Sat.Jan 08, 2022 - Fri.Jan 14, 2022

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency.

Mining 279

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Microsoft Kicks Off 2022 With 96 Security Patches

Dark Reading

Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known

Russian submarines threatening undersea cables, UK defence chief warns

Security Affairs

Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin. UK defence chief Sir Tony Radakin warns of Russian submarines threatening the undersea network of internet cables, which are critical infrastructure of our society.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

The Russian government said today it arrested 14 people accused of working for “ REvil ,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.

More Trending

The Cybersecurity Measures CTOs Are Actually Implementing

Dark Reading

Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery

Norton Put a Cryptominer in Its Antivirus Software

WIRED Threat Level

Plus: NFT thefts, a ransomware wave in schools, and more of the week’s top security news. Security Security / Security News

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Krebs on Security

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems.

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

Working with personal data in today’s cyber threat landscape is inherently risky. Related: The dangers of normalizing encryption for government use. It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This can include: Security contours.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

White House Meets With Software Firms and Open Source Orgs on Security

Dark Reading

The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software

Threat actors can bypass malware detection due to Microsoft Defender weakness

Security Affairs

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning.

Access 113

Cybersecurity Employment in 2022: Solving the Skills Gap

eSecurity Planet

As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. In fact, it’s gotten worse. There are currently about 435,000 cybersecurity job openings available in the United States, up from approximately 314,000 in 2019.

Key trends for the Financial Services industry in 2022

OpenText Information Management

As we head into 2022, it’s clear that the Financial Services industry overall has responded well to the impact of COVID-19 — but it hasn’t emerged unscathed. In fact, McKinsey’s Global Banking Review states that half of banks are not covering their cost of equity.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Maryland Dept. of Health Responds to Ransomware Attack

Dark Reading

An attack discovered on Dec. 4, 2021, forced the Maryland Department of Health to take some of its systems offline

Unauthenticated RCE in H2 Database Console is similar to Log4Shell

Security Affairs

Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J vulnerability.

IoT 113

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups.

Faking an iPhone Reboot

Schneier on Security

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

How to Protect Your Phone from Pegasus and Other APTs

Dark Reading

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime

IT 114

Lorenz ransomware gang stolen files from defense contractor Hensoldt

Security Affairs

German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware. Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware.

Open Source Sabotage Incident Hits Software Supply Chain

eSecurity Planet

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software.

Using Foreign Nationals to Bypass US Surveillance Restrictions

Schneier on Security

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

How Cybercriminals Are Cashing in on the Culture of 'Yes'

Dark Reading

The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself

114
114

AvosLocker ransomware now targets Linux systems, including ESXi servers

Security Affairs

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported.

How to Read Your iOS 15 App Privacy Report

WIRED Threat Level

Your iPhone now gives you lots of transparency into what your downloads are up to. Here's what to look out for. Security Security / Privacy

Using EM Waves to Detect Malware

Schneier on Security

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.”

IoT 94

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Redefining the CISO-CIO Relationship

Dark Reading

While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another

114
114

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure.

Iran-Based APT35 Group Exploits Log4J Flaw

eSecurity Planet

Security researchers are continuing to see state-supported hacking groups developing tools to leverage the high-profile Log4j vulnerability that exploded onto the scene last month even as the White House and other parts of the federal government look for ways to get ahead of the threat.