Sat.Oct 29, 2022 - Fri.Nov 04, 2022

North Korea Disguising Android Malware as Legitimate Apps

Data Breach Today

Apps Masquerade as Google Security Plug-In and Document Viewer North Korean state hacking group Kimsuky is developing Android malware targeted at South Korean users by disguising the apps as legitimate apps including a Google security plug-in and a document viewer.

GUEST ESSAY: A roadmap to achieve a better balance of network security and performance

The Last Watchdog

Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience. Related: Taking a risk-assessment approach to vulnerabilities. Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed. It’s a delicate balance.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

[Scam of The Week] New Phishing Email Exploits Twitter’s Plan to Charge for Blue Checkmark

KnowBe4

Michael Kan at PCMag had the scoop: A hacker is already circulating one phishing email, warning users they'll need to submit some personal information to keep the blue verified checkmark for free. Social Engineering Phishing

The Most Vulnerable Place on the Internet

WIRED Threat Level

Underwater cables keep the internet online. When they congregate in one place, things get tricky. Security Security / Cyberattacks and Hacks

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Thomson Reuters collected and leaked at least 3TB of sensitive data via Cybernews

IG Guru

Check the post here. Cryptocurrency IG News information security Risk News Breach Cybernews Data Breach Data Leak Leak Thomson-Reuters

Risk 68

More Trending

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Cisco addressed several high-severity flaws in its products

Security Affairs

Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products.

IT 107

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Dark Reading

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say

Ransomware: 'Amateur' Tactics Lead Fewer Victims to Pay

Data Breach Today

Criminals Shooting Themselves in the Foot With Faulty Decryptors, Re-Extortion Many ransomware-wielding attackers - including big-name groups - have been collectively shooting themselves in the foot by resorting to "amateur" tactics, including decryptors that fail to decrypt as well as gangs re-extorting the same victims.

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect.

A massive cyberattack hit Slovak and Polish Parliaments

Security Affairs

The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities.

Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics

Dark Reading

The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says

IT 101

Second Health Entity Reports Breach Tied to Meta Pixel Use

Data Breach Today

North Carolina Organization Also Facing Pending Privacy Lawsuit Related to Pixel A second healthcare entity is self-reporting its use of Facebook Pixel in web patient portals as a data breach to federal regulators.

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Hacker Charged With Extorting Online Psychotherapy Service

Krebs on Security

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients.

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs

Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub.

Access 104

Iran’s Digital Surveillance Tools Leaked

Schneier on Security

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones.

Dropbox Data Breach Another Multifactor Fail

Data Breach Today

Cloud Company Says User Accounts Were Not Breached, Just GitHub Code Repositories DropBox is the latest company to have employees fall for phishing emails tricking them into supplying login credentials and a one time password to threat actors. Hackers got away with copies of 130 code repositories.

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

When Your Neighbor Turns You In

WIRED Threat Level

Authoritarian societies depend on people ratting each other out for activities that were recently legal—and it's already happening in the US. Security Security / Privacy Business / National Affairs

IT 98

LockBit 3.0 gang claims to have stolen data from Thales

Security Affairs

The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide.

RomCom Malware Woos Victims With 'Wrapped' SolarWinds, KeePass Software

Dark Reading

An analysis of the RomCom APT shows the group is expanding its efforts beyond the Ukrainian military into the UK and other English-speaking countries

SolarWinds May Face SEC Investigation Over Hack Disclosure

Data Breach Today

Company Settles Shareholder Lawsuit for $26M SolarWinds, maker of network management software famously hacked by the Russian government, may be the subject of an investigation by the U.S. Securities and Exchange Commission after staff made a preliminary determination in its favor.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

China Operates Secret ‘Police Stations’ in Other Countries

WIRED Threat Level

Plus: The New York Post gets hacked, a huge stalkerware network is exposed, and the US claims China interfered with its Huawei probe. Security Security / National Security Security / Cyberattacks and Hacks Security / Privacy

IT 98

Former British Prime Minister Liz Truss ‘s phone was allegedly hacked by Russian spies

Security Affairs

According to the Daily Mail, Former British Prime Minister Liz Truss ‘s personal phone was hacked by Russian spies. The personal mobile phone of British Prime Minister Liz Truss was hacked by cyber spies suspected of working for the Kremlin, the Daily Mail reported.

Chinese Mob Has 100K Slaves Working in Cambodian Cybercrime Mills

Dark Reading

Vulnerable people are lured by Facebook ads promising high-paying jobs, but instead they're held captive and put to work in Cambodia running cyber scams

96

Espionage Hackers Use Microsoft IIS to Plant Malware

Data Breach Today

Hacking Group Uses a New Backdoor Called Danfuan Threat actors are using Internet Information Services - Microsoft's extensible web server software - to deliver a previously undocumented dropper that is being used to install a new backdoor and other tools.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Apple Only Commits to Patching Latest OS Version

Schneier on Security

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions.

VMware warns of the public availability of CVE-2021-39144 exploit code

Security Affairs

VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V).

Vitali Kremez Found Dead After Apparent Scuba Diving Accident

Dark Reading

The renowned security researcher, ethical hacker, and cybersecurity phenom was found Wednesday by the US Coast Guard