October, 2022

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. Related: The case for regulating facial recognition. Virtual reality (VR) is well positioned to become a natural continuation of this trend.

Risk 159

Microsoft confirms Exchange zero-day flaws actively exploited in the wild

Security Affairs

Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ransomware: 'Amateur' Tactics Lead Fewer Victims to Pay

Data Breach Today

Criminals Shooting Themselves in the Foot With Faulty Decryptors, Re-Extortion Many ransomware-wielding attackers - including big-name groups - have been collectively shooting themselves in the foot by resorting to "amateur" tactics, including decryptors that fail to decrypt as well as gangs re-extorting the same victims.

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod

Dark Reading

Among other things, users who download the app could end up having their WhatsApp account details stolen

114
114

More Trending

FIRESIDE CHAT: Timely employee training, targeted testing needed to quell non-stop phishing

The Last Watchdog

Humans are rather easily duped. And this is the fundamental reason phishing persists as a predominant cybercriminal activity. Related: How MSSPs help secure business networks. Tricking someone into clicking to a faked landing page and typing in their personal information has become an ingrained pitfall of digital commerce. The deleterious impact on large enterprises and small businesses alike has been – and continues to be — profound.

New UEFI rootkit Black Lotus offered for sale at $5,000

Security Affairs

Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums.

Sales 113

Police in Europe Arrest 31 for Hacking and Stealing Autos

Data Breach Today

Keyless Auto Theft Mounting Threat for Car Owners A European ring of auto thieves used software branded as a diagnostic tool to make fobless thefts of cars made by two French manufacturers.

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed.

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched

Dark Reading

The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited

IT 114

Detecting Deepfake Audio by Modeling the Human Acoustic Tract

Schneier on Security

This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics.

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to. There are several ways you can protect your business from data breaches. Create security awareness for employees.

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Security Affairs

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software.

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Mango Markets Set to Pay $47M Bug Bounty to Hacker

Data Breach Today

96% of Voting Tokens favor Deal; Mango Markets Will Not Pursue Criminal Charges Decentralized finance exchange Mango Markets is set to pay $47 million as bug bounty to the hacker who stole $117 million in digital assets on Wednesday.

Microsoft Patch Tuesday, October 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited.

Care and Feeding of the SOC's Most Powerful Tool: Your Brain

Dark Reading

Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign

113
113

Inserting a Backdoor into a Machine-Learning System

Schneier on Security

Interesting research: “ ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks , by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract : Early backdoor attacks against machine learning set off an arms race in attack and defence development.

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

GUEST ESSAY: A roadmap to achieve a better balance of network security and performance

The Last Watchdog

Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience. Related: Taking a risk-assessment approach to vulnerabilities. Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed. It’s a delicate balance.

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection.

Proof of Concept: California's First Consumer Privacy Fine

Data Breach Today

Retail 261

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

KnowBe4 to Be Acquired for $4.6B by Private Equity Firm Vista

Dark Reading

Vista Equity Partners plans take the publicly traded security-awareness training vendor private

AIIM Names Tori Miller Liu Chief Executive Officer

AIIM

The Association for Intelligent Information Management (AIIM), the world’s leading association dedicated to the information management industry and its practice, announced today that it has appointed Tori Miller Liu as its next Chief Executive Officer, effective December 1, 2022.

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

The Last Watchdog

How did America and Americans regress to being much less secure than before the Internet? Everyone knows the many amazing conveniences, benefits, and advances the Internet has enabled. What everyone doesn’t know is how irrational the Internet’s utopian founding premises have proven to be concerning America’s and Americans’ security over the last quarter century. The first irrational security-related premise is that U.S.

Experts disclose technical details of now-patched CVE-2022-37969 Windows Zero-Day

Security Affairs

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

After the Sullivan Verdict: A CISO's Guide to Avoiding Jail

Data Breach Today

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Krebs on Security

When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner.

Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows

Dark Reading

The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say