Wednesday, May 12, 2021

Ars Technica

Ransomware crooks post cops’ psych evaluations after talks with DC police stall

Enlarge (credit: carlballou / Getty Images) A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department (MPD) in April posted personnel records on Tuesday that revealed highly sensitive details for almost two dozen officers, including the results of psychological assessments and polygraph tests; driver's license images;...

Amazon “seized and destroyed” 2 million counterfeit products in 2020

Enlarge / Amazon trailers backed into bays at a distribution center in Miami, Florida, in August 2019. (credit: Getty Images | Lawrence Glass) Amazon "seized and destroyed" over 2 million counterfeit products that sellers sent to Amazon warehouses in 2020 and "blocked more than 10 billion suspected bad...

Security researcher successfully jailbreaks an Apple AirTag

After permanently bricking two AirTags, stacksmashing succeeded...

Computerworld

Enterprises need to get smart about iOS security

The XcodeGhost malware attack that allegedly affected 128 million iOS users is an excellent illustration of the kind of sophisticated attack all users should get ready to defend against as platforms become inherently more secure.Designer label malware XcodeGhost was an intelligent exploit that presented itself as a malware-infested copy of Xcode...

No matter the size of your business, you must take security seriously.

I recently wrote about using passwords correctly, and a reader replied: "I've been getting told this for years, but who's ever going to attack my 12-employee business?"This isn't the first time I've heard remarks like that. The answer is: "Who won't attack you!?"Hackers don’t care whether your annual revenue...

Patch Tuesday preview: Time for a 'measured' approach to updates

It’s time again: with Patch Tuesday in sight, I always recommend pausing or delaying updates, and this month is no different. But the second Tuesday of May also brings to an end support for Windows 10 1909. If you want to receive updates for Windows 10 after May 11,...

CSO

BrandPost: Automated, Orchestrated, and Integrated: The Open Platform Approach

As organizations increasingly shift to cloud, the IT infrastructure becomes riddled with complexity. SecOps, NetOps, and ITOps teams have their hands full using multiple tools to manage data and applications across the distributed environment.For SecOps in particular, tying these pieces together is a must-have. They require as close to...

BrandPost: Merging NetOps, ITOps, and SecOps for Enhanced Visibility

Visibility into network traffic, endpoints, cloud infrastructure, and more is crucial – especially considering the sophistication of cyber threats, the widely distributed workforce, and the escalation of cloud adoption.Yet, many organizations have developed silos over time. Networking, IT, and security teams have become laser-focused on their own objectives and...

SSO explained: How single sign-on improves security and the user experience

What is SSO? Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you on one designated platform, enabling you to then use a plethora of...

Dark Reading

A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm

Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?

Adobe Issues Patch for Acrobat Zero-Day

The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.

Application Attacks Spike as Criminals Target Remote Workers

Application-specific and Web application attacks made up 67% of all attacks in 2020 as criminal strategies shifted in the pandemic.

Microsoft Patch Tuesday: 4 Critical CVEs, 3 Publicly Known, 1 Wormable

Microsoft releases security patches for 55 vulnerabilities in its monthly roundup, which includes a critical, wormable flaw in the HTTP protocol stack.

Errata Security

Anatomy of how you get pwned

Today, somebody had a problem: they kept seeing a popup on their screen, and obvious scam trying to sell them McAfee anti-virus. Where was this coming from?In this blogpost, I follow this rabbit hole on down. What we see is an entire industry of tricks, scams, exploiting popups, and...

Ethics: University of Minnesota’s hostile patches

The University of Minnesota (UMN) got into trouble this week for doing a study where they have submitted deliberately vulnerable patches into open-source projects, in order to test whether hostile actors can do this to hack things. After a UMN researcher submitted a crappy patch to the Linux Kernel,...

A quick FAQ about NFTs

I thought I'd write up 4 technical questions about NFTs. They may not be the ones you ask, but they are the ones you should be asking. The questions:What does the token look like?How does it contain the artwork? (or, where is the artwork contained?)How are tokens traded? (How...

F-Secure

FireEye

Shining a Light on DARKSIDE Ransomware Operations

Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their affiliates have launched a global crime spree affecting organizations in more than 15 countries and multiple industry verticals. Like many of their peers, these actors conduct multifaceted extortion where data is both...

The UNC2529 Triple Double: A Trifecta Phishing Campaign

In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat...

UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which...

Forbes

Hackers Stole Data On Nearly 200,000 Veterans Seeking Disability Benefits

The database, Fowler discovered, belonged to North Carolina-based United Valor Solutions.

Amazon Facing Calls From Civil Rights Groups To Permanently Ban Police Use Of Facial Recognition As Deadline Approaches

Amazon has yet to announce whether it will lift a one-year moratorium on the sale of its Rekognition product to police departments.

Apple Accused Of Overcharging For Apps In Billion-Pound Lawsuit

Apple is facing a billion-pound lawsuit over claims that it's systematically overcharging UK users through its App Store.

Google Security

Integrating Rust Into the Android Open Source Project

Posted by Ivan Lozano, Android Security & Privacy TeamThe Android team has been working on introducing the Rust programming language into the Android Open Source Project (AOSP) since 2019 as a memory-safe alternative for platform native code development. As with any large project, introducing a new language requires careful...

Making the Internet more secure one signed container at a time

Posted by Priya Wadhwa, Google Open Source Security TeamWith over 16 million pulls per month, Google’s `distroless` base images are widely used and depended on by large projects like Kubernetes and Istio. These minimal images don’t include common tools like shells or package managers, making their attack surface (and...

Enabling Hardware-enforced Stack Protection (cetcompat) in Chrome

Alex Gough, Engineer, Chrome Platform Security TeamChrome 90 for Windows adopts Hardware-enforced Stack Protection, a mitigation technology to make the exploitation of security bugs more difficult for attackers. This is supported by Windows 20H1 (December Update) or later, running on processors with Control-flow Enforcement Technology (CET) such as Intel...

Graham Cluley

The DarkSide ransomware gang must be shitting itself right now

So, what do you do if you're a ransomware gang which has just caught the attention of not just the world's media, but also the FBI and the President of the United States?

City of Tulsa struck by ransomware attack

Tulsa, Oklahoma, is reportedly the latest in a long line of American cities to have fallen victim to a ransomware attack. The attack, which occurred on Friday evening, caused the city's IT security teams to shut down many of Tula's internal systems over the weekend "out of an abundance of...

Major US oil pipeline shut down after ransomware attack

The 5,500 miles of Colonial Pipeline, which carry over 100 million gallons of fuel every day, from Houston, Texas to the New York Harbor, has been offline since May 7 following a ransomware attack.

IBM Security

Synthetic Identity Theft: When Everybody Knows Your Name

You probably have a place where everyone knows your name — and maybe your address and your birthday and your favorite drink. That place could be your favorite restaurant, your office or your grandma’s house. It doesn’t matter where that place is; when everyone in the room greets you...

Adopting Microsegmentation Into Your Zero Trust Model, Part 3

This is the third and final part in a series on zero trust and microsegmentation. Be sure to check out Parts 1 and 2. The customer relationship used to be circular — you marketed your products to customers, they purchased products, your company provided customer service as needed and then...

Why Automation and Zero Trust Go Hand-in-Hand

Zero trust can reshape how businesses approach digital security. The idea is to distrust by default, regardless of whether the information is located inside or outside the corporate network. From there, security teams can verify devices, apps and connections on a case-by-case basis. They should also re-verify the trust...

Info Security Buzz

Time To Take The Guesswork Out Of Cyber And Quantify Risk

For too many organisations, the early approach to cyber risk quantification (CRQ) has been too manual of a process, takes too long, produces questionable results, and has failed to gain… The ISBuzz Post: This Post Time To Take The Guesswork Out Of Cyber And Quantify Risk appeared first on Information...

COVID-19 A Year Later: Cybersecurity Best Practices At Home Haven’t Improved

After more than a year of working from home, research shows not much has changed when it comes to addressing the remote work cybersecurity challenge. According to the COVID-19 Cybersecurity… The ISBuzz Post: This Post COVID-19 A Year Later: Cybersecurity Best Practices At Home Haven’t Improved appeared first on Information...

Line Of Duty And Criminal Education

Without doubt the BBC TV Drama Line of Duty kept us all on the edge of our seats as we tuned into every episode, seeking to unmask the corrupt officer… The ISBuzz Post: This Post Line Of Duty And Criminal Education appeared first on Information Security Buzz.

Infosec Island

Facebook Shuts Down Two Hacking Groups in Palestine

Social media giant Facebook today announced that it took action against two groups of hackers originating from Palestine that abused its infrastructure for malware distribution and account compromise across the Internet.  One of the dismantled networks was linked to the Preventive Security Service (PSS), one of the several intelligence services...

Cloud Security Alliance Shares Security Guidance for Crypto-Assets Exchange

The Cloud Security Alliance (CSA) has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security.   Drafted by CSA’s Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate...

Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit

Join Intel on Wednesday, March 10, at SecurityWeek’s Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel’s experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.   Into the Spotlight: Is Supply...

Infosecurity Magazine

Kansas Identity Theft Spike Could Be Linked to Data Breach

Kansas Identity Theft Spike Could Be Linked to Data BreachThe state with the highest identity theft rate in the country may have been impacted by a Department of Labor data breach. According to new data released by the Federal Trade Commission (FTC), the reported rate of identity theft in Kansas...

Germany Bans Facebook from Processing WhatsApp Data

Germany Bans Facebook from Processing WhatsApp Data A German privacy watchdog has banned social media company Facebook from harvesting data on WhatsApp users.  Hamburg’s data protection commissioner said that WhatsApp's privacy policy was in breach of European data protection rules following a recent change.  WhatsApp, which was bought by Facebook in 2014, has...

AGs Question Safety of Kids-Only Instagram

AGs Question Safety of Kids-Only InstagramAttorneys general from 44 states and territories have asked Facebook to ditch its plan to launch a kids’ version of Instagram. Under federal privacy regulations, children under the age of 13 are technically not allowed to use the Instagram app. In March, Facebook confirmed that it was...

Krebs on Security

Microsoft Patch Tuesday, May 2021 Edition

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches...

Microsoft Patch Tuesday, May 2021 Edition

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches...

A Closer Look at the DarkSide Ransomware Gang

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the...

Naked Security

Apple AirTag jailbroken already – hacked in rickroll attack

Ooooh, look! A shiny button-like object!

Never say never! Warren Buffett caught up in integer overflow error…

640Kbytes of RAM should be enough for anyone...

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]

Latest episode - listen now! (And please share with your friends.)

Firefox for Android gets critical update to block cookie-stealing hole

This browser update is for everyone, but it's for Android users particularly.

PC Mag

The Best Free Antivirus Protection for 2020

Windows Defender is improving, but you still shouldn't rely on Windows 10's security tools as your sole means of protection. Many free third-party security apps are more effective at keeping you safe. We've tested 17 no-cost services to help you find the best free antivirus for protecting your PC....

Qustodio

Parental control app Qustodio is a highly configurable, easy-to-manage tool for keeping track of your child's activity on Windows, Mac, iOS, and Android devices, though it comes at a premium price.

Malware Steals Data By Adjusting Screen Brightness

Malware on an air-gapped computer can transmit data like Morse code by changing screen brightness in a way that's invisible to the naked eye but easily recorded with a camera.

SC Magazine

AWS configuration issues lead to exposure of 5 million records

Researchers reported on Tuesday that Amazon Web Services System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents. In a blog, Check Point researchers said they have worked with AWS...

Zix tricks: Phishing campaign creates false illusion that emails are safe

Researchers last week spotted a phishing campaign that leveraged an online email authentication solution from Zix, in hopes that potential victims would be lulled into a false sense of security. The attack reached 5,000 to 10,000 mailboxes, targeting Office365 users with the goal of stealing their credentials, according to a...

Listen: Cybercrime investigator turned CISO, Petri Kuivala, talks evolution of security culture

Petri Kuivala got his start in cybersecurity on the force. He joined to do normal police work, never imagining that he’d end up in cybersecurity. Yet, after a few years, he joined a team that was among one of the first to develop IT-based crime analysis. Today, Kuivala is the...

Schneier on Security

AI Security Risk Assessment Tool

Microsoft researchers just released an open-source automation tool for security testing AI systems: “Counterfit.” Details on their blog.

Ransomware Shuts Down US Pipeline

This is a major story: a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to...

Newly Unclassified NSA Document on Cryptography in the 1970s

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era,” Cryptographic Quarterly, Spring 1996, author still classified.

SecureMac

Only 6% of iOS users opt in to app tracking

How many iOS 14.5 users opt in to app tracking? Not many! In this article: ATT and you | Opt-in data | Opting out | Opting out of Apple ads The post Only 6% of iOS users opt in to app tracking appeared first on SecureMac.

Ransomware attack shuts down major US gas pipeline

Last Friday, hackers hit the Colonial Pipeline fuel company with a ransomware attack. When the company realized what was going on, it shut down its 5,500-mile pipeline as a proactive measure The post Ransomware attack shuts down major US gas pipeline appeared first on SecureMac.

Checklist 229: Zero-Days and WebKit with August Trometer

0-days, WebKit, and Apple's intentional vagueness. We discuss this week's updates (and what they mean) with August Trometer. The post Checklist 229: Zero-Days and WebKit with August Trometer appeared first on SecureMac.

Security Affairs

Hackers target Windows users exploiting a Zero-Day in Reader

Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium,...

Google open sources cosign tool for verifying containers

Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed to make signatures invisible infrastructure. Cosign supports: Hardware and KMS signingBring-your-own PKIOur free OIDC...

FBI confirmed that Darkside ransomware gang hit Colonial Pipeline

The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms...

SecurityWeek

SAP Patches High-Severity Flaws in Business One, NetWeaver Products

SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News. read more

Ransomware Gang Threatens Release of DC Police Records

A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if more money is not offered. read more

Microsoft Patch Tuesday: 55 Vulnerabilities, 4 Critical, 3 Publicly Known

Microsoft’s monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks. read more

TechRepublic

Colonial Pipeline attack reminds us of our critical infrastructure's vulnerabilities

Cybersecurity expert discusses the many ways attackers could have gotten access to the Colonial Pipeline company and reminds us why the threat always looms.

Our infrastructure is more vulnerable than we realized, pipeline attack shows

Expert says there are several ways the hackers may have gotten access and how we can possibly prevent these attacks in the future.

The many sides of DarkSide, the group behind the Colonial pipeline ransomware attack

Though it likes to promote itself as being "philanthropic," the DarkSide gang represents a dangerous threat to organizations around the world.

The Guardian

Government agencies could access personal data without consent under new bill

Privacy advocates fear Coalition’s proposed data-sharing law could allow for robodebt-style tacticsAustralians’ personal information could be accessed by government agencies and researchers without their consent under proposed data-sharing legislation that critics say could pave the way for more robodebt-style tactics. In a speech at an Australian Financial Review conference...

People with dyslexia have skills that we need, says GCHQ

UK surveillance agency says it has long valued neuro-diverse analysts – including Alan Turing Apprentices on GCHQ’s scheme are four times more likely to have dyslexia than those on other organisations’ programmes, the agency has said, the result of a drive to recruit those whose brains process information differently.GCHQ...

Signal founder: I hacked police phone-cracking tool Cellebrite

Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the worldThe CEO of the messaging app Signal claims to have hacked the phone cracking tools used by police in Britain and around the world to extract information from seized devices.In an online post, Moxie Marlinspike, the security...

The Hacker News

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager, Adobe InDesign, Adobe Illustrator, Adobe InCopy, Adobe Genuine Service, Adobe...

LIVE Webinar — The Rabbit Hole of Automation

The concept of automation has taken on a life of its own in recent years. The idea is nothing new, but the current interest in automation is a mix of both hype and innovation. On the one hand, it's much easier today to automate everything from small processes to massive-scale...

U.S Intelligence Agencies Warn About 5G Network Weaknesses

Inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to 5G networks, potentially making them a lucrative target for cybercriminals and nation-state adversaries to exploit for valuable intelligence. The analysis, which aims to identify and assess risks and vulnerabilities introduced by...

The Register

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…

South Korea orders urgent review of energy infrastructure cybersecurity

No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…

Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security

Dozen design, implementation blunders date back 24 years A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.…

The Security Ledger

Seeds of Destruction: Cyber Risk Is Growing in Agriculture

In this episode of the podcast (#213): Molly Jahn of DARPA and University of Wisconsin joins us to talk about the growing cyber risk to the Food and Agriculture sector, as industry consolidation and precision agriculture combine to increase the chances of cyber disruption of food production. The post...

Episode 212: China’s Stolen Data Economy (And Why We Should Care)

In this episode of the podcast (#212), Brandon Hoffman, the CISO of Intel 471 joins us to discuss that company’s latest report that looks at China’s diversified marketplace for stolen data and stolen identities. The post Episode 212: China’s Stolen Data Economy (And Why We Should Care) appeared first...

Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment

Software vulnerabilities in web sites operated by John Deere could allow a remote attacker to harvest information on the company’s customers including their names, physical addresses and the equipment they own. The revelation suggests the U.S. agriculture sector is woefully unprepared for disruptive cyber attacks, experts warn. The post...

Threatpost

Wormable Windows Bug Opens Door to DoS, RCE

Microsoft's May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities.

GitHub Prepares to Move Beyond Passwords

GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords.

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader

A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack

An ingenious attack on Android devices self-propagates, with the potential for a range of damage.

Tripwire

PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers

Digital attackers launched a new ransomware campaign dubbed “PLEASE_READ_ME” in an effort to target MySQL servers. Guardicore first spotted the attack back in January 2020. After that, it witnessed a total of 92 attacks emanate from 11 IP addresses, with most based in Ireland and the United Kingdom at...

New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Security researchers detected a new spear-phishing attack that’s using an exact domain spoofing tactic in order to impersonate Microsoft. On December 7, IRONSCALES revealed that it had spotted the campaign targeting Office 365 users. Those users primarily worked in the financial services, healthcare, insurance, manufacturing, utilities and telecom industries....

Phorpiex Botnet Named “Most Wanted Malware” in November 2020

The Phorpiex botnet earned the notorious designation of “most wanted malware” for the month of November 2020. In its Global Threat Index for November 2020, Check Point Research revealed that it had observed a surge in new Phorpiex botnet infections that had affected four percent of organizations globally. This...

Troy Hunt

Weekly Update 242

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be...

Weekly Update 241

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into...

Weekly Update 241

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into...

We Live Security

WhatsApp will limit features for users who don’t accept new data‑sharing rules

Your account won’t be deleted, but here's what you may want to be aware of if not even repeated reminders do the trick The post WhatsApp will limit features for users who don’t accept new data‑sharing rules appeared first on WeLiveSecurity

Week in security with Tony Anscombe

Ousaban banking trojan targeting Brazil – How to help your kids use safe passwords – DDoS attack takes Belgian government websites offline The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Popular routers found vulnerable to hacker attacks

Millions of Brits could be at risk of cyberattacks due to poor default passwords and a lack of firmware updates The post Popular routers found vulnerable to hacker attacks appeared first on WeLiveSecurity

Wired

How Amazon Sidewalk Works—and Why You May Want to Turn It Off

The premise is convenient. But the ecommerce giant’s record on privacy isn't exactly inspiring.

DarkSide Hit Colonial Pipeline—and Created an Unholy Mess

As the White House gets involved in the response, the group behind the malware is scrambling.

Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet

Emails from the Epic Games lawsuit show Apple brass discussing how to handle a 2015 iOS hack. The company never notified affected users.

What's Google Floc? And How Does It Affect Your Privacy?

There's a battle raging over how advertisers can target us on the web—or whether they should be able to target us at all.

ZDNet

Everything you need to know about the Colonial Pipeline ransomware attack

DarkSide has claimed responsibility for the catastrophic ransomware outbreak.

Colonial Pipeline ransomware attack: Everything you need to know

Updated: DarkSide has claimed responsibility for the catastrophic ransomware outbreak.

GitHub shifts away from passwords with security key support for SSH Git operations

Support has been added to bolster defense against account compromise.