security.didici.cc
RSA 2022: Omdia Research Take Aways
agoThe RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.
Trio accused of selling $88m of pirated Avaya licenses
2 hours agoRogue insider generated keys, resold them to blow the cash on gold, crypto, and more, prosecutors say Three people accused of selling pirate software licenses worth more than $88 million have been charged with fraud.…
Routing security falling short in Australian, New Zealand networks
4 hours agoNetworks expose users to hijack.
Uber ex-security chief must face fraud charges
4 hours agoAccused of hacking cover up.
Crypto crash threatens North Korea's stolen funds
4 hours agoHackers' plunder drops substantially in value.
Walmart accused of turning blind eye to transfer fraud totaling millions of dollars
5 hours agoStore giant brands watchdog's lawsuit 'factually misguided, legally flawed' The FTC has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "hundreds of millions of dollars."…
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign
9 hours agoThe clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.
Mastercard passes first of three Australian TDIF accreditations
9 hours agoCan act as digital ID exchange.
The Good Guys pauses facial recognition trial
9 hours agoOver privacy complaint.
Google Analytics Continues to Lose SEO Visibility as Bans Continue
10 hours agoGoogle Analytics has been found to be in violation of GDPR privacy laws by Italy — the third country to ban it.
'Raccoon Stealer' Scurries Back on the Scene After Hiatus
10 hours agoResearchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting.
China-Backed APT Pwns Building-Automation Systems with ProxyLogon
11 hours agoThe previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.
Atlassian Confluence Exploits Peak at 100K Daily
12 hours agoSwarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.
Can Zero-Knowledge Crypto Solve Our Password Problems?
12 hours agoCreating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.
A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset
13 hours agoDevelopers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.
Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter
14 hours agoLike a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).
Mitel VoIP Bug Exploited In Ransomware Attacks
15 hours ago
The Abortion Clues That Can Hide On Your Phone
15 hours ago
Customized malware coded to target OT systems
16 hours agoProtection starts with having the right network design, says Rockwell Automation Sponsored Feature Malware targeting operational technology (OT) and industrial controls systems (ICS) doesn't come along very often. But when it does, it's worth paying clo ...
AMD targeted by RansomHouse, cybercrims claim to have '450Gb' in stolen data
16 hours agoRelatively cybercrime newbies not clear on whether it's alleging to have gigabits or gigabytes of chip biz's data If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the pr ...
Dragonbridge influencers targets rare earth miners, encourages protests to disrupt production
16 hours agoResearchers say that China has 'crossed the line' again with the new online campaign.
How to Find New Attack Primitives in Microsoft Azure
16 hours agoAbuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.
Codenotary introduces Software Bill of Materials service for Kubernetes
16 hours agoCodenotary's new service enables you to monitor what's running in your Kubernetes-managed container clusters -- vital knowledge for security.
Have you modelled the attack paths into your organization? Because an attacker already has
17 hours agoJoin this webinar to find out how to block them Webinar What does your tech infrastructure look like to the outside world? You might think it looks like an impenetrable fortress or a black box. You're probably wrong.…
Top Six Security Bad Habits, and How to Break Them
17 hours agoShrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.
New Vulnerability Database Catalogs Cloud Security Issues
17 hours agoResearchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available.
Mitel VoIP Bug Exploited in Ransomware Attacks
17 hours agoResearchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade
18 hours agoCyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.
Ransomware attacks are the biggest global cyber threat and still evolving, warns cybersecurity chief
18 hours agoRansomware attacks 'strike hard and fast', warns NCSC chief.
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
18 hours agoCISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.
When Security Locks You Out of Everything
19 hours agoThought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the ...
How can I improve my Windows laptop's battery life? [Ask ZDNet]
19 hours agoGot a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer.
Tencent admits to poisoned QR code attack on QQ chat platform
1 day agoCould it be Beijing was right about games being bad for China? Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform.…
Carnival Cruises torpedoed by US states, agrees to pay $6m after waves of cyber attacks
1 day agoNow those are some phishing boats Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive personal information on customers and employees was accessed in a string of cyber attacks. ...
India extends deadline for compliance with infosec logging rules by 90 days
1 day agoHelpfully announced extension on deadline day India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduc ...
Collins Foods puts IT focus on security controls, cloud services
1 day agoCreates three-year strategy to improve control 'maturity'.
OpenSSL subject to remote memory corruption
1 day agoResearcher discovery sparks vulnerability controversy.
Origin Energy goes public with bug bounty program
1 day agoBugcrowd now open to all.
NIST Finalizes macOS Security Guidance
1 day agoNIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints.
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
1 day agoThough severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, ...
LGBTQ+ folks warned of dating app extortion scams
1 day agoUncle Sam tells of crooks exploiting Pride Month The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.…
Federal, State Agencies' Aid Programs Face Synthetic Identity Fraud
1 day agoBalancing public service with fraud prevention requires rule revisions and public trust.
LockBit 3.0 Debuts with Ransomware Bug Bounty Program
1 day agoLockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing.
ACCC starts review of Google's Mandiant buyout
1 day agoSeeks public views.
Australian retailers named in facial recognition complaint
1 day agoRetailers dispute 'characterisation�
39; of technology.
Shadow IT Spurs 1 in 3 Cyberattacks
1 day agoCerby platform emerges from stealth mode to let users automate security for applications outside of the standard IT purview.
Best cybersecurity schools and programs
1 day agoExplore the best cybersecurity schools and programs that outrank the competition with acceptance rates, graduation rate performance, and graduation and retention rates.
Thrive Acquires DSM
1 day agoDSM is now the third acquisition by Thrive in Florida in the past six months.
It's a Race to Secure the Software Supply Chain — Have You Already Stumbled?
1 day agoIf you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up.
Hacking gets dangerously real: 8 cybersecurity predictions to watch out for
1 day agoZero trust troubles and more ransomware regulation also make tech analyst Gartner's list of factors you need to plan for.
2022 Workshop on Economics and Information Security (WEIS)
1 day agoI did not attend WEIS this year, but Ross Anderson was there and liveblogged all the talks.
Contractor loses entire Japanese city's personal data in USB fail
1 day agoAlso, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details In brief A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 resid ...
Beijing probes security at academic journal database
2 days agoIt's easy to see why – the question is, why now? China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.…
Carnival fined US$5m for cyber security violations
2 days agoExposed substantial amounts of sensitive customer data.
Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players
2 days agoBut welcomes fast cross-border payments in central bank digital currencies In the same week that it welcomed the launch of a local center of excellence focused on crypto-inspired central bank digital currencies, Singapore's Monetary Authority (MAS) has wa ...
Study for certified cybersecurity expert exams with this $49 training
2 days agoStart your training here for a career in penetration testing and "white hat" hacking.
Launch a cybersecurity career with this $39 boot camp on risk management
2 days agoThese tutorials cover NIST and all the best practices for government cybersecurity.
The top of the whale
4 days agoPosted by Dave Aitel via Dailydave on Jun 24People think that finding vulnerabilities is about finding holes in code. But at some level it's not really about that. It's about understanding that the code itself is a hole in the swirling chaos of the world ...
Threat Intelligence Services Are Universally Valued by IT Staff
4 days agoMost of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.
More than $100m in cryptocurrency stolen from blockchain biz
4 days ago'A humbling and unfortunate reminder' that monsters lurk under bridges Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.…
Why We're Getting Vulnerability Management Wrong
4 days agoSecurity is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.
Friday Squid Blogging: Squid Cubes
4 days agoResearchers thaw squid frozen into a cube and often make interesting discoveries. (Okay, this is a weird story.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guide ...
APT Groups Swarming on VMware Servers with Log4Shell
4 days agoCISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.
Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say
4 days agoA new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?
US watchdog is worried cyber insurance won't cover 'catastrophic cyberattacks'
4 days agoThe US government's cyber insurance only covers certain events and maybe not ones that could destroy IT systems.
7 Steps to Stronger SaaS Security
4 days agoContinuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.
Google details commercial spyware that targets both Android and iOS devices
4 days agoHermit highlights a wider issue concerning our privacy and freedom.
The Cybersecurity Talent Shortage Is a Myth
4 days agoWe have a tech innovation problem, not a staff retention (or recruitment) problem.
Scalper bots are snapping up appointments for government services in Israel
4 days agoScalpers are snapping up public service appointments and selling them on.
Without Conti On The Scene, LockBit 2.0 Leads Ransomware Attacks
4 days agoAnalysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.
CISA: Hackers are still using Log4Shell to breach networks, so patch your systems
4 days agoPatch your systems, says cybersecurity agency, because attackers are using these flaws.
On the Dangers of Cryptocurrencies and the Uselessness of Blockchain
4 days agoEarlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote ...
Google Warns Spyware Being Deployed Against Android, iOS Users
4 days agoThe company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
When I reset my Windows PC, I ended up with Home edition. How do I get my Pro upgrade back? [Ask ZDNet]
4 days agoGot a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer.
Google: How we tackled this iPhone, Android spyware
4 days agoWatching people's every move and collecting their info – not on our watch, says web ads giant Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular ne ...
iPhone users: Google Chrome browser on iOS is getting these five new features
4 days agoGoogle offers up better password management for Chrome on iOS to appeal to iPhone users who stick with Safari.
Qld gov proposes mandatory data breach reporting for agencies
4 days agoAsks for feedback on state-based scheme.
Beijing-backed attackers use ransomware as a decoy while they conduct espionage
4 days agoThey're not lying when they say 'We stole your data' – the lie is about which data they lifted A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Sec ...
Critical Splunk bug propagates code execution
5 days agoPatch now, because all endpoints are vulnerable.
Researchers hacked Oracle servers to demo serious vulnerability
5 days agoThe "Miracle Exploit" left unpatched for six months.
Don't remove PowerShell: US, UK and NZ security agencies
5 days agoPowerful command line interface essential to securing Windows.
Threat actors worked with ISPs to plant malware from Italian spyware vendor
5 days agoEU Parliamentary hears how RCS Labs tactics are used to target victims.
Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
5 days agoBronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says.
Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings
5 days agoJohnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform.
ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities
5 days agoShiftLeft's Manesh Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
;
Pair of Brand-New Cybersecurity Bills Become Law
5 days agoBipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.
The Rise, Fall, and Rebirth of the Presumption of Compromise
5 days agoThe concept might make us sharp and realistic, but it's not enough on its own.
Reinventing How Farming Equipment Is Remotely Controlled and Tracked
5 days agoFarmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.
Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign
5 days agoMalicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.
$6b mega contract electronics vendor Sanmina jumps into zero trust
5 days agoThe Fortune 500 electronics manufacturer was an early adopter of Google Cloud, which led to a search for a new security architecture Matt Ramberg is the vice president of information security at Sanmina, a sprawling electronics manufacturer with close to ...
Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS
5 days agoLatest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.
How APTs Are Achieving Persistence Through IoT, OT, and Network Devices
5 days agoTo prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.
CISA warns over software flaws in industrial control systems
5 days agoWeaknesses in operational technology systems need to be addressed.
These hackers are spreading ransomware as a distraction - to hide their cyber spying
5 days agoFive ransomware strains have been linked to Bronze Starlight activities.
80% of Legacy MSSP Users Planning MDR Upgrade
5 days agoFalse positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds.
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
5 days agoThe APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security
5 days agoThe credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.
On the Subversion of NIST by the NSA
5 days agoNadiya Kostyuk and Susan Landau wrote an interesting paper: “Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process“: Abstract: In recent decades, the U.S. National Institute of Standards and Technology (NIST ...
NSA, CISA say: Don't block PowerShell, here's what to do instead
5 days agoPowerShell is often abused by attackers but defenders should not switch off the Windows command-line tool, warn cybersecurity agencies.
Your email is a major source of security risks and it's getting worse
5 days agoCriminals still like using email to phish credentials but ransomware delivered by email has tapered off.
Halfords suffers a puncture in the customer details department
5 days agoI like driving in my car, hope my data's not gone far UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.…
Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
5 days agoUse it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows ...
Europol arrests nine suspected of stealing 'several million' euros via phishing
5 days agoVictims lured into handing over online banking logins, police say Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering.…
Organizations Battling Phishing Malware, Viruses the Most
6 days agoOrganizations may not encounter malware targeting cloud systems or networking equipment frequently, but the array of malware they encounter just occasionally are no less disruptive or damaging. That is where the focus needs to be.
Mega's unbreakable encryption proves to be anything but
6 days agoBoffins devise five attacks to expose private files Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can on ...
Microsoft 365 Users in US Face Raging Spate of Attacks
6 days agoA voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.
Synopsys Completes Acquisition of WhiteHat Security
6 days agoAddition of WhiteHat Security provides Synopsys with SaaS capabilities and dynamic application security testing (DAST) technology.
Cisco warns of security holes in its security appliances
6 days agoBugs potentially useful for rogue insiders, admin account hijackers Cisco has alerted customers to four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. …
Aqua Security Collaborates With Center for Internet Security to Create Guide for Software Supply Chain Security
6 days agoIn addition, Aqua Security unveiled a new open source tool, Chain-Bench, for auditing the software supply chain to ensure compliance with the new CIS guidelines.
Neustar Security Services Launches Public UltraDNS Health Check Site
6 days agoOpen service generates free report detailing potential gaps in compliance, configuration, and security for a user’s multiple domain names.
What, exactly, is cybersecurity? And why does it matter?
6 days agoCyberattacks steal data and cause millions in economic costs. Learn what cybersecurity professionals do and how to protect your data with our guide.
Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign
6 days agoResearchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.
Blind trust in open source security is hurting us: Report
6 days agoThe Linux Foundation and Snyk's report, The State of Open Source Security, finds open source security faces hard challenges even as it becomes more popular than ever.
Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts
6 days agoDon't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.
Israeli air raid sirens triggered in possible cyberattack
6 days agoSource remains unclear, plenty suspect Iran Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. …
Getting a Better Handle on Identity Management in the Cloud
6 days agoTreat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.
Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops
6 days agopartnership lets users access one-click ScreenMeet sessions from the Tanium platform.
Zscaler and AWS Expand Relationship
6 days agoZscaler also announced innovations built on Zscaler’s Zero Trust architecture and AWS.
Zscaler Launches Posture Control Solution
6 days agoEnables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.
Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange
6 days agoOrganizations can strengthen their network defense with a number of intelligent security innovations.
Evolving Beyond the Password: Vanquishing the Password
6 days agoUsing WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)
The Risk of Multichannel Phishing Is on the Horizon
6 days agoThe cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.
Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons
6 days agoRussian hackers continue their attempts to break into the systems of Ukrainian organisations, this time with phishing and fake emails.
GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar
6 days agoWe as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.
80% of Firms Suffered Identity-Related Breaches in Last 12 Months
6 days agoWith almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.
DARPA study challenges assumptions about distributed ledger (and Bitcoin) security
6 days agoBlockchain not as decentralised as many assume, finds Pentagon sponsored research US government sponsored research is casting new light on the security of blockchain technology, including the assertion that a subset of a distributed ledger's participants ...
Gamification of Ethical Hacking and Hacking Esports
6 days agoJoseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.