2021, Data, Information Security and Security - Information Management Today

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. “Some telemetry data is shown below. 2021-12-22 18:38:18 2021-12-23 11:33:58.

Manufacturing

Manufacturing File names Archiving Encryption

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Thales Cloud Protection & Licensing

MARCH 23, 2022

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. Thu, 03/24/2022 - 05:00. The 2022 Thales Data Threat Report, based on data from a survey of almost 2,800 respondents from 17 countries across the globe, illustrates these trends and changes. 2021 Report. 2022 Report.

Risk

Risk Security Encryption Ransomware

It is your data in their cloud, make sure it is secure!

Thales Cloud Protection & Licensing

JANUARY 17, 2022

It is your data in their cloud, make sure it is secure! Tue, 01/18/2022 - 05:32. It is your data in their cloud after all - and you need to make sure your most valuable assets are secure! Security controls for Cloud Service Providers are notoriously tough to figure out and can be easy to overlook.

Cloud

Cloud IT Security Digital transformation

BlackMatter ransomware also targets VMware ESXi servers

Security Affairs

AUGUST 5, 2021

Lile other ransomware operations, BlackMatter also set up its leak sitewhere it will publish data exfiltrated from the victims before encrypting their system. So it is BlackMatter: [link] And then the similarities to DarkSide ( [link] ) not surprising… — MalwareHunterTeam (@malwrhunterteam) August 5, 2021.

Ransomware

Ransomware Encryption IT Access

Google addresses a high severity flaw in V8 engine in Chrome

Security Affairs

APRIL 28, 2021

Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227 , in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser.

Cybersecurity

Cybersecurity Security IT Information Security

What Can Businesses Do to Adapt to the Evolving Technology, Breach Threats and Regulatory Challenges?

Thales Cloud Protection & Licensing

MAY 18, 2021

Tue, 05/18/2021 - 12:57. Increased remote working and accelerated cloud transformation have driven organizations to rethink how they do security, especially cloud security. Focusing on protecting data in the cloud, we have seen that many cloud service providers are offering native security solutions.

Encryption

Encryption Cloud Digital transformation Authentication

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. 05 Sep 2020 – Vulnerabilities details reported to Netgear. 17 Sep 2020 – Netgear published a security advisory for the most critical issue. Pierluigi Paganini.

Authentication

Authentication Security IT Access

Hackers exploit 3-years old flaw to wipe Western Digital devices

Security Affairs

JUNE 25, 2021

All WD is going to ask if we created a “Safepoint” which we could then recover the data from the last saved point. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,” reads the security advisory. Pierluigi Paganini.

Security

Security Access IT Cybersecurity

Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina

Security Affairs

MAY 31, 2022

The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.” ” This week, the cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) doc”) that was uploaded to VirusTotal from Belarus. Pierluigi Paganini.

Cybersecurity

Cybersecurity Security IT Access

CryptoAgility to take advantage of Quantum Computing

Thales Cloud Protection & Licensing

MAY 4, 2021

Tue, 05/04/2021 - 09:40. The same goes with the advent of Quantum Computing , which is supposed to bring exponential computing power that shall not only bring endless benefits but also raises question marks on the current state of cryptography that is the bedrock of all information security as we know today.

Computer and Electronics

Computer and Electronics IoT Communications Risk

WhatsApp flaws could have allowed hackers to remotely hack mobile devices

Security Affairs

APRIL 14, 2021

WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. The attacks stem from the ability of attackers to compromise an app by manipulating certain data being exchanged between it and the external storage. PSK keys and TLS 1.2 Master Secrets.

Communications

Communications Encryption Access Phishing

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

The new variant also implements new features for data-stealing focused on cryptocurrency apps. XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks.

Ransomware

Ransomware Encryption IT Security

Risky Business Aging critical infrastructure networks and advanced attacks

Thales Cloud Protection & Licensing

MAY 13, 2021

Thu, 05/13/2021 - 08:34. Ransomware is the outcome of the overarching problem of underlying network security shortcomings and unauthorized access to critical infrastructure leaving it vulnerable to cyberattacks. And unfortunately, security is often an afterthought. Data Manipulation. The Ugly Truth.

Energy and Utilities

Energy and Utilities Encryption Access Ransomware

Conti ransomware gang also breached Ireland Department of Health (DoH)

Security Affairs

MAY 19, 2021

“The National Cyber Security Centre (NCSC) became aware on Thursday of an attempted cyber attack on the Department of Health. ” The National Cyber Security Centre (NCSC) also published an alert titled “Ransomware Attack on Health Sector” that included technical details on the attack. ” reads the alert.

Ransomware

Ransomware Encryption File names IoT

New variant for Mac Malware XCSSET compiled for M1 Chips

Security Affairs

MARCH 13, 2021

XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Ransomware

Ransomware Encryption IT Security

Authentication and access management increasingly perceived as core to Zero Trust Security

Thales Cloud Protection & Licensing

SEPTEMBER 13, 2021

Authentication and access management increasingly perceived as core to Zero Trust Security. Tue, 09/14/2021 - 05:52. While many consider that remote access to corporate resources and data as the key disruption, security teams had to face many more challenges. State of Multi-Factor Authentication.

Authentication

Authentication Access Security Cloud

To Achieve Zero Trust Security, Trust The Human Element

Thales Cloud Protection & Licensing

MAY 6, 2021

To Achieve Zero Trust Security, Trust The Human Element. Thu, 05/06/2021 - 08:41. In our previous blogs we have discussed the many challenges that organizations face as they are seeking to embrace the Zero Trust security model. Just like Hercules and the road of Virtue, Zero Trust is a path leading to better security.

Security

Security Authentication Access Passwords

Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

Security Affairs

MAY 10, 2021

SSL Stripping (aka SSL Downgrade Attack) allows downgrading connection from secure HTTPS to HTTP which could expose the traffic to eavesdropping and data manipulation. . ” Threat actors operated more than 26% of the tor network’s exit relay capacity two times in the last year, reaching 27% in February 2021.

Security

Security Access IT Cybersecurity

How Not to Pay the Ransom? No Soup For You, Ransomware!

Thales Cloud Protection & Licensing

AUGUST 11, 2021

Thu, 08/12/2021 - 05:19. Be it health care or information security, it reasonably attempts to take actions in advance. There are plenty of guidelines laying down basic and advanced steps for identifying dangerous entries by leveraging high-tech security suites. Yes, data is a critical asset. Not for addicts.

Ransomware

Ransomware Encryption Insurance Honeypots

Lazarus BTC Changer. Back in action with JS sniffers redesigned to steal crypto

Security Affairs

APRIL 15, 2021

The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more cybercriminals, and JS-sniffers became one of the most prominent sources of stolen bank cards on underground markets. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

e-Discovery

e-Discovery IT Marketing Security

How to Accelerate Government Transformation by Reducing Risk, Complexity, and Cost

Thales Cloud Protection & Licensing

JUNE 27, 2022

Tue, 06/28/2022 - 05:19. From smart cities and digital IDs to open government and better governance, the Cloud, Big Data, IoT and Artificial Intelligence have enabled a wide range of digital government initiatives. The days of dreadful long lines at crowded and inefficient government agencies may be coming to an end.

Government

Government Risk Artificial Intelligence Big data

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

#Spy #Ousaban I Found old sample that work in same way of mentioned tweet Reference [link] Run [link] cc @ffforward @lazyactivist192 @sirpedrotavares @sugimu_sec @verovaleros @Jan0fficial @guelfoweb @1ZRR4H @__4ndr3y [link] pic.twitter.com/szw5ngFr6z — JAMESWT (@JAMESWT_MHT) February 3, 2021. MSI file – The Javali Dropper.

Libraries

Libraries Communications Phishing Encryption

Information Management Today

New RedLine malware version distributed as fake Omicron stat counter

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Trending Sources

It is your data in their cloud, make sure it is secure!

BlackMatter ransomware also targets VMware ESXi servers

Google addresses a high severity flaw in V8 engine in Chrome

What Can Businesses Do to Adapt to the Evolving Technology, Breach Threats and Regulatory Challenges?

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Hackers exploit 3-years old flaw to wipe Western Digital devices

Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina

CryptoAgility to take advantage of Quantum Computing

WhatsApp flaws could have allowed hackers to remotely hack mobile devices

XCSSET malware now targets macOS 11 and M1-based Macs

Risky Business Aging critical infrastructure networks and advanced attacks

Conti ransomware gang also breached Ireland Department of Health (DoH)

New variant for Mac Malware XCSSET compiled for M1 Chips

Authentication and access management increasingly perceived as core to Zero Trust Security

To Achieve Zero Trust Security, Trust The Human Element

Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

How Not to Pay the Ransom? No Soup For You, Ransomware!

Lazarus BTC Changer. Back in action with JS sniffers redesigned to steal crypto

How to Accelerate Government Transformation by Reducing Risk, Complexity, and Cost

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Stay Connected