September, 2021

Researcher Finds Malware Targeting Mac Users via Baidu Ad

Data Breach Today

The Ad, Now Deleted, Lured Users to a Phishing Website to Harvest Credentials Chinese security researcher Zhi has discovered a malware targeting Mac users. The malware, spread via a paid advertisement on search engine Baidu, is intended to harvest user credentials, he says.

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Why it’s worrisome that China has integrated Huawei switches into telecoms worldwide

The Last Watchdog

In the previous discussion, China’s 14th Five-Year Plan was summarized to capture relevant aspects of dual circulation, the Digital Silk Road (DSR), and the Belt Road Initiative (BRI) that aim to advance China as an economic, technological, and foreign policy powerhouse.

IT 146

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal.

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

WIRED Threat Level

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News

More Trending

FTC: Health App, Device Makers Must Report Breaches

Data Breach Today

But Does the 'Policy Statement' Warning Overstep the Intention of the Rule?

270
270

The Rise of One-Time Password Interception Bots

Krebs on Security

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

The Last Watchdog

Surfshark wants to help individual citizens take very direct control of their online privacy and security. Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. Related: Turning humans into malware detectors. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

A new botnet named M?ris is behind massive DDoS attack that hit Yandex

Security Affairs

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as M?ris.

IoT 112

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Apple and Google Go Further Than Ever to Appease Russia

WIRED Threat Level

The tech giants have set a troubling new precedent. Security Security / Security News

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API.

Facebook's WhatsApp Hit With $266 Million GDPR Fine

Data Breach Today

GDPR 266

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website.

Discover the 10 Rules for Managing PostgreSQL

PostgreSQL is one of the most successful open source projects in existence. But each year it becomes harder and harder to get familiarized with the PostgreSQL ecosystem and its new features. Learn 10 rules that will help you perfect your PostgreSQL installation.

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

The Last Watchdog

An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Cloud 116

Data of 106 million visitors to Thailand leaked online

Security Affairs

Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand.

Apple Backs Down on Its Controversial Photo-Scanning Plans

WIRED Threat Level

A sustained backlash against a new system to look for child sexual abuse materials on user devices has led the company to hit pause. Security Security / Security News

IT 106

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Criminals' Wish List: Who's Their Ideal Ransomware Victim?

Data Breach Today

Revenue, Size, Geography and Level of Access Help Determine Sale Price for Access The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Krebs on Security

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode.

GUEST POST: How China’s updated digital plans impacts U.S. security and diplomacy

The Last Watchdog

In May 2021, China unveiled their updated Five-Year Plan to the world. This plan marks the 14th edition of their socioeconomic, political, and long-range objectives, and has set the tone for a Chinese-dominated supply chain that will be accomplished using antitrust, intellectual property, and standards tools to promote industrial policies. Their plan poses a grave threat to the US.

Expert discloses new iPhone lock screen vulnerability in iOS 15

Security Affairs

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8)

Access 109

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Dune Foresaw—and Influenced—Half a Century of Global Conflict

WIRED Threat Level

From Afghanistan to cyberattacks, Frank Herbert’s novel anticipated and shaped warfare as we know it. Culture Culture / Books Culture / Movies Security

IT 103

List of data breaches and cyber attacks in August 2021 – 61 million records breached

IT Governance

It has been another month of comparatively few reported cyber attacks and data breaches, with our August list containing 84 incidents accounting for 60,865,828 breached records. And it would have been even fewer if not for the attack on T-Mobile.

Microsoft Will Mitigate Brute-Force Bug in Azure AD

Data Breach Today

Microsoft Sparred with SecureWorks Over Impact But Relents Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory.

Risk 256

Does Your Organization Have a Security.txt File?

Krebs on Security

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks.

Retail 228

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

Assessing the risks involved in using the latest technology is something our culture had to adopt in the early days of the computer. New technologies come with risks — there’s no denying that. Related: How Russia uses mobile apps to radicalize U.S. youth. Miller. To minimize their impact, implementing preventive security measures into these advanced systems is crucial.

Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware

Security Affairs

Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs.

The iOS 15 Privacy Settings You Should Change Right Now

WIRED Threat Level

Apple’s latest software update has a bunch of new security features. Here's how to put them to use. Security Security / Security Advice