Wednesday, October 27, 2021

Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan

A new survey suggests the disruption, share price drops, and theft are common consequences of attacks.

Schools put the brakes on facial recognition scheme for kids buying lunch

UK regulators swooped in before the program gained full momentum.

Mozilla Firefox cracks down on malicious add-ons used by 455,000 users

The troublesome add-ons misused an API that controlled how Firefox connected to the internet.

SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns

The APT is probing potential new technology supply chain victims.

Ex-carrier employee sentenced for role in SIM-swapping scheme

He was paid a daily fee to route victim numbers to handsets controlled by other criminals.

South African police arrest eight men suspected of targeting widows in romance scams

The gang concocted "sob stories" to lure their victims into parting with cash.

US judge sentences duo for roles in running bulletproof hosting service

The hosting service was used to deploy malware payloads including Zeus and the Blackhole exploit kit.

Black market traders cash in on fake COVID-19 vaccination records

The EU vaccine passport and CDC certifications are hot ticket items.

FCC mulls over new rules demanding carriers block spam robot texts at network level

The proposal hones in on rising rates of robot texts.

Twitter accounts linked to cyberattacks against security researchers suspended

North Korean hackers are luring professionals with "zero-day vulnerability hype."

BlackByte ransomware decryptor released

The "odd" malware avoids systems based on Russian and ex-USSR languages.

Critical infrastructure security dubbed 'abysmal' by researchers

Researchers find that lax ICS security is putting critical services at risk of exploitation.

International cryptocurrency scam ring targets European dating app users

You might lose your money as well as your heart.

Apple: Forcing app sideloading would turn iPhones into virus-prone 'pocket PCs'

Apple says that sideloading would undermine the "privacy and security protections" of iPhones.

Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace

Malicious NFTs could have become an attack vector for hackers trying to steal digital wallet funds.
The Register

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.