Trending Now
LATEST
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]
Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came...
The Biden administration plans to target exchanges supporting ransomware operations with sanctions
US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments.
The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware...
Expert discloses details and PoC code for Netgear Seventh Inferno bug
A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices.
Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart...
A new app helps Iranians hide messages in plain sight
Enlarge / An anti-government graffiti that reads in Farsi "Death to the dictator" is sprayed at a wall north of Tehran on September 30, 2009. (credit: Getty Images)
Amid ever-increasing government Internet control, surveillance, and censorship in...
Forget iPhone 13–Apple Suddenly Has A Critical New iPhone 14 Problem
How does Apple resolve the nightmare now awaiting its next iPhone...
Why You Should Stop Using Apple iMessage After Shock Update
Millions of Apple users need to quit iMessage or change this critical iPhone setting today...
Delete Your Windows 10 Password Now: Microsoft Suddenly Issues Security Update For Millions
Microsoft has just advised millions of Windows 10 users to delete their passwords.
An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]
Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability...
Weekly Update 261
Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineNever a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong...
CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data
Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.
Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver,...
Yes, of course there’s now malware for Windows Subsystem for Linux
Once dismissed proof-of-concept attack on Microsoft OS through WSL detected in the wild Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem...
Friday Squid Blogging: Ram’s Horn Squid Shells
You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere).
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines...
SpaceX Starlink will come out of beta next month, Elon Musk says
Enlarge / Screenshot from the Starlink order page, with the street address blotted out. (credit: SpaceX Starlink)
SpaceX's Starlink satellite-broadband service will emerge from beta in October, CEO Elon Musk said last night. Musk provided the answer of...
Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin….or something.
Patch your Zoho software now--vulnerable instances are being actively exploited. Maximum engagement isn’t necessarily good engagement: the hidden hand of the trolls replaces the invisible hand of the marketplace of ideas....
Legacy apps are at risk with the September Patch Tuesday update
This week's Patch Tuesday was an unusual update from Microsoft and we have added Windows, the Microsoft development platform, and Adobe Reader to our "Patch Now" schedule. These updates are driven by the zero-day patch (CVE-2021-40444) to the core...
How to Protect Against Deepfake Attacks and Extortion
Cybersecurity professionals are already losing sleep over data breaches and how to best protect their employers from attacks. Now they have another nightmare to stress over — how to spot a deepfake.
Deepfakes are different because attackers can easily use...
Playing Hanky Panky – PSW #710
This week, we kick off the show with an interview featuring Sinan Eren, VP of Zero Trust Access at Barracuda Networks, to discuss The State of Network Security in 2021! Then, we welcome Justin Collins from the People Empowerer...
Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.
More Tribes Given Enhanced Access to US Crime Data
More Tribes Given Enhanced Access to US Crime DataMore Native American tribes are going to be given enhanced access to critical databases containing national crime information for the United States.
In an announcement made September 16, the Department of Justice said that...
Infosec Training Advice & Soft Skills From Offensive Security – Wrap Up – SWN #150
Offensive Security expert Jeremy Miller walks us through his own career progression and training, revealing what it takes to be successful in infosec, especially the soft skills required. He comments on a recent article from TechRepublic entitled, "Don't forget...
Prison for AT&T Phone-Unlocking Fraudster
Prison for AT&T Phone-Unlocking Fraudster A cyber-criminal who defrauded American telecommunications giant AT&T out of more than $200m through a phone-unlocking bribery scheme has been sentenced to prison.
Muhammad Fahd, a 35-year-old citizen of Pakistan and Grenada, led a seven-year conspiracy in...
Week in security with Tony Anscombe
Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Something phishy: Tech recruiters jabbed by fake COVID-19 Passport scam
Tells clients it is tackling the issue An IT recruitment agency says a "phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport."…
Credit Union's Legal Battle With Tech Giant Fiserv Rumbles On
Local credit union, Bessemer System Federal Credit Union (BSFCU), sued Fortune 500 tech giant Fiserv over ‘amateurish security lapses’ in 2019. Fiserv counterclaimed with a motion to dismiss, and Bessemer motioned to dismiss the counterclaim.
read more
Free REvil Decryptor Launched
Free REvil Decryptor LaunchedAntivirus vendor Bitdefender has launched a free universal decryption tool to help victims of REvil ransomware, also known as Sodinokibi.
The new tool, which was made available on Thursday, can restore many files impacted by the crypto-locking malware before July 13, 2021....
LEADERS
Weekly Update 261
Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineNever a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong...
Friday Squid Blogging: Ram’s Horn Squid Shells
You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere).
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines...
Free decryptor for past REvil ransomware victims released
The experts at security firm Bitdefender, in collaboration with "a trusted law enforcement partner", have made available a universal decryptor for victims of the REvil ransomware (also sometimes known as Sodinokibi).
Zero-Click iMessage Exploit
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware.
Apple patched the vulnerability; everyone needs to update their OS immediately.
News articles on the exploit.
Fake Walmart press release causes cryptocurrency price surge
The cryptocurrency Litecoin soared in value earlier this week upon the news that supermarket giant Walmart would accept it as a form of payment at its retail stores across America.
The only problem was... it simply wasn't true.
Read more in...
