Thursday, May 19, 2022
Internet Storm Center Infocon Status

LATEST

The Hacker News

New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars

A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE),...
MSRC

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side...
SecurityWeek

Phishers Add Chatbot to the Phishing Lure

Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. We have all become accustomed to the chatbots used by many of the largest service providers –...
SecurityWeek

QuSecure Lauches Quantum-Resilient Encryption Platform

New firm launches to provide the Easy Button for implementing quantum secure encryption The pressure to implement quantum secure encryption is increasing. This isn’t because functioning quantum computers able to crack asymmetric encryption are expected tomorrow, but because of the...
The Register

Iran, China-linked gangs join Putin’s disinformation war online

They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives...
ZDNet

Cyberattacks and misinformation activity against Ukraine continues say security researchers

Malware and fake news continues, says Mandiant.
DHS

Mitsubishi Electric MELSEC iQ-F Series

This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.

6 Scary Tactics Used in Mobile App Attacks

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
SecurityWeek

LimaCharlie Banks $5.45 Million in Seed Funding

LimaCharlie, a California company supplying tools to run an MSSP or SOC on a pay-as-you-use model, has attracted $5.45 million in seed round financing. read more
SecureMac

Checklist 279 – Updates, Updates, and Ads

Checking an AirTag's battery life and firmware version, Apple's latest updates, two ads on privacy from DuckDuckGo and Apple. The post Checklist 279 – Updates, Updates, and Ads appeared first on SecureMac.
Infosecurity Magazine

Microsoft President: Cyber Space Has Become the New Domain of Warfare

Brad Smith argues that the Russia-Ukraine war marks significant shift in way warfare is conducted
TechRepublic

Threat actors compromising US business online checkout pages to steal credit card information

A threat actor has successfully compromised and modified a US business website's checkout page in order to collect all the credit card data from unsuspecting customers. Read more about how to protect from this threat. The post Threat actors compromising...
The Hacker News

7 Key Findings from the 2022 SaaS Security Survey Report

The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today's enterprises. The report gathers anonymous responses from 340 CSA members to examine not...

CISA issues emergency warning over two new VMware vulnerabilities

The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive over two new vulnerabilities in VMware products. According to the advisory, threat actors are likely to exploit CVE-2022-22972 and CVE-2022-22973 in several products including VMware Workspace ONE...

Phishing Attacks for Initial Access Surged 54% in Q1

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.
ZDNet

This Russian botnet does far more than DDoS attacks – and on a massive scale

Operators can track social media trends and tailor their propaganda to suit.
IBM Security

Malicious Reconnaissance: What It Is and How To Stop It

You spend your days getting ready to stop threat actors. But even as you wonder, attackers could already be ‘casing the joint’.  Before any well-organized attack, skillful or professional attackers quietly snoop around, looking for chances to gain access. It’s...

Two account compromise flaws fixed in Strapi headless CMS

Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.According to...

The Pressing Need To Grow The Cyber Workforce

The cybersecurity skills gap has been well documented in recent years, but despite increased awareness of the scale of the problem, the growing demand for cybersecurity skills has meant the size of the challenge has certainly not diminished.
SecurityWeek

Cloud Data Security Firm Dig Emerges From Stealth With $11 Million in Funding

Israel-based cloud data security company Dig Security on Thursday announced emerging from stealth mode with $11 million in seed funding. Dig’s seed funding round was led by Israeli startup foundry Team8, with participation from CrowdStrike’s Falcon Fund, CyberArk, Merlin Ventures,...

QuSecure launches end-to-end post-quantum cybersecurity solution

Post-quantum cryptography company QuSecure has announced its debut with the launch of a new post-quantum cybersecurity solution, QuSecure Nucleus. The firm claimed that Nucleus is the industry’s first end-to-end quantum software-based platform designed to protect encrypted communications and data...
Graham Cluley

Hackers are finding it too easy to achieve their initial access, warn agencies

It should be hard for malicious hackers to break into systems, but all too often it isn't. Read more in my article on the Tripwire State of Security blog.
964FollowersFollow

LEADERS

Graham Cluley

Hackers are finding it too easy to achieve their initial access, warn agencies

It should be hard for malicious hackers to break into systems, but all too often it isn't. Read more in my article on the Tripwire State of Security blog.
Bruce Schneier

Websites that Collect Your Data as You Type

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000...
Graham Cluley

Smashing Security podcast #275: Jail for Bing, and mental health apps may not be good for you

A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up to? All this and much more is discussed in...
Brian Krebs

Senators Urge FTC to Probe ID.me Over Selfie Data

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected...
Bruce Schneier

iPhone Malware that Operates Even When the Phone Is Turned Off

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally...