security.didici.cc

Apple Patches 3 More Zero-Days Under Active Attack

18 minutes ago

One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.

This ransomware-dropping malware has swapped phishing for a sneaky new attack route

1 hour ago

And it's using cryptographically signed bogus Java apps to avoid detection.

FBI arrests 75-year-old for allegedly placing pipe bombs outside phone, carrier stores

2 hours ago

The suspect was reportedly upset over handsets being used to spread "immoral content."

Stop worrying that crims could break the 'net, say cyber-diplomats – only nations have tried

4 hours ago

Global Commission on the Stability of Cyberspace is a bit miffed its 'Don't attack the internet core' norm is misunderstood The Global Commission on the Stability of Cyberspace (GCSC) is worried its guidance on preventing the internet and all it connects ...

Apple warns of arbitrary code execution zero-day being actively exploited on Macs

6 hours ago

Remember iPods? The same bug can bite them, and plenty of older iPhones and iPads too Apple has warned iPhone and Mac users that it's aware of a zero-day bug that's being actively exploited.…

Taiwan's bid to enter CPTPP meets firm opposition from China

11 hours ago

Taiwan's Ministry of Foreign Affairs has labelled China's own bid to join the CPTPP as an attempt to block Taiwan out.

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

12 hours ago

After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court."

Education sector has improving window of exposure despite lower remediation rates and higher than average time to fix: report

13 hours ago

An NTT report examined how applications in the education sector are being protected.

Apple releases patches for Catalina and iOS 12.5.5 vulnerabilities

14 hours ago

One of the vulnerabilities was discovered by Citizen Lab and another was found by the Google Threat Analysis team.

5 Tips for Achieving Better Cybersecurity Risk Management

16 hours ago

Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.

100M IoT Devices Exposed By Zero-Day Bug

17 hours ago

A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.

FamousSparrow APT Wings in to Spy on Hotels, Governments

21 hours ago

A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe.

Home alone after school: A safety guide for kids

21 hours ago

Our guide was created to help families prepare for a child being home alone. Use this safety guide to help your kids prepare to stay safe when they're on their own.

Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police

22 hours ago

Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.

ROT8000

22 hours ago

ROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that is).

Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products

22 hours ago

Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.

Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API

22 hours ago

Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.

UK Ministry of Defence apologises – again – after another major email blunder in Afghanistan

22 hours ago

This time affecting candidates for potential relocation A second leak of Afghan interpreters' personal data was reportedly committed by the Ministry of Defence, raising further questions about the ministry's commitment to the safety of people in Afghanist ...

Get a lifetime of easy, automatic encryption for all of the files on your computer for just $30

22 hours ago

The peace of mind that comes with never again have to worry about the security of your most sensitive data is absolutely priceless, and now it's also perfectly affordable.

Large-Scale Phishing-as-a-Service Operation Exposed

1 day ago

Discovery of BulletProofLink—which provides phishing kits, email templates, hosting and other tools—sheds light on how wannabe cybercriminals can get into the business.

VoIP company battles massive ransom DDoS attack

1 day ago

'Massive' distributed denial of service attack hits internet telephony company.

Ransomware attackers targeted this company. Then defenders discovered something curious

1 day ago

Cybersecurity researchers detail a mysterious attack that uses sophisticated techniques to deliver a relatively unsophisticated ransomware. The question is, why?

Researchers finger new APT group, FamousSparrow, for hotel attacks

1 day ago

Espionage motive mooted in attacks which hit industry, government too Researchers at security specialist ESET claim to have found a shiny new advanced persistent threat (APT) group dubbed FamousSparrow - after discovering its custom backdoor, SparrowDoor, ...

New advanced hacking group targets governments, engineers worldwide

1 day ago

The APT was one of many groups that took part in the Microsoft Exchange Server hacks.

ANZ reports a 73% year-on-year increase in scams for the first eight months of 2021

1 day ago

ANZ is now pushing for more support to address the rising scam numbers.

Exchange auto-config protocol leaks Windows logins en masse

1 day ago

Firewall off Autodiscover domains to mitigate.

LG acquires Israeli automotive cybersecurity startup Cybellum

1 day ago

The South Korean company has acquired startup Cybellum, which offers risk assessment software that scans vehicles for security vulnerabilities.

Zoom's $15bn merger with Five9 probed by Uncle Sam for national security risks

1 day ago

Vid-chat giant's ties to China under the microscope by AG-led panel Zoom’s ties to China are at the center of a US government investigation into the video-conferencing giant's $15bn plan to take over Five9, a California call-center-in-the-cloud.

CISA releases advisory on Conti ransomware, notes increase in attacks after more than 400 incidents

1 day ago

CISA did a deep dive on the Conti ransomware, providing information for those protecting organizations.

Druva's 'curated recovery' aimed at faster ransomware incident resolution

1 day ago

New addition to security platform recovers individual files in their most recent 'clean' state.

Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters

1 day ago

file:// is blocked? Oh OK, we'll just use File:// or fiLE://... Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem.…

Crystal Valley Farm Coop Hit with Ransomware

1 day ago

It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.

Brazilian government launches data protection campaign

1 day ago

The aim is to convey information on the topic to citizens and businesses in a simple manner

Lithuania tells its citizens to throw Xiaomi mobile devices in the bin

1 day ago

Baltic state's cyber security centre uncovers remote censorship blocklist function in Mi 10T handset Lithuania's National Cyber Security Centre has told its citizens to get rid of Xiaomi-made mobile devices amid fears that the Chinese company could remote ...

Internet users stressed out by cyberattack news: Kaspersky

1 day ago

2,500 people in the US and Canada were asked about their thoughts on internet usage during COVID-19 and cybersecurity.

Netgear SOHO Security Bug Allows RCE, Corporate Attacks

1 day ago

The issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security.

UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data

1 day ago

The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution

1 day ago

All a user needs to do is click on an email attachment, and boom -- the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.

How REvil May Have Ripped Off Its Own Affiliates

1 day ago

A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments.

Crystal Valley Cooperative becomes latest agriculture business hit with ransomware

1 day ago

The company released a statement on Tuesday evening but its websites are now down.

VMware Warns of Ransomware-Friendly Bug in vCenter Server

1 day ago

VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.

Best VPN for Windows PC 2021

1 day ago

Are you looking for a VPN service provider with good Windows performance? In this article, we spotlight four providers who offer excellent support for Windows and laptop users.

TikTok, GitHub, Facebook Join Open-Source Bug Bounty

1 day ago

The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.

Mozilla's latest privacy ranking slaps 'Privacy Not Included' tag on Facebook Messenger, WeChat and Houseparty

1 day ago

Slack also faced criticism from Mozilla researchers for not allowing users to block contacts.

FBI Had the REvil Decryption Key

1 day ago

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based crim ...

Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts

1 day ago

The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime.

More than 1 in 3 people have tried to guess someone else's password: 3 in 4 succeed

1 day ago

According to a new study, one in 10 people believe someone could guess their password by looking through their social media.

This cryptocurrency miner is exploiting the new Confluence remote code execution bug

1 day ago

It didn't take long for CVE-2021-26084 to be added to exploit kits.

Microsoft Autodiscover abused to collect web requests, credentials

1 day ago

Researchers were able to exploit a protocol design feature on a vast scale.

DDoS attacks are becoming more prolific and more powerful, warn cybersecurity researchers

2 days ago

A report warns about a rise in DDoS attacks as cyber criminals get more creative with ways to make campaigns more disruptive.

This phishing-as-a-service operation is responsible for many attacks against businesses, says Microsoft

2 days ago

A phishing operation hides in plain sight and turns credential theft into a consumer product.

RCE is back: VMware details file upload vulnerability in vCenter Server

2 days ago

Once again, if a malicious actor can hit port 443 on vCenter Server, it's goodnight nurse.

Democracy advocate finds internet freedom has declined globally for 11th consecutive year

2 days ago

A non-government organisation says internet freedom globally has deteriorated as more countries have pursued new rules for tech companies on content, data, or competition over the past year.

Chrome willing to take performance hit to prevent use-after-free bugs

2 days ago

Various attempts will be made in the browser to make memory handling safer.

Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware

2 days ago

File upload vuln lets miscreants hijack vCenter Server VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround.…

US Feds sat on REvil decryption key for three weeks: report

2 days ago

Wanted to use it to disrupt ransomware raiders.

Zoom's $14.7 billion deal for Five9 under US national security review

2 days ago

A government review into the Zoom-Five9 deal will result in the deal's application for approval being halted for the time being.

Database containing personal info on 106m people who traveled to Thailand found open to the internet – report

2 days ago

Misconfigured Elasticsearch server blamed A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week.…

After ransomware attack, company finds 650+ breached credentials from NEW Cooperative CEO, employees

2 days ago

According to FYEO, "chicken1" was used over 10 times by employees at the company.

US Treasury Dept. sanctions Russian cryptocurrency exchange for work with ransomware groups

2 days ago

Russia-based cryptocurrency exchange Suex was sanctioned for its role in facilitating massive ransomware transactions.

Suex to be you: Feds sanction cryptocurrency exchange for handling payments from 8+ ransomware variants

2 days ago

Russia-based biz targeted in Uncle Sam's crack down on cyber-extortion The US Treasury on Tuesday sanctioned virtual cryptocurrency exchange Suex OTC for handling financial transactions for ransomware operators, an intervention that's part of a broad US g ...

Epik Confirms Hack, Gigabytes of Data on Offer

2 days ago

"Time to find out who in your family secretly ran ... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.

Google unveils results of DevOps report, finding increase in public cloud use

2 days ago

More than half of all respondents said they used a public cloud, a 5% bump compared to 2019, and 21% additionally said they deploy multiple public clouds.

Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

2 days ago

Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

2 days ago

“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.

Users increasingly willing to abandon digital platforms that demand personal info, stringent passwords and time-consuming forms: study

2 days ago

Nearly 80% of respondents to a Ping Identity survey said they have abandoned or stopped creating an online account for a variety of reasons.

Nutanix announces new features for Cloud Platform

2 days ago

Nutanix is launching AOS version 6, Nutanix Era and other new tools to help customers manage data and build out software-defined data centers.

BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom

2 days ago

Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.

46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?

2 days ago

Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old.

Multi-party breaches cause 26-times the financial damage of the worst single-party breach: Report

2 days ago

The researchers found that when a ripple event triggers a loss of income, it can lead to losses of $36 million per event.

HackerOne expands Internet Bug Bounty project to tackle open source bugs

2 days ago

Open source code is used by most companies. It's time to improve its security.

Average consumer spending $273 per month on subscription services: report

2 days ago

People are spending 15% more than they did in 2018, equalling an extra $430 spent each year.

Four months on from sophisticated cyberattack, Alaska's health department is still recovering

2 days ago

Alaska is still dealing with the fallout of a hack - and its health department warns members of the public their personal data might have been stolen, too.

Turla hacking group launches new backdoor in attacks against US, Afghanistan

2 days ago

The Russian cyberattackers are using the new module to become more stealthy.

UK Ministry of Defence apologises after Afghan interpreters' personal data exposed in email blunder

3 days ago

We joke about lethal consequences of failure but this isn't funny The UK's Ministry of Defence has launched an internal investigation after committing the classic CC-instead-of-BCC email error – but with the names and contact details of Afghan interpret ...

Alaska’s Department of Health and Social Services Hack

3 days ago

Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination.

Siemens launches AI solution to fight industrial cybercrime

3 days ago

Eos.ii will monitor for threats against industrial IoT endpoints and platforms.

Euro police break up large online fraud gang

3 days ago

Over 100 arrests made.

iOS 15 lets you spy on apps that might be spying on you

3 days ago

This should be a powerful and eye-opening feature.

Mafia works remotely, too, it seems: 100+ people suspected of phishing, SIM swapping, email fraud cuffed

3 days ago

Dare we say, these Euro cops ran mobprobe Police arrested 106 people suspected of carrying out online fraud for an organized crime gang linked to the Italian Mafia, Europol said on Monday.…

You’ve trained at the cutting edge, here’s how to keep your DFIR skills razor sharp

3 days ago

Sometimes the most important tool is a bookmark Sponsored  There’s nothing like five or six days of in-depth training with SANS Institute to develop cutting-edge Digital Forensics and Incident Response security skills.…

Trend Micro launches first data centre region in Australia

3 days ago

The Sydney-based Trend Micro data centre region is expected to be one of many globally planned for launch by the security giant.

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

3 days ago

Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.

Apache OpenOffice can be hijacked by malicious documents, fix still in beta

3 days ago

If you need another reason to try an alternative software suite Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta softwar ...

Europol Breaks Open Extensive Mafia Cybercrime Ring

3 days ago

Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits.

Iowa farm services provider hit with BlackMatter ransomware and $5.9 million ransom

3 days ago

Security researchers leaked conversations between New Cooperative negotiators and BlackMatter operators.

Payment API Bungling Exposes Millions of Users’ Payment Data

3 days ago

Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.

Ransomware recovery: Start getting back up before you’re even hit

3 days ago

Here’s how to put your plan together Sponsored  What’s the first step to recovering from a ransomware attack? Making sure you have a recovery plan in place well before you get attacked.…

Cloud security company Threat Stack acquired by F5 for $68 million

3 days ago

The deal is expected to be finalized in F5's first-quarter fiscal year 2022, ending December 31, 2021.

Phishing attacks: Police make 106 arrests as they break up online fraud group

3 days ago

Organised crime operation used phishing and business email compromise attacks.

Trust, but verify: An in-depth analysis of ExpressVPN's terrible, horrible, no good, very bad week

3 days ago

In light of ExpressVPN's double-whammy of troubling news, we take a deep dive into the facts, and whether you can feel safe or suspicious about using one of the world's most popular VPNs.

Bring Your APIs Out of the Shadows to Protect Your Business

3 days ago

APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before at ...

Google: This major app change is coming to billions of Android devices soon

3 days ago

Google is rolling out a privacy-enhancing answer to all those forgotten and unused Android apps once granted access to your sensitive data.

Facebook rebukes WSJ over investigation on the platform's ability to harm, 'toxic' impact

4 days ago

Facebook says the series contains "deliberate mischaracterizations.&quo
t;

Victoria embarks on govt cyber security uplift

4 days ago

Sets out five-year cyber security plan.

Victoria launches five-year, AU$50 million cyber strategy

4 days ago

The new strategy is based on three core missions of improving the delivery of government services, creating a cyber safe place, and creating a 'vibrant' cyber economy.

Tick, tick, tick … TikTok China just limited kids to 40 minutes' use each day

4 days ago

And added a bug bounty program to detect any holes in its 'youth mode' Douyin, the Chinese app known as TikTok outside the Middle Kingdom, has imposed limits on usage time for kids.…

Bendigo and Adelaide Bank revamps cyber security awareness training

4 days ago

Also increases technology investment under 'holistic approach'.

US to target ransomware payments in cryptocurrency with sanctions

4 days ago

To make it more difficult for hackers to profit from attacks.

Get two extra displays for your laptop plus a lifetime of powerful VPN protection

5 days ago

Now you can take your ninja multitasking skills on the road, plus browse and work online worry-free forever.

TTEC hit with ransomware attack, hampering work for major clients

6 days ago

KrebsonSecurity reported that teams servicing Bank of America, Verizon and others were unable to work.

Yes, of course, there's now malware for Windows Subsystem for Linux

6 days ago

Once dismissed proof-of-concept attack on Microsoft OS through WSL detected in the wild Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem ...

Friday Squid Blogging: Ram’s Horn Squid Shells

6 days ago

You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Best VPN for iPhone and iPad 2021

6 days ago

Are you looking for a VPN service provider that integrates well into iOS? We spotlight four providers who offer top-notch iPhone and iPad clients.

$133 million lost in online romance scams in 2021: FBI

6 days ago

The FBI said there were more than 1,800 complaints about online romance scams from January to August.

Porn Problem: Adult Ads Persist on US Gov’t, Military Sites

6 days ago

Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.

Something phishy: Tech recruiters jabbed by fake COVID-19 Passport scam

6 days ago

Tells clients it is tackling the issue An IT recruitment agency says a "phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport."…

Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

6 days ago

Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.

Is it OK to use stolen data? What if it's scientific research in the public interest?

6 days ago

Not always, but Swiss team says you can manage the risks There's a fine line between getting hold of data that may be in the public interest and downright stealing data just because you can. And simply because the data is out there – having been stolen ...

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

6 days ago

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan.

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

6 days ago

Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.

Zero-Click iMessage Exploit

1 week ago

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.

This banking Trojan abuses YouTube to manage remote settings

1 week ago

The spam-spread malware is another headache for Latin America in the cybersecurity realm.

Cyberattacks against the aviation industry linked to Nigerian threat actor

1 week ago

The investigation began after a Microsoft tweet concerning AsyncRAT.

China formally applies to join CPTPP trade pact

1 week ago

The Middle Kingdom would need existing CPTPP members like Australia to reach a consensus for allowing it the join.

WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job

1 week ago

Clouds usually fix this sort of thing before bugs go public. This time it's best to assume you need to do this yourself Microsoft Azure users running Linux VMs in the company's Azure cloud need to take action to protect themselves against the four "OMIGOD ...

How surveillance capitalism will totally transform the domain name system

1 week ago

APNIC's Geoff Huston predicts a world where paranoid apps add 'oblivion' to the DNS to protect privacy. Their privacy, not yours.

NSW to trial geolocation and facial recognition app for home-based quarantine

1 week ago

Along with the NSW trial, Tasmania will also begin a home-based quarantine trial for residents returning from regional New South Wales next week.

CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

1 week ago

The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.

IAG is restructuring its security operations

1 week ago

'Fuses' functions together to form a new division.

Aviation-themed phishing campaign pushed off-the-shelf RATs into inboxes for 5 years

1 week ago

Not all promises of international flight itineraries are real, warns Cisco Talos A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos.…