code execution attacks.

20K WordPress Sites Exposed by Insecure Plugin REST-API

Threatpost

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. Vulnerabilities Web Security

Weekly Update 279

Troy Hunt

It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I should speak about the one that frankly, upset me, but I felt it would be somewhat disingenuous not to.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

China’s Olympics App Is Horribly Insecure

Schneier on Security

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.

5 AI and Cybersecurity Predictions for 2022

Dark Reading

Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware

OpenSubtitles data breach impacted 7 million subscribers

Security Affairs

OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers.