Sat.Dec 25, 2021 - Fri.Dec 31, 2021

New Android banking Malware targets Brazil’s Itaú Unibanco Bank

Security Affairs

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages.

Access 111

The CISO as Sustaining Force: Helping Infosec Staff Beat Burnout

Dark Reading

To protect their staffers, leaders should focus on identifying and alleviating root causes of burnout

114
114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Apple fixed macOS flaw that could allow to bypass Gatekeeper security feature

Security Affairs

Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature.

ROUNDTABLE: What happened in privacy and cybersecurity in 2021 — and what’s coming in 2022

The Last Watchdog

In 2021, we endured the fallout of a seemingly endless parade of privacy controversies and milestone cyber attacks. Related: The dire need to security-proof APIs. The Solar Winds hack demonstrated supply chain exposures; the attempted poisoning of a Tampa suburb’s water supply highlighted public utilities at risk; and the Colonial Winds ransomware attack signaled cyber extortionist rings continuing to run rampant.

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Apple AirTags Are Being Used to Track People and Cars

Schneier on Security

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking.

IT 96

More Trending

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems.

GUEST ESSAY: Here’s how ‘WFM’ tools can boost productivity — and security — of remote workers

The Last Watchdog

Workforce management software ( WFM ) is an essential tool companies across industries can use to organize their workforce, track employee work and performance, forecast labor demand, and create schedules for employees. Related: Turning workers into security security sensors. Most, if not all, WFM software is chock full of features that makes managing a workforce more efficient and effortless for top management.

Introducing One Page Quick Reference Guides

The Texas Record

The records management assistance unit has launched a Records Management Guidance Library , consisting of one page quick guides on hot topics and frequently asked questions. link].

Zero Trust and Access: Protecting the Keys to the Kingdom

Dark Reading

Zero trust moves the control pane closer to the defended asset and attempts to tightly direct access and privileges

Access 114

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions.

Paper 112

5 Cybersecurity Trends to Watch in 2022

Threatpost

Here’s what cybersecurity watchers want infosec pros to know heading into 2022. . Cloud Security Critical Infrastructure Government IoT Malware Mobile Security Vulnerabilities Web Security

Weekly Update 276

Troy Hunt

2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme.

IT 72

In the Fight Against Cybercrime, Takedowns Are Only Temporary

Dark Reading

Disrupting access to servers and infrastructure continues to interfere with cybercrime activity, but it's far from a perfect strategy

Access 113

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen.

That Toy You Got for Christmas Could Be Spying on You

Threatpost

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. IoT Mobile Security Privacy Vulnerabilities

How to Use MITRE ATT&CK to Understand Attacker Behavior

eSecurity Planet

MITRE ATT&CK (“miter attack”) is an up-to-date and widely-used knowledge base that focuses on how attackers think and operate. It’s based on practical use cases, so companies can better evaluate security issues and get examples of common tactics and techniques used by threat actors.

7 Steps for Navigating a Zero-Trust Journey

Dark Reading

Don't think of zero trust as a product. Think of it as "how you actually practice security

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

Security Affairs

The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019

Threatpost

Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency. Cloud Security

Mining 111

Merry Christmas from IG GURU

IG Guru

The post Merry Christmas from IG GURU appeared first on IG GURU. IG News

71

The Log4j Flaw Will Take Years to be Fully Addressed

Dark Reading

Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team

114
114

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors.

What the Rise in Cyber-Recon Means for Your Security Strategy

Threatpost

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. Cloud Security Critical Infrastructure InfoSec Insider IoT Malware Mobile Security Vulnerabilities Web Security

Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos

The Security Ledger

In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the critical, remote code execution flaw in the Log4j open source library.

An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks

Dark Reading

Ransomware demands a new approach to incident response

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router.

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Threatpost

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Vulnerabilities Web Security

IAPP published Privacy Risk Study 2021

IG Guru

Check out the study here. The post IAPP published Privacy Risk Study 2021 appeared first on IG GURU. IG News 2021 IAPP Privacy Study

Risk 67