Tuesday, March 2, 2021
Internet Storm Center Infocon Status

LATEST

Quarter of Healthcare Apps Contain High Severity Bugs

Quarter of Healthcare Apps Contain High Severity Bugs A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode. The security vendor broke out sector-specific...

Kaspersky to Co-Chair Working Group of the Paris Call

Kaspersky to Co-Chair Working Group of the Paris Call Kaspersky has announced it is partnering with Cigref to co-chair the Working Group 6 (WGF) as part of the Paris Call for Trust and Security in Cyberspace initiative. The group...
IBM Security

‘Clear and Present Danger’: Why Cybersecurity Risk Management Needs to Keep Evolving

The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always...

Search crimes – how the Gootkit gang poisons Google searches

When a search result looks too good to be true - it IS too good to be true!
ZDNet

ObliqueRAT Trojan now lurks in images on compromised websites

The malware has been upgraded in new campaigns across Asia.
SecurityWeek

Dairy Giant Lactalis Targeted by Hackers

France-based dairy giant Lactalis revealed last week that it was targeted by hackers, but claimed that it had found no evidence of a data breach. The company said a malicious third party attempted to breach its computer network, but it...
Graham Cluley

Crypto firm Tether says it won’t pay $24 million ransom after being threatened with document leak

Controversial cryptocurrency developer Tether says it will not give in to extortionists who are demanding a 500 Bitcoin ransom payment (currently worth approximately US $24 million).
Bruce Schneier

Mysterious Macintosh Malware

This is weird: Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload...
ZDNet

Oxfam Australia supporters embroiled in new data breach

Personal data, including partial payment information, is thought to be included.
IBM Security

Cybersecurity Gaps and Opportunities in the Logistics Industry

Shipping and logistics is, in many ways, the backbone of our lives and businesses. What business doesn’t benefit from fresh food or a timely delivery? Unfortunately, this industry is open to cyberattacks just like anyone else. Luckily, groups in...

Universal Health Services Estimates $67 Million in Ransomware Losses

Universal Health Services Estimates $67 Million in Ransomware LossesA ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed. The Fortune 500 healthcare organization has tens...
isBuzz

Three Reasons The Security Industry Is Protecting The Wrong Thing

Why is it that the security industry talks about network security, but data breaches? It’s clear that something needs to change, and according to Paul German, CEO, Certes Networks, the… The ISBuzz Post: This Post Three Reasons The Security Industry...

Gab Hack Reveals Passwords And Private Posts

The founder of far-right social media platform Gab has confirmed that hackers have breached the site, exposing the account of former US president Donald Trump.
ZDNet

Google addresses customer data protection, security in Workspace

Google has also introduced new Workspace features as we continue to work from home.

CISO job search: What to look (and look out) for

The first thing a CISO should remember when considering a new position is that C-level security professionals are a valuable commodity. That means take your time and be picky so you don’t land the wrong job. Or, as the...

Dependency confusion explained: Another risk when using open-source repositories

What is dependency confusionTo read this article in full, please click here(Insider Story)

DoJ Steps Up Investigation into NSO Group – Report

DoJ Steps Up Investigation into NSO Group – Report The US government appears to be stepping up its investigation into a controversial spyware developer currently locked in a legal battle with WhatsApp. Lawyers with the Department of Justice (DoJ) recently requested...
The Hacker News

New 'unc0ver' Tool Can Jailbreak All iPhone Models Running iOS 11.0 – 14.3

A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in...
The Register

Gootkit malware crew using SEO to get pwned websites in front of unwitting marks

And they're getting into the ransomware game too, warns Sophos Gootkit financial malware has been resurrected to fling ransomware payloads at unwitting marks, according to Sophos.…

Gootloader: Watch Out For This Devious Malware On Google

Security firm Sophos has identified a new piece of malware - dubbed Gootloader - that uses niche Google searches to infect people’s computers.
ZDNet

Twitter’s new strike system will target prolific COVID-19 fake information spreaders

Twitter says repeat offenders will be booted from the platform.
The Register

Perl.com theft blamed on social engineering attack: Registrar ‘convinced’ to alter DNS records by miscreants

Network Solutions hasn't confirmed what happened, though The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid...
Darknet Diaries

86: The LinkedIn Incident

In 2012, LinkedIn was the target of a data breach. A hacker got in and stole millions of user details. Username and password hashes were then sold to people willing to...

2021-008-Jasmine jackson – TheFluffy007, Bio and background, Android App analysis – part 1

@thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade...
Have I Been Pwned

Oxfam – 1,834,006 breached accounts

In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names,...
643FollowersFollow

LEADERS

Graham Cluley

Crypto firm Tether says it won’t pay $24 million ransom after being threatened with document leak

Controversial cryptocurrency developer Tether says it will not give in to extortionists who are demanding a 500 Bitcoin ransom payment (currently worth approximately US $24 million).
Bruce Schneier

Mysterious Macintosh Malware

This is weird: Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload...
Brian Krebs

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations....
Graham Cluley

“Mentally ill demon hackers” blamed for massive Gab data leak

Gab, the Twitter-like social networking service known for its far-right userbase, has reportedly been hacked - putting more than 40 million public and private posts, messages, as well as user profiles and hashed passwords, at risk of exposure. Read more...
Bruce Schneier

National Security Risks of Late-Stage Capitalism

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000...