Mon.Sep 13, 2021

Apple Patched iMessage. But Can It Be Made Safer Overall?

Data Breach Today

Citizen Lab Says iMessage Exploit Delivered NSO's Pegasus Spyware Apple patched a software vulnerability on Monday that researchers say was used to deliver spyware via its iMessage platform to the mobile phones of activists.

IT 238

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

The Last Watchdog

Surfshark wants to help individual citizens take very direct control of their online privacy and security. Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. Related: Turning humans into malware detectors. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Live Study Results Webinar: 2021 Cybersecurity Complexity Research Survey

Data Breach Today

Attacks such as SolarWinds and Colonial Pipeline show that adversaries are not only stealthy, persistent and patient … but they also are taking advantage of our complexity – the sheer number of disparate tools, vendors and over-burdened staff that enterprises have cobbled together for defense, leaving dangerous gaps in detection and response.

BlackMatter ransomware gang hit Technology giant Olympus

Security Affairs

Technology giant Olympus announced it was the victim of a ransomware attack and is currently investigating the extent of the incident. Olympus issued a statement to announce that its European, Middle East and Africa computer network was hit by a ransomware attack.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

HHS Warns Health Sector of BlackMatter Attacks

Data Breach Today

Advisory Says Ransomware Gang Is an 'Elevated Threat' for Healthcare Federal regulators are alerting healthcare and public health sector entities of the "elevated threat" for potential ransomware attacks by BlackMatter, despite the gang's purported claims that it is not targeting "critical infrastructure" organizations, such as hospitals.

More Trending

Olympus: 'Potential Cyber Incident' Disrupted EMEA System

Data Breach Today

Some Reports Suggest BlackMatter Was Attacker Olympus, a Japanese company that manufactures optics and reprography products, reports that a portion of its IT system in the EMEA region was affected by a "potential cybersecurity incident."

Google addresses a new Chrome zero-day flaw actively exploited in the wild

Security Affairs

Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released Chrome 93.0.4577.82

House Bill Seeks to Insulate CISA Director From Politics

Data Breach Today

Bipartisan Measure Would Give Cybersecurity Agency Leader 5-Year Term A bipartisan group of lawmakers wants to better insulate the director of CISA from political pressure by giving the role a defined five-year term that could keep the agency's leader in place even when presidential administrations change.

Designing Contact-Tracing Apps

Schneier on Security

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic. Uncategorized academic papers COVID-19 geolocation medicine privacy smartphones

Paper 81

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

IT-OT Convergence: Taking the Right Security Measures

Data Breach Today

Meralco's Mel Migriño on How to Ensure OT Security In addition to doing asset inventory, it is important to profile the risks of each asset to ensure OT security, says Mel Migriño, vice president and group CISO at Meralco, the largest power distribution unit in the Philippines

IT 142

Top Threat Intelligence Platforms for 2021

eSecurity Planet

Key features in a top threat intelligence platform include the consolidation of threat intelligence feeds from multiple sources, automated identification and containment of new attacks, security analytics, and integration with other security tools like SIEM , next-gen firewalls (NGFW) and EDR.

Indonesian Intelligence Agency Reportedly Breached

Data Breach Today

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Security Affairs

Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in the wild.

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Bad News: Innovative REvil Ransomware Operation Is Back

Data Breach Today

Group Specializing in Big Game Hunting Has Amassed Millions in Ransom Payments Security experts say the notorious REvil - aka Sodinokibi - ransomware-as-a-service operation, which went dark in July, appears to be back in business.

Popular NPM package Pac-Resolver affected by a critical flaw

Security Affairs

Experts found a critical flaw, tracked as CVE-2021-23406, in the popular NPM package ‘ Pac-Resolver ‘ that has millions of downloads every week.

REvil’s Back; Coder Fat-Fingered Away Its Decryptor Key

Threatpost

How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That’s how we sh*t ourselves.”. Malware

New Spook.Js attack allows to bypass Google Chrome Site Isolation protections

Security Affairs

Spook.js is a new side-channel attack on modern processors that can allow bypassing Site Isolation protections implemented in Google Chrome.

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

Apple Issues Emergency Fix for NSO Zero-Click Zero Day

Threatpost

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches. Breaking News Malware Mobile Security Privacy Vulnerabilities Web Security

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Security Affairs

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud.

Records Managers in Australia, New Zeeland, the US, and Canada are encouraged to respond to Curtin University Survey

IG Guru

Dear records professional, We are conducting a research project that assesses records professionals’ perceptions of their professional identity.

Honing Cybersecurity Strategy When Everyone’s a Target for Ransomware

Threatpost

Aamir Lakhani, researcher at FortiGuard Labs, explains why organizations must extend cyber-awareness training across the entire enterprise, from Luddites to the C-suite. InfoSec Insider Malware Web Security

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Authenticating Communication Screenshots

eDiscovery Daily

Text messages and social media evidence can offer a plethora of relevant data. However, screenshots are not a reliable form of authenticating digital communication. Whether its Slack, Facebook Messenger, or email, screenshots of digital evidence can be easily fabricated. Screenshot Failures in Court.

Authentication and access management increasingly perceived as core to Zero Trust Security

Thales Cloud Protection & Licensing

Authentication and access management increasingly perceived as core to Zero Trust Security. madhav. Tue, 09/14/2021 - 05:52. The changing global environment has brought many changes to all organizations.

WhatsApp’s End-to-End Encryption Isn’t Actually Broken

Threatpost

WhatsApp’s moderators sent messages flagged by intended recipients. Researchers say this isn't concerning -- yet. Cryptography Mobile Security

Best beginner cyber security certifications

IT Governance

Are you considering a career in cyber security? With so many training courses and qualifications available, it can be hard to know where to begin. There is of course no single, right answer. It all depends on your existing skills and interests.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

Threatpost

The security vulnerability can be exploited with a malicious CSV file. Vulnerabilities Web Security

IoT Advantages & Disadvantages

Record Nations

The term IoT may be new to some, but the expression has been around since roughly 1999. IoT stands for “the internet of things.” The internet of things is simply all of the interconnected devices around us that exchange information over a network.

IoT 52

Part 1: OMG! Not another digital transformation article! Is it about understanding the business drivers?

ARMA International

Abstract. Humans have used technology to transform their societies from prehistoric times up to the present. Society begrudgingly accepted the transformative changes, yet the changes moved society forward. Now information technologies and the information revolution are again transforming society.