Wed.Dec 02, 2020

Serious Apple iOS Exploit Enabled Nearby Device Takeover

Data Breach Today

Zero-Click Exploit' Hacked 'Any Device in Radio Proximity' via WiFi Until May, all Apple iOS devices were vulnerable to a "zero-click exploit" that would have allowed hackers to remotely gain complete control and view all emails, photos, private messages and more, says Google security researcher Ian Beer.

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

A New IVR Fraud Solution to Protect Banking Institutions and Customers

Data Breach Today

Pindrop's Mark Horne on How to Shift from Call-Centric to Account-Centric Defense Fraud in the interactive voice response channel was growing before the pandemic. Since? IVR fraud has become "a fraudsters' playground," says Mark Horne, CMO of Pindrop.

179
179

Impressive iPhone Exploit

Schneier on Security

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ — over Wi-Fi, with no user interaction required at all.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

FBI: BEC Scams Are Using Email Auto-Forwarding

Data Breach Today

Fraudsters' Tactics Make Detection More Difficult Fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the FBI warns

175
175

More Trending

K12, Online Curriculum Provider, Pays Ransom to Hackers

Data Breach Today

Ransomware Attackers Exfiltrated Data K12, a company offering online school curricula, says it paid a ransom after a recent ransomware attack in exchange for the hackers agreeing not to release stolen data

A Broken Piece of Internet Backbone Might Finally Get Fixed

WIRED Threat Level

Efforts to secure the Border Gateway Protocol have picked up critical momentum, including a big assist from Google. Security Security / Security News

Interpol: Organized Crime to Capitalize on COVID-19 Vaccines

Data Breach Today

Meanwhile, North Korean Hackers Suspected of Targeting Vaccine Makers Interpol, the international law enforcement organization, is warning of a potential surge in organized crime activity tied to COVID-19 vaccines.

161
161

Google discloses a zero-click Wi-Fi exploit to hack iPhone devices

Security Affairs

Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack iPhone devices.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

DarkIRC Botnet Exploiting Oracle WebLogic Vulnerability

Data Breach Today

Researchers: Malware Offered for Sale for $75 A botnet called DarkIRC is exploiting a remote execution vulnerability in Oracle WebLogic, according to Juniper Threat Labs. Meanwhile, the malware used to create the botnet is being offered for sale on a darknet hacking forum

Sales 158

K12 education giant paid the ransom to the Ryuk gang

Security Affairs

Online education giant K12 Inc. was hit by Ryuk ransomware in the middle of November and now has paid a ransom to avoid data leak. The education company Online education giant K12 Inc. has paid a ransom to the ransomware operators after the gang infected its systems in November. K12 Inc.

Russian Hacking Group's Backdoor Uses Dropbox

Data Breach Today

Researchers Describe Turla Group's 'Crutch' Malware As part of a cyberespionage campaign, the Russian hacking group known as Turla deployed a backdoor called "Crutch" that uses Dropbox resources to help gather stolen data, according to the security firm ESET

Loyal Employee. or Cybercriminal Accomplice?

Dark Reading

Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look

100
100

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

This Company Uses AI to Outwit Malicious AI

WIRED Threat Level

Robust Intelligence is among a crop of companies that offer to protect clients from efforts at deception. Business Business / Artificial Intelligence Security

Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet

Dark Reading

Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching

IT 100

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

Security researcher Tolijan Trajanovski ( @tolisec ) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb , shared with me samples of a botnet that propagates using weblogic exploit.

Automated Pen Testing: Can It Replace Humans?

Dark Reading

These tools have come a long way, but are they far enough along to make human pen testers obsolete

IT 96

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

iPhone Bug Allowed for Complete Device Takeover Over the Air

Threatpost

Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.

Malware, Adware Disguised As Minecraft Mods Infect Over 1 Million Android Devices

Adam Levin

Android users trying to install mods for the wildly popular game title Minecraft may be unintentionally installing adware and malware to their devices.

IT 76

Open Source Flaws Take Years to Find But Just a Month to Fix

Dark Reading

Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report

APT groups targets US Think Tanks, CISA, FBI warn

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning of attacks carried out by threat actors against United States think tanks.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Free Mobile App Measures Your Personal Cyber Risk

Dark Reading

New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis

Risk 76

Rethinking work with APIs

OpenText Information Management

Faced with the rapid transition to remote work, the shift to digital customer interactions and global supply chain disruptions caused by the global pandemic, organizations are beginning to rethink the way they work.

Cybersecurity in the Biden Administration: Experts Weigh In

Dark Reading

Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a "return to normal

Xerox DocuShare Bugs Allowed Data Leaks

Threatpost

CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes. Cloud Security Vulnerabilities document management IBM opentext Oracle OWASP Foundation SSRF attacks Xerox XXE attack

Cloud 88

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

FBI: BEC Scammers Could Abuse Email Auto-Forwarding

Dark Reading

Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks

75

Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash

Threatpost

The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts. Privacy Web Security Data Privacy Microsoft Microsoft 365 microsoft teams Office 365 Outlook productivity score skype workplace surveillance

Security Slipup Exposes Health Records & Lab Results

Dark Reading

NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online