security.didici.cc

Moncler says key data on customers safe despite hacking incident

2 hours ago

After some data was released on the dark web.

Cloud Identity Startup Permiso Launches With $10M Seed

5 hours ago

Permiso's co-founders say the No. 1 problem in the cloud is identity, and their platform is designed to tackle the notoriously difficult challenge of monitoring the activity of those identities.

Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organizations

5 hours ago

"WhisperGate" malware was used to overwrite Master Boot Record and other files to render systems inoperable at several organizations in Ukraine, Microsoft says.

Meta and Twitter want a review of Australian government's social media laws next year

5 hours ago

All testimonies before the Select Committee on Social Media and Online Safety on Tuesday called for social media companies to be held more responsible for the trolling that resides on their platforms.

Will 2022 Be the Year of the Software Bill of Materials?

5 hours ago

Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.

IOC disputes Citizen Lab assessment of security concerns around Chinese Olympics app

6 hours ago

Controversy has swirled around China's MY2022 Olympics due to several privacy and security vulnerabilities.

Researchers Explore Hacking VirusTotal to Find Stolen Credentials

6 hours ago

VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.

End Users Remain Organizations' Biggest Security Risk

6 hours ago

Yet they're showing signs of improvement across several important areas, a Dark Reading survey reveals.

Take 'Urgent' Steps to Secure Systems From Damaging Attacks, CISA Says

6 hours ago

CISA issues alert for senior leadership of US organizations amid rising tensions between Russia and Ukraine.

Kaspersky Announces Takedown Service

6 hours ago

Service facilitates the removal of malicious and phishing domains.

Crypto.com acknowledges 'unauthorized activity' on servers, maintains no funds have been lost

7 hours ago

Security biz PeckShield claims $15m in Ethereum taken Crypto.com, a Singapore-based cryptocurrency exchange, has denied reports that the firm lost nearly $15m in Ethereum in a possible network intrusion over the weekend.…

US examining Alibaba's cloud unit

7 hours ago

For national security risks.

The Log4j Vulnerability Puts Pressure on the Security World

8 hours ago

It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.

2,300+ local governments, schools, healthcare providers impacted by ransomware in 2021

8 hours ago

An Emsisoft report found that more than 1,000 schools were disrupted by ransomware incidents in 2021.

Kovrr Translates Cyber Risk into Business Impact with its Quantum Platform

8 hours ago

On-demand cyber risk quantification platform enables C-suite to prioritize and justify cybersecurity investments through financial quantification.

Cybercriminals Actively Target VMware vSphere with Cryptominers

8 hours ago

VMware's container-based application development environment has become attractive to cyberattackers.

Europol Shuts Down Popular Cybercriminal VPN Service

8 hours ago

VPNLab was used to support criminal activity, including ransomware campaigns and other attacks, Europol officials report.

US Search for Vulnerabilities Drives 10x Increase in Bug Reports

9 hours ago

Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.

‘White Rabbit’ Ransomware May Be FIN8 Tool

11 hours ago

It's a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art.

International police shut down 15 server infrastructures as part of VPNLab.net's takedown

11 hours ago

VPN service used by crims to support ransomware attacks and other illicit activity Some 15 server infrastructures used by crims to prepare ransomware attacks were seized by cops yesterday as part of an international sting to take down VPNLab.net.…

Name That Toon: Nowhere to Hide

11 hours ago

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

12 hours ago

Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.

How to Avoid Putting Data At Risk During the Great Resignation

13 hours ago

Never before have companies offboarded employees at this pace, making it more likely that some processes, from protecting data to revoking the employee's access, will slip through the cracks.

5 Reasons Why M&A Is the Engine Driving Cybersecurity

13 hours ago

Consistent acquisition of key technologies and talent is a proven strategy for growth.

More contractor pain: Parasol's sister firms, SJD Accountancy and Nixon Williams, confirm cyberattack

13 hours ago

Ransomware suspected but not confirmed SJD Accountancy and Nixon Williams – both contractor-focused beancounting firms owned by the same corporate parent as cyber-attack-struck UK umbrella company Parasol – have been hit by online attackers.…

Organizations Face a ‘Losing Battle’ Against Vulnerabilities

14 hours ago

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said.

Singapore monetary authority threatens action on bank over widespread phishing scam

15 hours ago

Scam has claimed 469 victims in December alone, of which OCBC has issued goodwill payments to 30 The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia's second largest bank, Oversea-Chinese Banking Corporatio ...

Brazilian Ministry of Health recovers systems over a month after cyberattack

16 hours ago

Attackers had access credentials, according to the department; minister rules out internal sabotage

UK Government to Launch PR Campaign Undermining End-to-End Encryption

16 hours ago

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current ...

Microsoft: This new browser feature is 'huge step forward' against zero-day threats

16 hours ago

Microsoft brings out its Windows exploit mitigation technologies to protect surfers from zero-day exploits on the web.

Why global DDoS protection is essential for Anycast networks

16 hours ago

‘If you don’t have Anycast it’s not a good DNS service’ Paid Feature  In October 2021, in an incident lasting more than six hours, Facebook disappeared from the Internet. This wasn’t a temporary .com outage on the company’s primary domain but ...

Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops

16 hours ago

Testing? Isn't that what users are for? Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected.…

UK government announces crackdown on cryptocurrency adverts

17 hours ago

Officials want to ensure ads are "fair and clear".

This VPN service used by cyber criminals to deliver ransomware has just been taken down by police

17 hours ago

Joint action supported by Europol has seized servers used by criminals and identified more than 100 businesses that have fallen victim to attacks.

Managers think their systems are unbreakable. Cybersecurity teams aren't so sure

17 hours ago

The World Economic Forum warns about a significant gap in understanding between C-suites and information security staff - but it's possible to close the gap.

NSW will not use iVote again for elections until 'extensive reconfiguration' is made

22 hours ago

The NSWEC has sent iVote to the bench as it works to rectify the system's issues by next year's state general election.

OAIC wants stronger accountability measures in upcoming revised Privacy Act

23 hours ago

Australia's Information Commissioner has called for a positive duty on organisations to handle personal information fairly and reasonably in light of the federal government considering amendments to the Privacy Act.

Crypto.com pauses withdrawals and resets 2FA following suspicious activity

1 day ago

12-hour pause after users complained their accounts were being drained.

Apple Safari bug reveals users' internet activity and identities

1 day ago

Vulnerability introduced in Safari 15 on iOS, iPadOS and macOS.

Polish commission told more phone-hacking victims likely

1 day ago

Using spyware developed by Israel-based NSO Group.

Singapore cautions against marketing of cryptocurrency services to public

1 day ago

Monetary Authority of Singapore warns again about the high risks involved in cryptocurrency trading and instructs providers of such services not to publicly promote or advertise their offerings, as doing so may encourage consumers to trade on impulse.

Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more

1 day ago

Glitch is spilling private data and there's not much Apple users can do about it An improperly implemented API that stores data on browsers has caused a vulnerability in Safari 15 that leaks user internet activity and personal identifiers.…

Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen

1 day ago

And for last week's digital graffiti operations, too After last week's website defacements, Ukraine is now being targeted by boot record-wiping malware that looks like ransomware but with one crucial difference: there's no recovery method. Officials have ...

Mastering the Art of Cloud Tagging Using Data Science

1 day ago

Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.

Umbrella company Parasol Group confirms cyber attack as 'root cause' of prolonged network outage

1 day ago

'Malicious activity on our network' spotted, says CEO, as some contractors say they've still not been paid Umbrella company Parasol Group has confirmed why it shut down part of its IT last week: it found unauthorised activity from an intruder.…

Linux malware is on the rise. Here are three top threats right now

1 day ago

Internet of Things devices are driving up the number of Linux malware variants.

NYC school platform outage complicating COVID-19 tracing efforts

1 day ago

Illuminate Education said it is "working to restore service as soon as possible" after a security incident shut down the platform.

An Examination of the Bug Bounty Marketplace

1 day ago

Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” ...

2G's security weaknesses are still a problem, even for modern phones

1 day ago

EFF urges Apple to follow Google and give smartphone users the option to dodge 2G.

DHL, Microsoft, WhatsApp top phishing list of most imitated brands

1 day ago

Google, LinkedIn and Amazon also ranked highly on Check Point Research's list.

South Australian gov issues breach notice to hacked payroll provider

1 day ago

After personal details of 80,000 public servants is stolen.

Transport for NSW's former CISO lands at Interactive

2 days ago

Leads cyber security practice.

For security alone, we could try paying open source projects properly

2 days ago

Instead of running around like headless chooks because a widely used piece of open source software is maintained by volunteers and has a massive hole in it, imagine paying someone to look after such software properly.

Microsoft says 'destructive malware' being used against Ukrainian organizations

2 days ago

Security teams at Microsoft said the malware first appeared on victim systems in Ukraine on January 13.

Ukraine suspects group linked to Belarus intelligence over cyber attack

2 days ago

Defaced a number of websites, and more.

North Korea pulled in $400m in cryptocurrency heists last year – report

2 days ago

Plus: FIFA 22 players lose their identity and Texas gets phony QR codes In brief  Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could ...

Russians arrest REvil ransomware raiders

3 days ago

Fourteen arrested, millions in illicit funds seized.

Moscow court charges 8 alleged REvil ransomware hackers

3 days ago

Russian law enforcement officials said they initially detained 14 people during a series of raids across the country this week.

Ukraine says more than 70 government websites were defaced, 10 were subjected to 'unauthorized interference'

4 days ago

Ukraine denied that any data was stolen during the attack and said there are signs that hackers associated with "Russian secret services" were behind the incident.

Friday Squid Blogging: The Evolution of Squid Eyes

4 days ago

New research: The researchers from the FAS Center for Systems Biology discovered a network of genes important in squid eye development that are known to also play a crucial role in limb development across animals, including vertebrates and insects. The sc ...

Russia Takes Down REvil Ransomware Operation, Arrests Key Members

4 days ago

Timing of the move has evoked at least some skepticism from security experts about the country's true motives.

The Cybersecurity Measures CTOs Are Actually Implementing

4 days ago

Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.

Russia starts playing by the rules: FSB busts 14 REvil ransomware suspects

4 days ago

Cybercrook gang has 'ceased to exist' says Putin's military service Russia's internal security agency said today it had dismantled the REvil ransomware gang's networks and raided its operators' homes following arrests yesterday in Ukraine.…

Maryland Dept. of Health Responds to Ransomware Attack

4 days ago

An attack discovered on Dec. 4, 2021, forced the Maryland Department of Health to take some of its systems offline.

Upcoming Speaking Engagements

4 days ago

This is a current list of where and when I am scheduled to speak: I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s Security Visionaries 2022 series, on January 18, 2022. I’m speaking at ...

Top Illicit Carding Marketplace UniCC Abruptly Shuts Down  

4 days ago

UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.

White House Meets With Software Firms and Open Source Orgs on Security

4 days ago

The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.

Real Big Phish: Mobile Phishing & Managing User Fallibility

4 days ago

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

4 days ago

Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers.

Multi-day IT systems outage whacks umbrella biz Parasol Group amid fears of a cyber attack

4 days ago

Contractors say they haven't been paid, and are in the dark too Contractors employed via umbrella company Parasol Group are increasingly nervous about a multi-day outage of some IT systems used to process payroll, with several suspecting a security attack ...

‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites

4 days ago

As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site.

Ukraine shrugs off mass govt website defacement as world turns to stare at Russia

4 days ago

Despite threatening messages nothing's been leaked, say victims A "massive" cyber attack on Ukraine caught the world's eye this morning as the country's foreign ministry said its website, among others, had been taken down by unidentified hackers.…

Russian authorities take down REvil ransomware gang

4 days ago

Action is taken following requests by the US.

What's Next for Patch Management: Automation

4 days ago

The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.

Russian Security Takes Down REvil Ransomware Gang

4 days ago

The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure.

Three Plugins with Same Bug Put 84K WordPress Sites at Risk

4 days ago

Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.

Amazon fixes security flaw in AWS Glue service

4 days ago

Amazon Web Services fixes a flaw that could give an attacker access to data of other users on its Glue managed data integration service.

Dark web carding platform UniCC shuts up shop after making millions

4 days ago

The operators have apparently made enough to keep them happy in retirement.

The race towards renewable energy is creating new cybersecurity risks

4 days ago

The shift to renewable energy is bringing benefits - but there's potential risks of security vulnerabilities in everything from industrial systems to IoT smart meters.

Using EM Waves to Detect Malware

4 days ago

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstra
ct: The Internet of Things ( ...

SnatchCrypto campaign plants backdoors in crypto startups, DeFi, blockchain networks

4 days ago

Malware is used to find and empty cryptocurrency wallets at victim organizations.

North Korean hackers stole a record-breaking amount of cryptocurrency last year

4 days ago

North Korean hackers continued hammering crypto investment firms and exchanges in 2021.

A 'massive' hacking attack has hit government websites in Ukraine

4 days ago

The European Union says it will help Ukraine fight cyberattacks after 'provocative messages' left on ministry websites.

Visibility, immutability, security … a revolutionary approach to fighting off ransomware

4 days ago

This webinar shows how throwing up barricades isn’t enough anymore Webinar  It’s a truism that your data is your organisation's most precious asset. Here’s another. Once data is backed up, many organisations tend to forget about it.…

Singapore busts network hawking contraband e-vaporisers via Telegram

4 days ago

Health Sciences Authority says smugglers and peddlers have tapped messaging apps, such as Telegram and WeChat, to advertise and sell e-vaporisers, which are prohibited in the country.

TfNSW finds more customers, employees impacted by Accellion breach

5 days ago

But won’t say how many had data accessed.

Mimecast spurns Proofpoint's higher take-private bid over antitrust concerns

5 days ago

Two competitors control 50 percent of email security market.

January 6 House Committee subpoenas Google, Facebook, Twitter and Reddit

5 days ago

The Select Committee issued the subpoenas as part of their investigation into the January 6th attack on the US Capitol.

Microsoft Yanks Buggy Windows Server Updates

5 days ago

Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.

New York Power Authority to beef up cybersecurity with new IronNet, AWS deal

5 days ago

New York Power Authority is the nation's largest state public power organization.

Federal Communications Commission proposed stricter rules on how telco carriers should report data breaches

5 days ago

Customers shouldn't need to wait seven days before being told The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly.…

Cyberattack shuts down Albuquerque schools; county copes with ransomware incident

5 days ago

The FBI claimed the cyberattack on the public school system is not connected to the ransomware attack affecting Bernalillo County.

BlueNoroff Threat Group Targets Cryptocurrency Startups

5 days ago

A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims.

To improve corporate security, employers need to make personal security a priority

5 days ago

Employees are both under-educated and over-confident about their personal security practices. Enterprises should work to educate and provides tools to their employees to combat this.

Fighting Back Against Pegasus, Other Advanced Mobile Malware

5 days ago

Detecting infection traces from Pegasus and other APTs can be tricky, complicated by iOS and Android security features.

North Korean APTs Stole ~$400M in Crypto in 2021

5 days ago

Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens.

Orca Security tells AWS fail tale with a happy ending

5 days ago

Those critical AWS flaws that exposed data and broke tenant separation? All fixed! Two serious security vulnerabilities were recently found in AWS services, but because they were responsibly reported and the cloud biz responded quickly, no harm appears to ...

How to Protect Your Phone from Pegasus and Other APTs

5 days ago

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime.

Log4J: After White House meeting, Google and IBM call for list of critical open source projects

5 days ago

Google also proposed setting up an organization to serve as a marketplace for open source maintenance that would match volunteers from companies with the critical projects that most need support.

New Vulnerabilities Highlight Risks of Trust in Public Cloud

5 days ago

Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.

Continuous security and compliance for hybrid cloud, the Red Hat way

5 days ago

Tune in, turn on, run in the background, using Red Hat DevSecOps framework Paid feature  Assessing what can go wrong in a hybrid cloud environment can be daunting. Applications can be poorly coded, security vulnerabilities may be present but hard to dete ...

How Cybercriminals Are Cashing in on the Culture of 'Yes'

5 days ago

The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself.

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

5 days ago

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.

Wireshark creator joins Sysdig to extend it to cloud security

5 days ago

Wireshark, the pro's pro network traffic analysis tool, will soon be extended to cover cloud computing security.

Using Foreign Nationals to Bypass US Surveillance Restrictions

5 days ago

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shippe ...

Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation

5 days ago

Plus three other suspects nicked in raids today Ukrainian police have arrested five people on suspicion of operating a ransomware gang, including a husband-and-wife team, following tipoffs from UK law enforcement.…

New GootLoader Campaign Targets Accounting, Law Firms

5 days ago

GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.

Redefining the CISO-CIO Relationship

5 days ago

While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another.

Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US

5 days ago

Schrems II ruling continues to trouble transatlantic data sharing The Austrian data protection authority has ruled that use of Google Analytics by a German company is in breach of European law in light of the Schrems II EU-US data sharing ruling.…

Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking

5 days ago

The vulnerability was patched this week in Microsoft's set of security updates for January 2022.

Adobe Cloud Abused to Steal Office 365, Gmail Credentials

5 days ago

Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered.

When open-source developers go bad

5 days ago

JavaScript developer Marak Squires wasn't happy about not making money from his open-source libraries, so he deliberately corrupted them, leaving programmers and end-users with dead-in-the-water programs.

Norton's cynical crypto ploy: A dark harbinger of crapware to come?

5 days ago

Anti-malware vendors are taking a page from the malware makers they're supposed to be policing. What if all software vendors decide to embed crypto-miners and skim the profits?

Admins report Hyper-V and domain controller issues after first Patch Tuesday of 2022

5 days ago

Start as you mean to go on, Microsoft Microsoft's first Patch Tuesday of 2022 has, for some folk, broken Hyper-V and sent domain controllers into boot loops.…

Ransomware locks down prison, knocks systems offline

5 days ago

Inmates were confined to their cells as a result of the cyberattack.

UK jails man for spying on kids, adults with Remote Access Trojans

5 days ago

Malware was used to take explicit photos and videos.

Volunteer Dutch flaw finders bag $100k to forward national bug bounty goal

5 days ago

Huntress Labs tips some loose change into vuln-spotters' cup The Dutch Initiative for Vulnerability Disclosure has scored $100k towards its founder's hope of a nationwide bug bounty available for anything at all.…

Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry

5 days ago

A deep dive into threats against this sector reveals the top threats organizations should keep in mind.

Telstra to flag recent SIM swaps when banks ask

5 days ago

Telco to provide a risk rating back to banks in an effort to prevent SIM swapping.

NSO spyware found targeting journalists and NGOs in El Salvador

6 days ago

Citizen Lab and Access Now find hacking was taking place while journalists were reporting on issues surrounding President Bukele.

US Cyber Command links MuddyWater to Iranian intelligence

6 days ago

Official notice confirms suspicion that the group is state-backed.

Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw

6 days ago

In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.

Oxeye Introduce Open Source Payload Deobfuscation Tool

6 days ago

Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.

Maryland officials confirm ransomware attack shut down Department of Health

6 days ago

Health officials said they have to figure out COVID-19 statistics by hand because of the attack.