January, 2022

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency.

Mining 257

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

White House Meets With Software Firms and Open Source Orgs on Security

Dark Reading

The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software

Threat actors can bypass malware detection due to Microsoft Defender weakness

Security Affairs

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning.

Access 109

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Norton Put a Cryptominer in Its Antivirus Software

WIRED Threat Level

Plus: NFT thefts, a ransomware wave in schools, and more of the week’s top security news. Security Security / Security News

More Trending

Norton 360 Now Comes With a Cryptominer

Krebs on Security

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers.

Mining 240

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.

Access 194

Microsoft Kicks Off 2022 With 96 Security Patches

Dark Reading

Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known

Russian submarines threatening undersea cables, UK defence chief warns

Security Affairs

Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin. UK defence chief Sir Tony Radakin warns of Russian submarines threatening the undersea network of internet cables, which are critical infrastructure of our society.

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

6 Ways to Delete Yourself From the Internet

WIRED Threat Level

You’ll never be able to get a clean slate—but you can significantly downsize your digital footprint. Security Security / Privacy

Fake QR Codes on Parking Meters

Schneier on Security

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites. Uncategorized fraud phishing

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

The Russian government said today it arrested 14 people accused of working for “ REvil ,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022. This is so because a confluence of developments in 2021 has put API security in the spotlight, where it needs to be.

Discover the 10 Rules for Managing PostgreSQL

PostgreSQL is one of the most successful open source projects in existence. But each year it becomes harder and harder to get familiarized with the PostgreSQL ecosystem and its new features. Learn 10 rules that will help you perfect your PostgreSQL installation.

Let's Play! Raising the Stakes for Threat Modeling With Card Games

Dark Reading

On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way

Risk 110

Unauthenticated RCE in H2 Database Console is similar to Log4Shell

Security Affairs

Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J vulnerability.

IoT 110

Key trends for the Financial Services industry in 2022

OpenText Information Management

As we head into 2022, it’s clear that the Financial Services industry overall has responded well to the impact of COVID-19 — but it hasn’t emerged unscathed. In fact, McKinsey’s Global Banking Review states that half of banks are not covering their cost of equity.

People Are Increasingly Choosing Private Web Search

Schneier on Security

DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% jump over 2020 (23.6 billion). That’s big.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Krebs on Security

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems.

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

Working with personal data in today’s cyber threat landscape is inherently risky. Related: The dangers of normalizing encryption for government use. It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This can include: Security contours.

Redefining the CISO-CIO Relationship

Dark Reading

While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another

107
107

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure.

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Signal's Cryptocurrency Feature Has Gone Worldwide

WIRED Threat Level

A beta “payments” feature now lets users of the popular encrypted messaging app send MobileCoin around the globe. Security Security / Security News

Apple’s Private Relay Is Being Blocked

Schneier on Security

Some European cell phone carriers , and now T-Mobile , are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread. Uncategorized anonymity Apple encryption privacy T-Mobile VPN web privacy

Cybersecurity Employment in 2022: Solving the Skills Gap

eSecurity Planet

As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. In fact, it’s gotten worse. There are currently about 435,000 cybersecurity job openings available in the United States, up from approximately 314,000 in 2019.

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

The Last Watchdog

Last month’s $125 million Security and Exchange Commission (SEC) fine combined with the $75 million U.S. Commodity Futures Trading Commission (CFTC) fine against JPMorgan sent shockwaves through financial and other regulated customer-facing industries. Related: Why third-party risks are on the rise.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Google Docs Comments Weaponized in New Phishing Campaign

Dark Reading

Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

Security Affairs

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group.

Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago

WIRED Threat Level

Unless you go out of your way to install the patch, your system could be exposed. Security Security / Cyberattacks and Hacks