Sat.Jan 15, 2022 - Fri.Jan 21, 2022

IRS Will Soon Require Selfies for Online Access

Krebs on Security

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year.

Access 285

Researchers Explore Hacking VirusTotal to Find Stolen Credentials

Dark Reading

VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found

114
114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems.

GUEST ESSAY: Data breaches across the globe slowed significantly in Q4 2021 versus Q1-Q3

The Last Watchdog

After a gloomy start with its first three breach intensive quarters, 2021 has finally ended, and on a positive note. Related: Cybersecurity experts reflect on 2021. This conclusion is derived from an analysis of data taken from our data breach detection tool, Surfshark Alert , which comprises publicly available breached data sets to inform our users of potential threats.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

More Trending

A bug in McAfee Agent allows running code with Windows SYSTEM privileges

Security Affairs

McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166 , that resides in McAfee Agent software for Windows.

GUEST ESSAY: The case for network defenders to focus on leading — not lagging — indicators

The Last Watchdog

A key CEO responsibility is reporting results that deliver on a company’s mission to shareholders. This reporting often requires a host of metrics that define success, like Annual Recurring Revenue and sales for software as a service (SaaS) companies. These are lagging indicators where the results follow behind the work required to achieve them. Related: Automating SecOps. Lagging indicators are separate from leading indicators that could include marketing leads, pipeline generation and demos.

B2B 153

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase.

IoT 103

5 AI and Cybersecurity Predictions for 2022

Dark Reading

Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

MoonBounce UEFI implant spotted in a targeted APT41 attack

Security Affairs

Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the China-linked APT41 cyberespionage group using a UEFI implant , dubbed MoonBounce, to maintain persistence.

GUEST ESSAY: Here’s why EDR and XDR systems failed to curtail the ransomware wave of 2021

The Last Watchdog

Looking back, 2021 was a breakout year for ransomware around the globe, with ransoms spiking to unprecedented multi-million dollar amounts. Related: Colonial Pipeline attack ups ransomware ante. All this while Endpoint Detection and Response system (EDR) installations are at an all-time high. EDR systems are supposed to protect IT system endpoints against these very malware, ransomware, and other types of malicious code.

CISA, Microsoft Warn of Wiper Malware Amid Russia-Ukraine Tensions

eSecurity Planet

The U.S. government agency overseeing cybersecurity is urging the country’s businesses and other organizations to take the necessary steps to protect their networks from any spillover that might occur from the ongoing cyberattacks aimed at Ukraine government agencies and private companies.

Cloud Adoption Widens the Cybersecurity Skills Gap

Dark Reading

No matter what cloud services you employ, you are still responsible for protecting the security of your data

Cloud 114

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Is White Rabbit ransomware linked to FIN8 financially motivated group?

Security Affairs

A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group.

Europe’s Move Against Google Analytics Is Just the Beginning

WIRED Threat Level

Austria’s data regulator has found that the use of Google Analytics is a breach of GDPR. In the absence of a new EU-US data deal, other countries may follow. Security Security / Privacy

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Schneier on Security

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!”

Fraud Is On the Rise, and It's Going to Get Worse

Dark Reading

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Threat actors stole $18.7M from the Lympo NTF platform

Security Affairs

Threat actors hacked the hot wallet of the NFT platform Lympo and managed to steal 165.2 Million LMT (worth $18.7 million). NFT and DeFi platforms are privileged targets for cybercriminals, and the NFT platform Lympo was the last platform in order of time to suffer a security breach.

Access 112

Data breaches and cyber attacks in 2021: 5.1 billion breached records

IT Governance

Welcome to our review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks.

China’s Olympics App Is Horribly Insecure

Schneier on Security

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.

5 Reasons Why M&A Is the Engine Driving Cybersecurity

Dark Reading

Consistent acquisition of key technologies and talent is a proven strategy for growth

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

European Union simulated a cyber attack on a fictitious Finnish power company

Security Affairs

The European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities.

A Teen Took Control of Teslas by Hacking a Third-Party App

WIRED Threat Level

Plus: Open source sabotage, Ukrainian website hacks, and more of the week's top security news. Security Security / Security News

San Francisco Police Illegally Spying on Protesters

Schneier on Security

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests.

Researchers Discover Dangerous Firmware-Level Rootkit

Dark Reading

MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI

112
112

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

High-Severity flaw in 3 WordPress plugins impacts 84,000 websites

Security Affairs

Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different WordPress plugins that impact over 84,000 websites.

January 2022: E-Invoicing & VAT compliance updates

OpenText Information Management

Introduction Welcome to the January 2020 edition of OpenText’s E-Invoicing Regulation update. We wish all of our clients a very happy and prosperous New Year for 2022!

Are Fake COVID Testing Sites Harvesting Data?

Schneier on Security

Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results.