Sat.Aug 07, 2021 - Fri.Aug 13, 2021

Mobile Malware: Threats and Solutions

eSecurity Planet

As users have increasingly moved from desktop operating systems to mobile devices as their primary form of computing, cyber attackers have taken notice and malware has followed.

Why No HTTPS? The 2021 Version

Troy Hunt

More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

QR Code Scammers Get Creative with Bitcoin ATMs

Threatpost

Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users. Mobile Security Web Security

Cybercriminals Reportedly Created Blockchain Analytics Tool

Data Breach Today

Researchers Say the Tool Is Designed To Help Gangs Launder Bitcoin Cybercriminals have developed a blockchain analytics tool on the darknet that could help a gang launder illegally obtained bitcoin, and they are actively marketing it, according to the cryptocurrency analytics firm Elliptic.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com

More Trending

Apple Adds a Backdoor to iMesssage and iCloud Storage

Schneier on Security

Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. Here are five news stories.) I have been following the details, and discussing it in several different email lists.

Hackers Target Critical Infrastructure in Southeast Asia

Data Breach Today

Symantec: China-Linked Actors Investigate SCADA Systems An unidentified hacking group with suspected Chinese ties is targeting critical infrastructure in Southeast Asia as part of a cyberespionage campaign to exfiltrate information about the victim's SCADA systems, says a report by security firm Symantec.

Microsoft Patch Tuesday, August 2021 Edition

Krebs on Security

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products.

The NYPD Had a Secret Fund for Surveillance Tools

WIRED Threat Level

Documents reveal that police bought facial-recognition software, vans equipped with x-ray machines, and “stingray” cell site simulators—with no public oversight. Business Business / National Affairs Security

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Malvertising Campaign Targets IoT Devices: GeoEdge

eSecurity Planet

A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers.

IoT 114

BlackMatter Group Debuts Linux-Targeting Ransomware

Data Breach Today

VMware ESXi Servers Targeted by Crypto-Locking Malware, MalwareHunterTeam Warns The new BlackMatter Russian-speaking ransomware-as-a-service group, which announced its launch last month, has created a Linux version of its malware designed to target VmWare's ESXi servers hosting virtual machines, according to MalwareHunterTeam.

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity.

Accenture has been hit by a LockBit 2.0 ransomware attack

Security Affairs

Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

eSecurity Planet

Cybercriminals using an IP address in China are trying to exploit a vulnerability disclosed earlier this month to deploy a variant of the Mirai malware on network routers affected by the vulnerability, according to researchers with Juniper Threat Labs.

IoT 113

Flaws in John Deere Systems Show Agriculture's Cyber Risk

Data Breach Today

John Deere, Researchers Spar Over Impact of Vulnerabilities Flaws uncovered in tractor manufacturer John Deere's systems underscore the cyber risks that come in tandem with the productivity gains from high-tech farming.

AI Wrote Better Phishing Emails Than Humans in a Recent Test

WIRED Threat Level

Researchers found that tools like OpenAI's GPT-3 helped craft devilishly effective spearphishing messages. Security Security / Security News

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Defeating Microsoft’s Trusted Platform Module

Schneier on Security

This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard.

OMB Spells Out Agencies' Cybersecurity Timelines

Data Breach Today

Federal Agencies Ordered to Identify 'Critical Software' That Must Then Be Protected The Office of Management and Budget is ordering federal agencies to begin identifying "critical software" that needs protection as part of the effort to fulfill President Biden's cybersecurity executive order.

All the Ways Spotify Tracks You—and How to Stop It

WIRED Threat Level

Whether you're listening to workout music or a "cooking dinner" playlist, the app can show you ads based on your mood and what you're doing right now. Security Security / Privacy

IT 111

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware.

IoT 113

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.

Investment Firm Built Own SIEM. Here’s How

eSecurity Planet

SIEM solutions can be expensive and difficult to manage, so one company built its own – and is pleased with the results.

NortonLifeLock to Buy Avast for Over $8 Billion

Data Breach Today

Deal Will 'Strengthen Cyber Safety Program' Antivirus and identity protection firm NortonLifeLock confirmed Tuesday that it has entered into an agreement to acquire its rival, Avast, for $8.1 billion to $8.6 billion

IT 262

Welcoming the Turkish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains.

A zero-day RCE in Cisco ADSM has yet to be fixed

Security Affairs

A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ADSM) Launcher disclosed in July has yet to be addressed.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Cobolt Strike Vulnerability Affects Botnet Servers

Schneier on Security

Cobolt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product.

FTC Warns: SMS Phishing Scam Impersonates State Agencies

Data Breach Today

Millions of Smartphone Users Nationwide Are Targets The Federal Trade Commission has issued a warning about a new smishing scheme targeting millions of smartphones nationwide that impersonates state workforce agencies in an attempt to obtain personal data

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

For everything from minor network infractions to devastating cyberattacks and data privacy troubles , digital forensics software can help clean up the mess and get to the root of what happened.