Sunday, September 19, 2021
Internet Storm Center Infocon Status

LATEST

The CyberWire Podcast

Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]

Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came...
Security Affairs

The Biden administration plans to target exchanges supporting ransomware operations with sanctions

US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware...
Security Affairs

Expert discloses details and PoC code for Netgear Seventh Inferno bug

A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart...

A new app helps Iranians hide messages in plain sight

Enlarge / An anti-government graffiti that reads in Farsi "Death to the dictator" is sprayed at a wall north of Tehran on September 30, 2009. (credit: Getty Images) Amid ever-increasing government Internet control, surveillance, and censorship in...

Forget iPhone 13–Apple Suddenly Has A Critical New iPhone 14 Problem

How does Apple resolve the nightmare now awaiting its next iPhone...

Why You Should Stop Using Apple iMessage After Shock Update

Millions of Apple users need to quit iMessage or change this critical iPhone setting today...

Delete Your Windows 10 Password Now: Microsoft Suddenly Issues Security Update For Millions

Microsoft has just advised millions of Windows 10 users to delete their passwords.
The CyberWire Podcast

An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]

Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability...

Weekly Update 261

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineNever a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong...
Security Affairs

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver,...
The Register

Yes, of course there’s now malware for Windows Subsystem for Linux

Once dismissed proof-of-concept attack on Microsoft OS through WSL detected in the wild Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem...
Bruce Schneier

Friday Squid Blogging: Ram’s Horn Squid Shells

You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

SpaceX Starlink will come out of beta next month, Elon Musk says

Enlarge / Screenshot from the Starlink order page, with the street address blotted out. (credit: SpaceX Starlink) SpaceX's Starlink satellite-broadband service will emerge from beta in October, CEO Elon Musk said last night. Musk provided the answer of...
The CyberWire Podcast

Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin….or something.

Patch your Zoho software now--vulnerable instances are being actively exploited. Maximum engagement isn’t necessarily good engagement: the hidden hand of the trolls replaces the invisible hand of the marketplace of ideas....
Computerworld

Legacy apps are at risk with the September Patch Tuesday update

This week's Patch Tuesday was an unusual update from Microsoft and we have added Windows, the Microsoft development platform, and Adobe Reader to our "Patch Now" schedule. These updates are driven by the zero-day patch (CVE-2021-40444) to the core...
IBM Security

How to Protect Against Deepfake Attacks and Extortion

Cybersecurity professionals are already losing sleep over data breaches and how to best protect their employers from attacks. Now they have another nightmare to stress over — how to spot a deepfake.  Deepfakes are different because attackers can easily use...
Security Weekly

Playing Hanky Panky – PSW #710

This week, we kick off the show with an interview featuring Sinan Eren, VP of Zero Trust Access at Barracuda Networks, to discuss The State of Network Security in 2021! Then, we welcome Justin Collins from the People Empowerer...
TechRepublic

Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.
Infosecurity Magazine

More Tribes Given Enhanced Access to US Crime Data

More Tribes Given Enhanced Access to US Crime DataMore Native American tribes are going to be given enhanced access to critical databases containing national crime information for the United States. In an announcement made September 16, the Department of Justice said that...
Security Weekly

Infosec Training Advice & Soft Skills From Offensive Security – Wrap Up – SWN #150

Offensive Security expert Jeremy Miller walks us through his own career progression and training, revealing what it takes to be successful in infosec, especially the soft skills required. He comments on a recent article from TechRepublic entitled, "Don't forget...
Infosecurity Magazine

Prison for AT&T Phone-Unlocking Fraudster

Prison for AT&T Phone-Unlocking Fraudster A cyber-criminal who defrauded American telecommunications giant AT&T out of more than $200m through a phone-unlocking bribery scheme has been sentenced to prison. Muhammad Fahd, a 35-year-old citizen of Pakistan and Grenada, led a seven-year conspiracy in...
We Live Security

Week in security with Tony Anscombe

Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
The Register

Something phishy: Tech recruiters jabbed by fake COVID-19 Passport scam

Tells clients it is tackling the issue An IT recruitment agency says a "phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport."…
SecurityWeek

Credit Union's Legal Battle With Tech Giant Fiserv Rumbles On

Local credit union, Bessemer System Federal Credit Union (BSFCU), sued Fortune 500 tech giant Fiserv over ‘amateurish security lapses’ in 2019. Fiserv counterclaimed with a motion to dismiss, and Bessemer motioned to dismiss the counterclaim. read more
Infosecurity Magazine

Free REvil Decryptor Launched

Free REvil Decryptor LaunchedAntivirus vendor Bitdefender has launched a free universal decryption tool to help victims of REvil ransomware, also known as Sodinokibi. The new tool, which was made available on Thursday, can restore many files impacted by the crypto-locking malware before July 13, 2021....
845FollowersFollow

LEADERS

Weekly Update 261

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineNever a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong...
Bruce Schneier

Friday Squid Blogging: Ram’s Horn Squid Shells

You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
Graham Cluley

Free decryptor for past REvil ransomware victims released

The experts at security firm Bitdefender, in collaboration with "a trusted law enforcement partner", have made available a universal decryptor for victims of the REvil ransomware (also sometimes known as Sodinokibi).
Bruce Schneier

Zero-Click iMessage Exploit

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.
Graham Cluley

Fake Walmart press release causes cryptocurrency price surge

The cryptocurrency Litecoin soared in value earlier this week upon the news that supermarket giant Walmart would accept it as a form of payment at its retail stores across America. The only problem was... it simply wasn't true. Read more in...