$5.9 million ransomware attack on farming co-op may cause food shortage
Attack on US farming provider NEW Cooperative may disrupt the food supply chain.
Nation-state espionage group breaches Alaska Department of Health
Fallout continues from an advanced persistent threat first detected in May 2021.
Epik data breach impacts 15 million users, including non-customers
Scraped WHOIS data of NON-Epik customers also exposed in the 180 GB leak.
A new app helps Iranians hide messages in plain sight
Nahoft uses encryption to turn chats into a random jumble of words.
SpaceX’s Starlink will come out of beta next month, Elon Musk says
With 600,000 orders, SpaceX boosting dish production to (hopefully) meet demand.
Cryptocurrency launchpad hit by $3 million supply chain attack
SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
Telegram emerges as new dark web for cyber criminals
Growing network of hackers sharing data leaks on encrypted messaging app.
Section 889: the US Regulation that extends far beyond the US
One of the largest security threats that countries face is the breach of sensitive government systems and data. With the world constantly developing and undergoing digital transformation, the devices we all rely on for both our personal and work lives ar
Office 2021 will be available for non-Microsoft 365 subscribers on October 5
New release won't get new features like the subscription versions of Office.
Security Serious: Organizers aim to set new Guinness World Records® title for Viewership of an Online Security Lesson
Cybersecurity companies KnowBe4 and OneLogin have partnered with Security Serious in a bid to set a brand new Guinness World Records title for the Most views of a cyber security lesson video on YouTube in 24 hours. The record will be attempted on the 14t
Desiree Lee appointed as new CTO for Data at Armis
Armis, the unified asset visibility and security platform provider, has announced Desiree Lee as its new Chief Technology Officer (CTO) for Data, reporting directly to Nadir Izrael, co-founder and Global CTO at Armis. Lee’s appointment, the company says,
Anonymous leaks gigabytes of data from alt-right web host Epik
Clients include 8chan, Parler, and Gab, among others.
Major Azure vulnerability discovered by security researchers at Wiz
Cloud security vendor Wiz, who also found a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service recently, has found another security vulnerability in Azure that impacts Linux virtual machines. Users could end up with a litt
Microsoft accounts can go passwordless, making “password123” a thing of the past
Passwordless accounts rely on MS Authenticator or a security key for login.
Cybersecurity Investment: Supporting SME decision making
Small businesses (SMEs) form the backbone of the digital economy so it’s crucial that they can make the right kinds of security investments to protect themselves from cyber attacks. However, the various frameworks to guide security investments are
Travis CI flaw exposed secrets of thousands of open source projects
Developers furious at Travis CI's "insanely embarrassing 'security bulletin.'"
Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware
Zero-click flaw has been exploited by NSO since at least February 2021.
Security researchers at Wiz discover another major Azure vulnerability
A little-known management service handed unauthenticated attackers root access.
Lookout Delivers First Zero Trust Solution For Any App That Dynamically Adapts Based On Data Sensitivity And Continuous Risk Assessment Of Endpoints And Users
Lookout, Inc., an integrated endpoint-to-cloud security company, today announced the industry’s first Zero Trust access solution that dynamically adapts to changes in the risk levels of mobile endpoints and users as well as the sensitivity level of data.
Red Canary Releases New Security Operations Platform
Red Canary, a security ally for businesses, has recently announced a number of significant updates to its SaaS (Software-as-a-Service)-based Security Operations Platform. Companies of all sizes around the world already use the Red Canary solution to dete
Infosec researchers say Apple’s bug-bounty program needs work
Apple allegedly pays less for bugs than its competitors do—and pays more slowly.
Cybereason and Smarttech247 announce Partnership to tackle advanced cyber threats
This week, Cybereason and Smarttech247 have announced a partnership to enable joint customers to detect and end cyber-attacks on endpoints anywhere on their networks. With businesses today facing a constant barrage of cyber threats, including destructive
The Pegasus project: key takeaways for the corporate world
Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance
Jenkins discloses attack on its Atlassian Confluence service
The open source automation server Jenkins has disclosed a successful attack on its Confluence service. Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – cap
Russian publication Yandex says it is experiencing a “record scale” DDoS attack
Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and and it reportedly continues this week, Bleeping Computer reports. Russian media called the assault the largest in the hist
WhatsApp “end-to-end encrypted” messages aren’t that private after all
Millions of WhatsApp messages are reviewed by both AI and human moderators.
Beating ransomware – 6 issues to solve before it strikes
Being struck by ransomware has been compared to having a heart attack. It’s something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes – and sometimes hours R
Swiss courts compelled it to log and disclose a user's IP and browser fingerprint.
KnowBe4 hosts KB4-CON EMEA to help strengthen organisations’ Human Firewalls
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, will be hosting KB4-CON EMEA (Europe, Middle East and Africa) on the 23rd of September 2021. The European virtual event is an extension of the highl
Microsoft Outlook shows real person’s contact info for IDN phishing emails
IDN homograph attacks were a problem to begin with. Outlook just made 'em worse.
Password Security – Now’s the time to get serious
Did you know that over 80% of breaches involve brute force or lost and stolen credentials, and that over 70% of employees reuse passwords at work? Passwords are on your first line of defence against cyber-attacks and won’t be going away any time soon, ge
Irish Gardai clamp down on cyber gang that attacked HSE
Gardaí have seized cyber infrastructure used by the cyber gang involved in the HSE cyber attack earlier this year. The operation is believed to have prevented more than 750 ransomware attacks, the Irish Times has reported. The Garda-led operation targete
US Cyber Command issues warning on Atlassian Confluence software
The US Cyber Command issued a warning that the Atlassian Corp. PLC’s Confluence software is being exploited on a large scale and that users should patch their installations immediately. The vulnerability, formally named CVE-2021-26084, was revealed by At
Why ransomware hackers love a holiday weekend
Looking forward to Labor Day? So are ruthless gangs of cybercriminals.
How to Smartly Scale AppSec Testing
The IT Security Guru has paired up with Synopsys, a recognised leader in application security, to bring you the webinar, ‘How to Smartly Scale AppSec Testing’. No matter what any blog or vendor says you know there is no silver bullet for appl
A brief overview of IBM’s new 7 nm Telum mainframe CPU
A typical Telum-powered mainframe offers 256 cores at a base clock of 5+GHz.
NPM package with 3 million weekly downloads had a severe vulnerability
Startup success: manoeuvring a competitive industry
They say hard work is one of the core tenets of success. But, while a strong work ethic can undoubtedly get the job done, the efficiency and experience to guide hard work can go a long way. After all, even if you’re willing to work as hard as possi
Windows 11 arrives on October 5, Android apps will come later
Phased rollout will see all compatible PCs updated by "mid-2022."
CISA Bad Practices list updated to include single-factor authentication (SFA)
The US’ CYbersecurity Infrastructure Security Agency (CISA) has added signle-factor authentication (SFA) to its list of bad practices, which outlines exceptionally risky cybersecurity practices. The agency has specified that this low-security metho
Microsoft warns of phishing campaign abusing ‘open redirects’
Office 365 customers have been warned by Microsoft of an ongoing phishing campaign that abuses open redirects, an email sales and marketing tool that redirects a visitor to an untrusted site. An http parameter may contain a URL value and could cause the
Coinbase erroneously reported 2FA changes to 125,000 customers
The unexpected 2FA notifications led some customers to panic sell everything.
Not enough backup power: AT&T and T-Mobile suffer big outages in Louisiana
AT&T and T-Mobile struggle while Verizon says its "network remains resilient."
A bad solar storm could cause an “Internet apocalypse”
Undersea cables would be hit especially hard by a coronal mass ejection.
“Worst cloud vulnerability you can imagine” discovered in Microsoft Azure
30% of Cosmos DB customers were notified—more are likely impacted.
Cybersecurity Is the ‘Core National Security Challenge’ according to Biden at this week’s CEO Summit
On Wednesday, President Joe Biden hosted executives from major technology, financial and energy companies for a summit on national cybersecurity, saying that the issue was “the core national security challenge we are facing.” At the start of the meeting,
Need to get root on a Windows box? Plug in a Razer gaming mouse
Razer's automatically downloaded installer exposes a SYSTEM shell to any user.
Nude hunt: LA phisherman accessed 4,700 iCloud accounts, 620K photos
The attacker seems to have relied on social engineering to hoodwink his victims.
President Biden to host infosec roundtable with tech giant CEOs
2021 is a great year for the red teams of the world—blue teams, not so much.
38 million personal identifiable information exposed in Microsoft Power Apps data leak
Researchers at cybersecurity vendor Upguard have discovered multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data exposed varied between portals, includi
38 million records exposed online—including contact-tracing info
Misconfigured Power Apps from Microsoft led to exposure.
Looking for a new job in tech? It may be your lucky day
Employers are turning on the charm to attract engineers and developers to their firms.
Now that machines can learn, can they unlearn?
Researchers see if they can remove sensitive data without retraining AI from scratch.
The four As of identity-based security
In the famous words of David Byrne, there is no time for “dancing, or lovey dovey” when it comes to security. In a world where technology is constantly evolving, it is important to always stay on top of protecting confidential and sensitive information.
DemonWare ransomware gang attempts to recruit disgruntled employees in insider threat scheme
According to a report by Abnormal Security, on August 12, 2021, their team identified and blocked a number of emails sent to customers soliciting them to become accomplices in an insider threat scheme. The goal was for them to infect their companies’ net
T-Mobile data breach impacts over 40 million users – Security Experts Have Their Say
T-Mobile, one of the world’s largest telecommunications providers and mobile networks, admitted this week that over 40 million customers had been impacted by a data breach. With a reported 104 million T-Mobile customers, this latest breach has hit
Visibility into vulnerabilities: 3 steps to improve software vulnerability management
Vulnerabilities in enterprise IT are everywhere. While it’s clear that they need to be addressed, how to do so isn’t as clear. The sheer number of vulnerable software versions in an enterprise environment can be overwhelming, making it challenging to add
Armis continues to expand in healthcare markets with appointment of new CTO for healthcare
Armis, the unified asset visibility and security platform provider, today announced Oscar Miranda as its new Chief Technology Officer (CTO) for Healthcare. His appointment, the company says, further reinforces Armis’ strategic commitment to securin
Hackers who breached T-Mobile stole personal data for ~49 million accounts
PII includes first and last names, dates of birth, SSNs, and driver’s license numbers.
iPhone keyboard for blind to shut down as maker cites Apple “abuse” of developers
Apple falsely claimed that FlickType broke "full access" rule, developer says.
WhatsApp shuts down Taliban helpline in Kabul
It's meant to act as an emergency hotline for civilians to report violence and looting.
T-Mobile has been hacked yet again—but still doesn’t know what was taken
Data reportedly includes SSNs, driver license numbers, and more for 100 million people.
Hospitals hamstrung by ransomware are turning away patients
The ransomware epidemic continues to grow.
Ransomware is a societal problem requiring societal solutions
Ransomware is a crime that is predominantly financially motivated, yet the effects of attacks are far broader and more profound than just the financial impact. Pervasive attacks against healthcare, local government, schools and other forms of critical in
What does the Colonial Pipeline attack tell us about security today?
In May the US Colonial Pipeline shut its operational network after a ransomware cyber-attack. It’s said to be one of the costliest attacks for an economy. A painful accolade if ever there was one. New details are emerging about the specifics of the pipel
Why you should never pay for ransomware
In the last 13 months the UK lost a reported £10.4 million to cybercrime, as per official police statistics. One of the most damaging forms of cybercrime comes in the form of Ransomware. Not only that, but 81% of cyber security experts believe we are li
Samsung has its own AI-designed chip. Soon, others will too
Semiconductor software-design maker Synopsys is adding AI to its arsenal.
A simple software fix could limit location data sharing
With Pretty Good Phone Privacy, carriers wouldn't always know where you are.
Excerpt: How Google bought Android—according to folks in the room
Enjoy a sneak peek from Androids: The team that built the Android operating system.
Leaked voting machine BIOS passwords may implicate Q-friendly county clerk
Leaked BIOS passwords led investigators to Tina Peters' office in Mesa County, Colo.
Hackers siphon $600 million in digital tokens, crypto network says
Poly Network breach would be among biggest heists to target cryptocurrency industry.
AT&T delays 500,000 fiber-to-the-home builds due to severe fiber shortage
AT&T planned to wire up 3 million homes this year, will hit 2.5 million instead.
Comparitech research shows cybercrime victims lose $17.4 billion annually in the UK
Researchers at Comparitech, the security and privacy advice and comparison website, have conducted an assessment of reported figures released by the police and/or government, to reveal that victims worldwide lose an estimated $318bn each year to cybercri
New “Glowworm attack” recovers audio from devices’ power LEDs
A new class of passive TEMPEST attack converts LED output into intelligible audio.
FragAttacks Foil 2 Decades of Wireless Security
Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks.
DNS vulnerability allows for ‘nation-state level spying’
A new class of DNS vulnerabilities has been discovered, which impacts major DNS-as-a-Service (DNSaaS) providers. It could give hackers the ability to access sensitive information on corporate networks and the power for ‘nation-state level spying
Researchers Call for 'CVE' Approach for Cloud Vulnerabilities
New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.
CISA partners with Amazon, Google, Microsoft and others to fight Ransomware
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new initiative, in which it will partner with several tech companies to bolster the U.S.’s defences against cyber threats. Named the Joint Cyber Defense Collaborative, the e
Paragon is working to get its ntfs3 filesystem into the Linux kernel
Torvalds seems bullish on getting Paragon's project across the line eventually.
Apple explains how iPhones will scan photos for child-sexual-abuse images
Apple offers technical details, claims 1-in-1 trillion chance of false positives.
HTTP/2 Implementation Errors Exposing Websites to Serious Risks
Organizations that don't implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.
CISA Launches JCDC, the Joint Cyber Defense Collaborative
"We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA today.
Apple plans to scan US iPhones for child abuse imagery
Security researchers raise alarm over potential surveillance of personal devices.
Incident Responders Explore Microsoft 365 Attacks in the Wild
Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.
SpaceX previews ruggedized Starlink dish for vehicles, ships, and aircraft
Dish built for extreme heat and cold with "improved snow/ice melt capabilities."
Researchers Find Significant Vulnerabilities in macOS Privacy Protections
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
A New Approach to Securing Authentication Systems' Core Secrets
Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.
Organizations Still Struggle to Hire & Retain Infosec Employees: Report
Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.
Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown
New exploit available for download lets hackers crash Cobalt Strike team servers.
Vulnerabilities allow for takeover of capsule hotel rooms
Kya Supa, security consultant at LEXFO, inadvertently found a series of security bugs in IoT devices within connected hotel rooms. These vulnerabilities allowed him to take control of the amenities in multiple capsule hotel rooms (tiny rooms stacked side
Ransomware hits Isle of Wight schools
The Isle of Wight Education Federation disclosed that its IT systems were shut down last week as a result of a ransomware attack. The attackers encrypted the school data of Carisbrooke College, Island 6th Form, Medina College, Barton Prymary, Hunnyhill P
Why Supply Chain Attacks Are Destined to Escalate
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
Round Table: Confident Cyber Security
The Eskenzi Cyber Book and Film Club take a look at Jessica Barker’s book ‘Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career,’ an easy-to-read, jargon-busting guide on the world of cybersecurity. Javvad Malik – Se
CenturyLink selling copper network in 20 states instead of installing fiber
Private-equity firm Apollo will take on 1.3 million CenturyLink Internet users.
Feedzai acquires behavioural biometrics specialist Revelock to secure cashless commerce
Feedzai, the cloud-based financial risk management platform company, has announced the acquisition of an advanced behavioural biometric platform, Revelock, following a significant $200m investment round earlier this year. Feedzai’s acquisition of Reveloc
Critical flaws affecting embedded TCP/IP Stack used in OT devices
On Wednesday, cybersecurity researchers disclosed 14 vulnerabilities that affect a common TCP/IP stack, which is used in a large amount of OT devices. These devices are manufactured by less than 200 vendors and utilised in manufacturing plants, power gen
Lazio region hit by Ransomware
On Sunday morning, Italy’s Lazio region suffered a ransomware attack, disabling its IT systems and disrupting the COVID-19 vaccination registration portal. The attackers reportedly encrypted every file in the portal’s data centre and shut dow
The State Department and 3 other US agencies earn a D for cybersecurity
Two years after a damning cybersecurity report, auditors find little has improved.
Awful transaction and timing: AT&T finally ditches DirecTV
AT&T owns 70% of DirecTV spinoff but won't be managing it anymore.
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
source : arstechnica, darkreading, itsecurityguru