security.didici.cc
Apple Patches 3 More Zero-Days Under Active Attack
18 minutes agoOne of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
This ransomware-dropping malware has swapped phishing for a sneaky new attack route
1 hour agoAnd it's using cryptographically signed bogus Java apps to avoid detection.
FBI arrests 75-year-old for allegedly placing pipe bombs outside phone, carrier stores
2 hours agoThe suspect was reportedly upset over handsets being used to spread "immoral content."
Stop worrying that crims could break the 'net, say cyber-diplomats – only nations have tried
4 hours agoGlobal Commission on the Stability of Cyberspace is a bit miffed its 'Don't attack the internet core' norm is misunderstood The Global Commission on the Stability of Cyberspace (GCSC) is worried its guidance on preventing the internet and all it connects ...
Apple warns of arbitrary code execution zero-day being actively exploited on Macs
6 hours agoRemember iPods? The same bug can bite them, and plenty of older iPhones and iPads too Apple has warned iPhone and Mac users that it's aware of a zero-day bug that's being actively exploited.…
Taiwan's bid to enter CPTPP meets firm opposition from China
11 hours agoTaiwan's Ministry of Foreign Affairs has labelled China's own bid to join the CPTPP as an attempt to block Taiwan out.
REvil Affiliates Confirm: Leadership Were Cheating Dirtbags
12 hours agoAfter news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court."
Education sector has improving window of exposure despite lower remediation rates and higher than average time to fix: report
13 hours agoAn NTT report examined how applications in the education sector are being protected.
Apple releases patches for Catalina and iOS 12.5.5 vulnerabilities
14 hours agoOne of the vulnerabilities was discovered by Citizen Lab and another was found by the Google Threat Analysis team.
5 Tips for Achieving Better Cybersecurity Risk Management
16 hours agoCasey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.
100M IoT Devices Exposed By Zero-Day Bug
17 hours agoA high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.
FamousSparrow APT Spies On Hotels, Governments
20 hours ago
Will Crypto Exchange Sanctions Slow Ransomware?
20 hours ago
VoIP Company Battles Massive Random DDoS Attack
20 hours ago
FamousSparrow APT Wings in to Spy on Hotels, Governments
21 hours agoA custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe.
Home alone after school: A safety guide for kids
21 hours agoOur guide was created to help families prepare for a child being home alone. Use this safety guide to help your kids prepare to stay safe when they're on their own.
Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police
22 hours agoDigital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.
ROT8000
22 hours agoROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that is).
Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products
22 hours agoOnce available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.
Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API
22 hours agoDomain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.
UK Ministry of Defence apologises – again – after another major email blunder in Afghanistan
22 hours agoThis time affecting candidates for potential relocation A second leak of Afghan interpreters' personal data was reportedly committed by the Ministry of Defence, raising further questions about the ministry's commitment to the safety of people in Afghanist ...
Get a lifetime of easy, automatic encryption for all of the files on your computer for just $30
22 hours agoThe peace of mind that comes with never again have to worry about the security of your most sensitive data is absolutely priceless, and now it's also perfectly affordable.
Large-Scale Phishing-as-a-Service Operation Exposed
1 day agoDiscovery of BulletProofLink—which provides phishing kits, email templates, hosting and other tools—sheds light on how wannabe cybercriminals can get into the business.
VoIP company battles massive ransom DDoS attack
1 day ago'Massive' distributed denial of service attack hits internet telephony company.
Ransomware attackers targeted this company. Then defenders discovered something curious
1 day agoCybersecurity researchers detail a mysterious attack that uses sophisticated techniques to deliver a relatively unsophisticated ransomware. The question is, why?
Researchers finger new APT group, FamousSparrow, for hotel attacks
1 day agoEspionage motive mooted in attacks which hit industry, government too Researchers at security specialist ESET claim to have found a shiny new advanced persistent threat (APT) group dubbed FamousSparrow - after discovering its custom backdoor, SparrowDoor, ...
New advanced hacking group targets governments, engineers worldwide
1 day agoThe APT was one of many groups that took part in the Microsoft Exchange Server hacks.
ANZ reports a 73% year-on-year increase in scams for the first eight months of 2021
1 day agoANZ is now pushing for more support to address the rising scam numbers.
Exchange auto-config protocol leaks Windows logins en masse
1 day agoFirewall off Autodiscover domains to mitigate.
LG acquires Israeli automotive cybersecurity startup Cybellum
1 day agoThe South Korean company has acquired startup Cybellum, which offers risk assessment software that scans vehicles for security vulnerabilities.
Zoom's $15bn merger with Five9 probed by Uncle Sam for national security risks
1 day agoVid-chat giant's ties to China under the microscope by AG-led panel Zoom’s ties to China are at the center of a US government investigation into the video-conferencing giant's $15bn plan to take over Five9, a California call-center-in-the-cloud.
…
CISA releases advisory on Conti ransomware, notes increase in attacks after more than 400 incidents
1 day agoCISA did a deep dive on the Conti ransomware, providing information for those protecting organizations.
Druva's 'curated recovery' aimed at faster ransomware incident resolution
1 day agoNew addition to security platform recovers individual files in their most recent 'clean' state.
Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters
1 day agofile:// is blocked? Oh OK, we'll just use File:// or fiLE://... Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem.…
Crystal Valley Farm Coop Hit with Ransomware
1 day agoIt's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.
Brazilian government launches data protection campaign
1 day agoThe aim is to convey information on the topic to citizens and businesses in a simple manner
Lithuania tells its citizens to throw Xiaomi mobile devices in the bin
1 day agoBaltic state's cyber security centre uncovers remote censorship blocklist function in Mi 10T handset Lithuania's National Cyber Security Centre has told its citizens to get rid of Xiaomi-made mobile devices amid fears that the Chinese company could remote ...
Internet users stressed out by cyberattack news: Kaspersky
1 day ago2,500 people in the US and Canada were asked about their thoughts on internet usage during COVID-19 and cybersecurity.
Netgear SOHO Security Bug Allows RCE, Corporate Attacks
1 day agoThe issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security.
UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data
1 day agoThe UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.
Unpatched Apple Zero-Day in macOS Finder Allows Code Execution
1 day agoAll a user needs to do is click on an email attachment, and boom -- the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.
How REvil May Have Ripped Off Its Own Affiliates
1 day agoA newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments.
Lithuania says throw away Chinese phones due to censorship concerns
1 day agoSoftware filters for phrases.
Crystal Valley Cooperative becomes latest agriculture business hit with ransomware
1 day agoThe company released a statement on Tuesday evening but its websites are now down.
How The Mafia Is Pivoting To Cybercrime
1 day ago
VMware Warns of Ransomware-Friendly Bug in vCenter Server
1 day agoVMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.
Best VPN for Windows PC 2021
1 day agoAre you looking for a VPN service provider with good Windows performance? In this article, we spotlight four providers who offer excellent support for Windows and laptop users.
TikTok, GitHub, Facebook Join Open-Source Bug Bounty
1 day agoThe initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.
Mozilla's latest privacy ranking slaps 'Privacy Not Included' tag on Facebook Messenger, WeChat and Houseparty
1 day agoSlack also faced criticism from Mozilla researchers for not allowing users to block contacts.
FBI Had the REvil Decryption Key
1 day agoThe Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based crim ...
Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts
1 day agoThe action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime.
More than 1 in 3 people have tried to guess someone else's password: 3 in 4 succeed
1 day agoAccording to a new study, one in 10 people believe someone could guess their password by looking through their social media.
This cryptocurrency miner is exploiting the new Confluence remote code execution bug
1 day agoIt didn't take long for CVE-2021-26084 to be added to exploit kits.
Microsoft Autodiscover abused to collect web requests, credentials
1 day agoResearchers were able to exploit a protocol design feature on a vast scale.
Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials
1 day ago
DDoS attacks are becoming more prolific and more powerful, warn cybersecurity researchers
2 days agoA report warns about a rise in DDoS attacks as cyber criminals get more creative with ways to make campaigns more disruptive.
This phishing-as-a-service operation is responsible for many attacks against businesses, says Microsoft
2 days agoA phishing operation hides in plain sight and turns credential theft into a consumer product.
RCE is back: VMware details file upload vulnerability in vCenter Server
2 days agoOnce again, if a malicious actor can hit port 443 on vCenter Server, it's goodnight nurse.
Democracy advocate finds internet freedom has declined globally for 11th consecutive year
2 days agoA non-government organisation says internet freedom globally has deteriorated as more countries have pursued new rules for tech companies on content, data, or competition over the past year.
Chrome willing to take performance hit to prevent use-after-free bugs
2 days agoVarious attempts will be made in the browser to make memory handling safer.
Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware
2 days agoFile upload vuln lets miscreants hijack vCenter Server VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround.…
US Feds sat on REvil decryption key for three weeks: report
2 days agoWanted to use it to disrupt ransomware raiders.
Zoom's $14.7 billion deal for Five9 under US national security review
2 days agoA government review into the Zoom-Five9 deal will result in the deal's application for approval being halted for the time being.
Database containing personal info on 106m people who traveled to Thailand found open to the internet – report
2 days agoMisconfigured Elasticsearch server blamed A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week.…
After ransomware attack, company finds 650+ breached credentials from NEW Cooperative CEO, employees
2 days agoAccording to FYEO, "chicken1" was used over 10 times by employees at the company.
Biden sanctions cryptocurrency exchange over ransomware attacks
2 days agoSuex OTC targeted.
US Treasury Dept. sanctions Russian cryptocurrency exchange for work with ransomware groups
2 days agoRussia-based cryptocurrency exchange Suex was sanctioned for its role in facilitating massive ransomware transactions.
Suex to be you: Feds sanction cryptocurrency exchange for handling payments from 8+ ransomware variants
2 days agoRussia-based biz targeted in Uncle Sam's crack down on cyber-extortion The US Treasury on Tuesday sanctioned virtual cryptocurrency exchange Suex OTC for handling financial transactions for ransomware operators, an intervention that's part of a broad US g ...
Epik Confirms Hack, Gigabytes of Data on Offer
2 days ago"Time to find out who in your family secretly ran ... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.
Google unveils results of DevOps report, finding increase in public cloud use
2 days agoMore than half of all respondents said they used a public cloud, a 5% bump compared to 2019, and 21% additionally said they deploy multiple public clouds.
Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?
2 days agoNick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.
Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
2 days ago“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
Users increasingly willing to abandon digital platforms that demand personal info, stringent passwords and time-consuming forms: study
2 days agoNearly 80% of respondents to a Ping Identity survey said they have abandoned or stopped creating an online account for a variety of reasons.
Nutanix announces new features for Cloud Platform
2 days agoNutanix is launching AOS version 6, Nutanix Era and other new tools to help customers manage data and build out software-defined data centers.
BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom
2 days agoCritical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.
46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?
2 days agoAre organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old.
Multi-party breaches cause 26-times the financial damage of the worst single-party breach: Report
2 days agoThe researchers found that when a ripple event triggers a loss of income, it can lead to losses of $36 million per event.
HackerOne expands Internet Bug Bounty project to tackle open source bugs
2 days agoOpen source code is used by most companies. It's time to improve its security.
Fix network printing or keep Windows secure? Admins would rather disable PrintNightmare patch
2 days ago
Average consumer spending $273 per month on subscription services: report
2 days agoPeople are spending 15% more than they did in 2018, equalling an extra $430 spent each year.
Four months on from sophisticated cyberattack, Alaska's health department is still recovering
2 days agoAlaska is still dealing with the fallout of a hack - and its health department warns members of the public their personal data might have been stolen, too.
Turla hacking group launches new backdoor in attacks against US, Afghanistan
2 days agoThe Russian cyberattackers are using the new module to become more stealthy.
UK Ministry of Defence apologises after Afghan interpreters' personal data exposed in email blunder
3 days agoWe joke about lethal consequences of failure but this isn't funny The UK's Ministry of Defence has launched an internal investigation after committing the classic CC-instead-of-BCC email error – but with the names and contact details of Afghan interpret ...
Alaska’s Department of Health and Social Services Hack
3 days agoApparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination.
Siemens launches AI solution to fight industrial cybercrime
3 days agoEos.ii will monitor for threats against industrial IoT endpoints and platforms.
Euro police break up large online fraud gang
3 days agoOver 100 arrests made.
iOS 15 lets you spy on apps that might be spying on you
3 days agoThis should be a powerful and eye-opening feature.
Mafia works remotely, too, it seems: 100+ people suspected of phishing, SIM swapping, email fraud cuffed
3 days agoDare we say, these Euro cops ran mobprobe Police arrested 106 people suspected of carrying out online fraud for an organized crime gang linked to the Italian Mafia, Europol said on Monday.…
You’ve trained at the cutting edge, here’s how to keep your DFIR skills razor sharp
3 days agoSometimes the most important tool is a bookmark Sponsored There’s nothing like five or six days of in-depth training with SANS Institute to develop cutting-edge Digital Forensics and Incident Response security skills.…
Trend Micro launches first data centre region in Australia
3 days agoThe Sydney-based Trend Micro data centre region is expected to be one of many globally planned for launch by the security giant.
Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate
3 days agoDrivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.
Apache OpenOffice can be hijacked by malicious documents, fix still in beta
3 days agoIf you need another reason to try an alternative software suite Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta softwar ...
Europol Breaks Open Extensive Mafia Cybercrime Ring
3 days agoOrganized crime ring thrived on violence, intimidation and $12 million in online fraud profits.
Iowa farm services provider hit with BlackMatter ransomware and $5.9 million ransom
3 days agoSecurity researchers leaked conversations between New Cooperative negotiators and BlackMatter operators.
Payment API Bungling Exposes Millions of Users’ Payment Data
3 days agoMisconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
Ransomware recovery: Start getting back up before you’re even hit
3 days agoHere’s how to put your plan together Sponsored What’s the first step to recovering from a ransomware attack? Making sure you have a recovery plan in place well before you get attacked.…
BSidesSF Call For Papers Announced
3 days ago
Cloud security company Threat Stack acquired by F5 for $68 million
3 days agoThe deal is expected to be finalized in F5's first-quarter fiscal year 2022, ending December 31, 2021.
Phishing attacks: Police make 106 arrests as they break up online fraud group
3 days agoOrganised crime operation used phishing and business email compromise attacks.
Trust, but verify: An in-depth analysis of ExpressVPN's terrible, horrible, no good, very bad week
3 days agoIn light of ExpressVPN's double-whammy of troubling news, we take a deep dive into the facts, and whether you can feel safe or suspicious about using one of the world's most popular VPNs.
Bring Your APIs Out of the Shadows to Protect Your Business
3 days agoAPIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before at ...
Google: This major app change is coming to billions of Android devices soon
3 days agoGoogle is rolling out a privacy-enhancing answer to all those forgotten and unused Android apps once granted access to your sensitive data.
Facebook rebukes WSJ over investigation on the platform's ability to harm, 'toxic' impact
4 days agoFacebook says the series contains "deliberate mischaracterizations.&quo
t;
Victoria embarks on govt cyber security uplift
4 days agoSets out five-year cyber security plan.
Victoria launches five-year, AU$50 million cyber strategy
4 days agoThe new strategy is based on three core missions of improving the delivery of government services, creating a cyber safe place, and creating a 'vibrant' cyber economy.
Tick, tick, tick … TikTok China just limited kids to 40 minutes' use each day
4 days agoAnd added a bug bounty program to detect any holes in its 'youth mode' Douyin, the Chinese app known as TikTok outside the Middle Kingdom, has imposed limits on usage time for kids.…
Bendigo and Adelaide Bank revamps cyber security awareness training
4 days agoAlso increases technology investment under 'holistic approach'.
US to target ransomware payments in cryptocurrency with sanctions
4 days agoTo make it more difficult for hackers to profit from attacks.
Get two extra displays for your laptop plus a lifetime of powerful VPN protection
5 days agoNow you can take your ninja multitasking skills on the road, plus browse and work online worry-free forever.
TTEC hit with ransomware attack, hampering work for major clients
6 days agoKrebsonSecurity reported that teams servicing Bank of America, Verizon and others were unable to work.
Yes, of course, there's now malware for Windows Subsystem for Linux
6 days agoOnce dismissed proof-of-concept attack on Microsoft OS through WSL detected in the wild Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem ...
Friday Squid Blogging: Ram’s Horn Squid Shells
6 days agoYou can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Best VPN for iPhone and iPad 2021
6 days agoAre you looking for a VPN service provider that integrates well into iOS? We spotlight four providers who offer top-notch iPhone and iPad clients.
$133 million lost in online romance scams in 2021: FBI
6 days agoThe FBI said there were more than 1,800 complaints about online romance scams from January to August.
Porn Problem: Adult Ads Persist on US Gov’t, Military Sites
6 days agoCities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.
Something phishy: Tech recruiters jabbed by fake COVID-19 Passport scam
6 days agoTells clients it is tackling the issue An IT recruitment agency says a "phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport."…
CISA warns of APT actors exploiting newly identified vulnerability in ManageEngine ADSelfService Plus
6 days agoZoho released a patch for the issue on September 6.
Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do
6 days agoJeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.
Is it OK to use stolen data? What if it's scientific research in the public interest?
6 days agoNot always, but Swiss team says you can manage the risks There's a fine line between getting hold of data that may be in the public interest and downright stealing data just because you can. And simply because the data is out there – having been stolen ...
AT&T Phone-Unlocking Malware Ring Costs Carrier $200M
6 days agoWith the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan.
Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
6 days agoMicrosoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.
Zero-Click iMessage Exploit
1 week agoCitizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.
This banking Trojan abuses YouTube to manage remote settings
1 week agoThe spam-spread malware is another headache for Latin America in the cybersecurity realm.
Cyberattacks against the aviation industry linked to Nigerian threat actor
1 week agoThe investigation began after a Microsoft tweet concerning AsyncRAT.
China formally applies to join CPTPP trade pact
1 week agoThe Middle Kingdom would need existing CPTPP members like Australia to reach a consensus for allowing it the join.
WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job
1 week agoClouds usually fix this sort of thing before bugs go public. This time it's best to assume you need to do this yourself Microsoft Azure users running Linux VMs in the company's Azure cloud need to take action to protect themselves against the four "OMIGOD ...
How surveillance capitalism will totally transform the domain name system
1 week agoAPNIC's Geoff Huston predicts a world where paranoid apps add 'oblivion' to the DNS to protect privacy. Their privacy, not yours.
NSW to trial geolocation and facial recognition app for home-based quarantine
1 week agoAlong with the NSW trial, Tasmania will also begin a home-based quarantine trial for residents returning from regional New South Wales next week.
CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug
1 week agoThe newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
IAG is restructuring its security operations
1 week ago'Fuses' functions together to form a new division.
Facebook targets harmful real networks using playbook against fakes
1 week agoAdopts more aggressive approach.
Aviation-themed phishing campaign pushed off-the-shelf RATs into inboxes for 5 years
1 week agoNot all promises of international flight itineraries are real, warns Cisco Talos A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos.…