September, 2021

Researcher Finds Malware Targeting Mac Users via Baidu Ad

Data Breach Today

The Ad, Now Deleted, Lured Users to a Phishing Website to Harvest Credentials Chinese security researcher Zhi has discovered a malware targeting Mac users. The malware, spread via a paid advertisement on search engine Baidu, is intended to harvest user credentials, he says.

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Why it’s worrisome that China has integrated Huawei switches into telecoms worldwide

The Last Watchdog

In the previous discussion, China’s 14th Five-Year Plan was summarized to capture relevant aspects of dual circulation, the Digital Silk Road (DSR), and the Belt Road Initiative (BRI) that aim to advance China as an economic, technological, and foreign policy powerhouse.

IT 154

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

WIRED Threat Level

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News

More Trending

Microsoft Will Mitigate Brute-Force Bug in Azure AD

Data Breach Today

Microsoft Sparred with SecureWorks Over Impact But Relents Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory.

Risk 281

The Rise of One-Time Password Interception Bots

Krebs on Security

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

The Last Watchdog

An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Cloud 126

Telegram is becoming the paradise of cyber criminals

Security Affairs

Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools.

Sales 108

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Apple and Google Go Further Than Ever to Appease Russia

WIRED Threat Level

The tech giants have set a troubling new precedent. Security Security / Security News

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data.

FTC: Health App, Device Makers Must Report Breaches

Data Breach Today

But Does the 'Policy Statement' Warning Overstep the Intention of the Rule?

282
282

Does Your Organization Have a Security.txt File?

Krebs on Security

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks.

Retail 220

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

Assessing the risks involved in using the latest technology is something our culture had to adopt in the early days of the computer. New technologies come with risks — there’s no denying that. Related: How Russia uses mobile apps to radicalize U.S. youth. Miller. To minimize their impact, implementing preventive security measures into these advanced systems is crucial.

Expert discloses new iPhone lock screen vulnerability in iOS 15

Security Affairs

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8)

Access 105

Apple Backs Down on Its Controversial Photo-Scanning Plans

WIRED Threat Level

A sustained backlash against a new system to look for child sexual abuse materials on user devices has led the company to hit pause. Security Security / Security News

IT 107

Salesforce Email Service Used for Phishing Campaign

eSecurity Planet

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Facebook's WhatsApp Hit With $266 Million GDPR Fine

Data Breach Today

GDPR 284

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Krebs on Security

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode.

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

The Last Watchdog

Surfshark wants to help individual citizens take very direct control of their online privacy and security. Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. Related: Turning humans into malware detectors. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty.

Access 109

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Check What Information Your Browser Leaks

Schneier on Security

These two sites tell you what sorts of information you’re leaking from your browser. Uncategorized browsers leaks

101
101

The iOS 15 Privacy Settings You Should Change Right Now

WIRED Threat Level

Apple’s latest software update has a bunch of new security features. Here's how to put them to use. Security Security / Security Advice

Good News: REvil Ransomware Victims Get Free Decryptor

Data Breach Today

Many Files Crypto-Locked Before July 13 Unlockable via Free Bitdefender Decryptor Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

GUEST ESSAY: A breakdown of Google’s revisions to streamline its ‘reCAPTCHA’ bot filter

The Last Watchdog

Most of us internet users are obviously familiar with CAPTCHAs: a challenge or test that is designed to filter out bots (automated programs) and only allow legitimate human users in. Related: How bots fuel ‘business logic’ hacking. The basic principle behind CAPTCHA is fairly simple: the test must be as difficult as possible (if not impossible) to solve by these bots, but at the same time it must be easy enough for human users not to hurt user experience.

IT 119

GSS, one of the major European call center providers, suffered a ransomware attack

Security Affairs

The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers.

Tape Won’t Work for Ransomware Protection. Here’s Why.

eSecurity Planet

Tape vendors have been promoting themselves as a solution to the ransomware problem because of their ability to provide air-gapped data backup, but trying to recover terabytes of data from a tape drive can be a little like, well, running into red tape.