Sat.Jan 01, 2022 - Fri.Jan 07, 2022

Norton 360 Now Comes With a Cryptominer

Krebs on Security

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers.

Mining 240

Google Docs Comments Weaponized in New Phishing Campaign

Dark Reading

Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

Security Affairs

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group.

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.

Access 199

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

6 Ways to Delete Yourself From the Internet

WIRED Threat Level

You’ll never be able to get a clean slate—but you can significantly downsize your digital footprint. Security Security / Privacy

More Trending

Over 3.7 million accounts were compromised in the FlexBooker data breach

Security Affairs

The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays.

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022. This is so because a confluence of developments in 2021 has put API security in the spotlight, where it needs to be.

Norton’s Antivirus Product Now Includes an Ethereum Miner

Schneier on Security

Norton 360 can now mine Ethereum. It’s opt-in, and the company keeps 15%. It’s hard to uninstall this option. Uncategorized antivirus cryptocurrency

Mining 103

7 Predictions for Global Energy Cybersecurity in 2022

Dark Reading

Increased digitization makes strong cybersecurity more important than ever

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Threat actors stole 1.1 million customer accounts from 17 well-known companies

Security Affairs

NY OAG warned 17 companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks. The New York State Office of the Attorney General (NY OAG) has warned 17 companies that roughly 1.1

Retail 113

Signal's Cryptocurrency Feature Has Gone Worldwide

WIRED Threat Level

A beta “payments” feature now lets users of the popular encrypted messaging app send MobileCoin around the globe. Security Security / Security News

People Are Increasingly Choosing Private Web Search

Schneier on Security

DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% jump over 2020 (23.6 billion). That’s big.

New Attack Campaign Exploits Microsoft Signature Verification

Dark Reading

The Malsmoke attack group is behind a campaign that has exploited the Microsoft e-signature verification tool to target 2,100 victims

114
114

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

North Korea-linked Konni APT targets Russian diplomatic bodies

Security Affairs

North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants.

Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago

WIRED Threat Level

Unless you go out of your way to install the patch, your system could be exposed. Security Security / Cyberattacks and Hacks

List of data breaches and cyber attacks in December 2021 – 219 million records breached

IT Governance

2021 was a difficult year many of us, and with the hope that COVID-19 will dissipate in the spring, this is a new year more than any other where we want to look forwards, not backwards.

New Mac Malware Samples Underscore Growing Threat

Dark Reading

A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments

113
113

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate

Security Affairs

The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal.

More Russian Cyber Operations against Ukraine

Schneier on Security

Both Russia and Ukraine are preparing for military operations in cyberspace. Uncategorized cyberwar Russia Ukraine

2022 predictions for Healthcare providers

OpenText Information Management

Following the turbulence that the last two years have brought to the Healthcare industry, this sector is ripe for transformation. As is true in many industries, success is dependent upon the effective use of data drawn from every source possible and securely shared across the organization.

How to Proactively Limit Damage From BlackMatter Ransomware

Dark Reading

Logic flaw exists in malware that can be used to prevent it from encrypting remote shares, security vendor says

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Security Affairs

SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. .

Access 112

Weekly Update 277

Troy Hunt

Well that all changed very quickly. One week ago, I was like "I'm going to do this video from somewhere really epic next week" A few hours after that video, the host of the drinks we'd gone to over the road the day before told us she had symptoms.

Cybersecurity Outlook 2022: Third-party, Ransomware and AI Attacks Will Get Worse

eSecurity Planet

About the only consensus on cybersecurity in 2022 is that things will get uglier, but in what ways?

Why We Need To Reframe the False-Positive Problem

Dark Reading

Efforts to tune or build behavior- or signature-based threat identification requires time and effort most organizations don't have

113
113

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges

Security Affairs

North Korea-linked threat actors are behind some of the largest cyberattacks against cryptocurrency exchanges. North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges.

QNAP: Get NAS Devices Off the Internet Now

Threatpost

There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned. Malware Vulnerabilities Web Security

Supporting Society’s Biggest Challenges: Our Year in Review

Micro Focus

The year 2021 has been a significant one. Never before has the need to create a more sustainable, inclusive world been more relevant – as governments, communities and businesses continue to transform and adapt to a more digitally connected reality.