Sat.Sep 25, 2021 - Fri.Oct 01, 2021

Microsoft Will Mitigate Brute-Force Bug in Azure AD

Data Breach Today

Microsoft Sparred with SecureWorks Over Impact But Relents Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory.

Risk 281

The Rise of One-Time Password Interception Bots

Krebs on Security

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: A breakdown of Google’s revisions to streamline its ‘reCAPTCHA’ bot filter

The Last Watchdog

Most of us internet users are obviously familiar with CAPTCHAs: a challenge or test that is designed to filter out bots (automated programs) and only allow legitimate human users in. Related: How bots fuel ‘business logic’ hacking. The basic principle behind CAPTCHA is fairly simple: the test must be as difficult as possible (if not impossible) to solve by these bots, but at the same time it must be easy enough for human users not to hurt user experience.

IT 119

Telegram is becoming the paradise of cyber criminals

Security Affairs

Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools.

Sales 108

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

CISA Launches Insider Threat Self-Assessment Tool

Data Breach Today

Agency Is Also Keeping Its 'Rumor Control' Website Active Ahead of Midterm Elections A new self-assessment tool aims to help public and private sector organizations assess their level of vulnerability to insider threats, according to CISA.

IT 249

More Trending

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

Assessing the risks involved in using the latest technology is something our culture had to adopt in the early days of the computer. New technologies come with risks — there’s no denying that. Related: How Russia uses mobile apps to radicalize U.S. youth. Miller. To minimize their impact, implementing preventive security measures into these advanced systems is crucial.

Expert discloses new iPhone lock screen vulnerability in iOS 15

Security Affairs

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8)

Access 105

Neiman Marcus Says 4.6M Affected by Data Breach

Data Breach Today

Exposed Data Includes Login Credentials, Security Questions Neiman Marcus Group says it is notifying 4.6 million of its online customers who are affected by a data breach that occurred in May 2020.

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

The U.S.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Check What Information Your Browser Leaks

Schneier on Security

These two sites tell you what sorts of information you’re leaking from your browser. Uncategorized browsers leaks

101
101

GriftHorse malware infected more than 10 million Android phones from 70 countries

Security Affairs

Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide.

Ransomware Attack Reportedly Cripples European Call Center

Data Breach Today

Canal de Isabel II Suspends Its Telephone Services GSS, the Spanish and Latin America division of Europe's largest call center provider Covisian, has informed that it has been subjected to a ransomware attack, which froze its IT systems and crippled call centers across its Spanish-speaking customer base.

Dune Foresaw—and Influenced—Half a Century of Global Conflict

WIRED Threat Level

From Afghanistan to cyberattacks, Frank Herbert’s novel anticipated and shaped warfare as we know it. Culture Culture / Books Culture / Movies Security

IT 99

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation

Dark Reading

FinFisher (aka FinSpy) surveillance software now goes to extreme lengths to duck analysis and discovery, researchers found in a months-long investigation

99

GSS, one of the major European call center providers, suffered a ransomware attack

Security Affairs

The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers.

Crypto Bug Uncovers 'WannaCry 2.0' Clues

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of how a cryptocurrency exchange bug has revealed North Korean Monero laundering. Also featured are cyber insurance trends and cybercrime innovation

Why James Bond Doesn’t Use an iPhone

WIRED Threat Level

The fictional superspy wields Nokia devices in 'No Time To Die.' It’s an odd choice, but Apple's smartphones aren’t ideal, either. Security

IT 97

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

A Death Due to Ransomware

Schneier on Security

The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing.

A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online

Security Affairs

An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it. A working exploit for the CVE-2021-22005 vulnerability in VMware vCenter is publicly available, and attackers are already attempting to use it in the wild.

Anonymous Leaks Epik Data - Again

Data Breach Today

Part 2 of 'Operation Epik Fail' Leaks 300GB of Data, Researcher Says Hacktivist collective Anonymous has, for the second time this month, leaked data belonging to Washington-based domain name registrar and web hosting service Epik.

213
213

It's Time to Rethink Identity and Authentication

Dark Reading

The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Even the CIA and NSA Use Ad Blockers to Stay Safe Online

WIRED Threat Level

Plus: The ransomware scourge continues, a massive botnet gets wounded, and more of the week’s top security news. Security Security / Security News

Google TAG spotted actors using new code signing tricks to evade detection

Security Affairs

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection.

ISMG Editors’ Panel: Protecting Active Directory from Ransomware Attacks

Data Breach Today

Discussion Also Addresses Fraudsters' Evolving Tactics In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why enterprises need a multilayered approach to securing identity, how fraud will evolve in 2022 and the need to secure backdoors to prevent ransomware attacks.

National Day for Truth & Reconciliation

OpenText Information Management

Reconciliation is not a noun. It is not an event. It’s a verb. – Roberta Jamieson Today we honor the lost children and Survivors of residential schools, their families and their communities. History must be heard.

IT 89

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Hundreds of Scam Apps Hit Over 10 Million Android Devices

WIRED Threat Level

The so-called GriftHorse campaign used clever techniques to avoid detection in Google Play for nearly a year. Security Security / Cyberattacks and Hacks

Port of Houston was hit by an alleged state-sponsored attack

Security Affairs

Last month, the Port of Houston, one of the major US ports, was hit by a cyber attack allegedly orchestrated by a nation-state actor. One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact on its systems.

NSA, CISA Release VPN Security Guidance

Data Breach Today

Agencies Offer Advice on Minimizing Attack Surface In a bid to address security risks associated with the use of virtual private network solutions, the National Security Agency and the Cybersecurity and Infrastructure Security Agency on Tuesday offered government leaders guidance on selecting remote access VPNs and strengthening their security.