Tuesday, March 2, 2021

Attacker Expands Use of Malicious SEO Techniques to Distribute Malware

The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.

Quarter of Healthcare Apps Contain High Severity Bugs

Quarter of Healthcare Apps Contain High Severity Bugs A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode. The security vendor broke out sector-specific...

Microsoft's Dream of Decentralized IDs Enters the Real World

The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service.

Microsoft Teams Issues Major Blow To Zoom With Game-Changing New Security Features

Microsoft Teams has just issued a massive blow to Zoom with the launch of multiple new security features, including the game-changing security feature it was previously lacking.

Kaspersky to Co-Chair Working Group of the Paris Call

Kaspersky to Co-Chair Working Group of the Paris Call Kaspersky has announced it is partnering with Cigref to co-chair the Working Group 6 (WGF) as part of the Paris Call for Trust and Security in Cyberspace initiative. The group...
IBM Security

‘Clear and Present Danger’: Why Cybersecurity Risk Management Needs to Keep Evolving

The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always...

Search crimes – how the Gootkit gang poisons Google searches

When a search result looks too good to be true - it IS too good to be true!
ZDNet

ObliqueRAT Trojan now lurks in images on compromised websites

The malware has been upgraded in new campaigns across Asia.
SecurityWeek

Dairy Giant Lactalis Targeted by Hackers

France-based dairy giant Lactalis revealed last week that it was targeted by hackers, but claimed that it had found no evidence of a data breach. The company said a malicious third party attempted to breach its computer network, but it...
Graham Cluley

Crypto firm Tether says it won’t pay $24 million ransom after being threatened with document leak

Controversial cryptocurrency developer Tether says it will not give in to extortionists who are demanding a 500 Bitcoin ransom payment (currently worth approximately US $24 million).
Bruce Schneier

Mysterious Macintosh Malware

This is weird: Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload...

What Did I Just Read? A Conversation With the Authors of '2034'

Elliot Ackerman and Admiral James Stavridis discuss their inspirations, personal experiences, and what keeps them up at night.

2034, Part VI: Crossing the Red Line

“Eventually, the Americans would find them. But by then it would be too late.”
ZDNet

Oxfam Australia supporters embroiled in new data breach

Personal data, including partial payment information, is thought to be included.

Universal Health Services Estimates $67 Million in Ransomware Losses

Universal Health Services Estimates $67 Million in Ransomware LossesA ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed. The Fortune 500 healthcare organization has tens...
IBM Security

Cybersecurity Gaps and Opportunities in the Logistics Industry

Shipping and logistics is, in many ways, the backbone of our lives and businesses. What business doesn’t benefit from fresh food or a timely delivery? Unfortunately, this industry is open to cyberattacks just like anyone else. Luckily, groups in...
isBuzz

Three Reasons The Security Industry Is Protecting The Wrong Thing

Why is it that the security industry talks about network security, but data breaches? It’s clear that something needs to change, and according to Paul German, CEO, Certes Networks, the… The ISBuzz Post: This Post Three Reasons The Security Industry...

Gab Hack Reveals Passwords And Private Posts

The founder of far-right social media platform Gab has confirmed that hackers have breached the site, exposing the account of former US president Donald Trump.
ZDNet

Google addresses customer data protection, security in Workspace

Google has also introduced new Workspace features as we continue to work from home.

CISO job search: What to look (and look out) for

The first thing a CISO should remember when considering a new position is that C-level security professionals are a valuable commodity. That means take your time and be picky so you don’t land the wrong job. Or, as the...
Have I Been Pwned

Oxfam – 1,834,006 breached accounts

In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names,...
F5 Networks

OpenSSL vulnerability CVE-2021-23839

OpenSSL vulnerability CVE-2021-23839 Security Advisory Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to ...
F5 Networks

OpenSSL vulnerability CVE-2021-23840

OpenSSL vulnerability CVE-2021-23840 Security Advisory Security Advisory Description Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in ...
Have I Been Pwned

Ticketcounter – 1,921,722 breached accounts

In August 2020, the Dutch ticketing service Ticketcounter inadvertently published a database backup to a publicly accessible location where it was then found and downloaded in February 2021. The data contained 1.9M unique email addresses which were offered for...
F5 Networks

OpenSSL vulnerability CVE-2021-23841

OpenSSL vulnerability CVE-2021-23841 Security Advisory Security Advisory Description The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on ...