Fri.Sep 17, 2021

Good News: REvil Ransomware Victims Get Free Decryptor

Data Breach Today

Many Files Crypto-Locked Before July 13 Unlockable via Free Bitdefender Decryptor Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

WIRED Threat Level

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Mirai Botnet Actively Exploiting OMIGOD Flaw

Data Breach Today

Apple and Google Go Further Than Ever to Appease Russia

WIRED Threat Level

The tech giants have set a troubling new precedent. Security Security / Security News

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

US Warns Nation-State Groups May Exploit Flaw in Zoho Tool

Data Breach Today

FBI, CISA, Coast Guard Release Joint Warning and Urge Customers to Patch CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit.

More Trending

Nigerian Hacker Connected to Aviation Industry Attacks

Data Breach Today

Researchers: Attacker Sold Pilfered Airline Data on the Darknet Cisco Talos researchers have connected a previously discovered series of aviation industry attacks stretching back more than three years to a Nigeria-based attacker.

219
219

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Security Affairs

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system.

OCC's Hsu Addresses Need for Cryptocurrency Oversight

Data Breach Today

Calls for Global Cryptocurrency Regulation Escalate as US Explores Options Amid growing calls for cryptocurrency regulations, the U.S.

201
201

Zero-Click iMessage Exploit

Schneier on Security

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Uncategorized Apple exploits patching spyware vulnerabilities

99

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Fraudster Gets 12-Year Sentence for AT&T 'Unlocking' Scheme

Data Breach Today

Man Allegedly Recruited, Trained AT&T Employees to Act as Hackers A dual citizen of Pakistan and Grenada has been sentenced to 12 years in prison for orchestrating a seven-year scheme that unlawfully unlocked nearly 2 million AT&T smartphones, which the carrier says amounted to $200 million in subscriber losses, according to the U.S. DOJ.

189
189

German Election body hit by a cyber attack

Security Affairs

A spokesman for the authority running Germany’s September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany’s September 26 general election, reported AFP.

Is White House Crackdown on Ransomware Having Any Effect?

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits

Attackers Exploit OMIGOD Flaw in Azure Despite Microsoft Fixes

eSecurity Planet

Cybercriminals are targeting Linux-based servers running Microsoft’s Azure public cloud environment that are vulnerable to flaws after Microsoft didn’t automatically apply a patch on affected clients in its infrastructure.

Risk 90

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Infrastructure, Security, and the Need for Visibility

Dark Reading

Government authorities are increasingly trying to bolster critical infrastructure security. But investments in next-generation solutions won't go far enough without also addressing security and operational fundamentals

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems.

How Should the CSO Work With the Chief Privacy Officer?

Dark Reading

The chief security officer needs to be in constant communication with the chief privacy officer about what's working or not working

Securing Home Employees with Enterprise-Class Solutions

eSecurity Planet

The number of employees working remotely skyrocketed during the COVID-19 pandemic, and many companies appear likely to continue with a hybrid work model when things return to normal.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

IoT 'Nutrition' Labels Aim to Put Security on Display

Dark Reading

NIST has laid the groundwork for an easy-to-understand way to communicate to consumers the security of software and connected devices

A New App Helps Iranians Hide Messages in Plain Sight

WIRED Threat Level

Nahoft uses encryption to turn chats into a random jumble of words, and it works even when the internet doesn’t. Security Security / Privacy

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

Threatpost

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan. Malware Mobile Security

Hackers Alter Cobalt Strike Beacon to Target Linux Environments

eSecurity Planet

A significant part of hacking consists of diverting the function of existing systems and software, and hackers often use legitimate security tools to perform cyber attacks.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

Threatpost

Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. Malware Vulnerabilities

Mirai Botnet Exploiting OMIGOD Azure Vulnerability

Dark Reading

Microsoft patched four Open Management Infrastructure flaws earlier this week

71

Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

Security Affairs

The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them.

Risk 71

New Report Examines Top Threats Discussed at Black Hat USA

Dark Reading

Supply chain security and vulnerabilities in enterprise software were among the threats most dicussed at this year's show, survey data reveals

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Weekly Update 261

Troy Hunt

Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids.

International Insider Threat: DoJ Fines US Intel Officials Who Aided UAE

Dark Reading

Three former US intelligence operatives have been fined $1,685,000 for aiding the United Arab Emirates in widespread hacking campaigns

64

New tolling systems are poised to hit highways via Axios

IG Guru

Check out the article here. The post New tolling systems are poised to hit highways via Axios appeared first on IG GURU. Business IG News information privacy Risk News Axios Cars IOT Privacy Taxes

IoT 58