Your Android apps are tracking you. Here's how to stop them
Duck Duck Go started out as a privacy-focused search engine. It obviously had (and still has) seriously stiff competition with Google. But the company behind the search engine wasn’t content
The Human Factor in Cybersecurity
Cybersecurity is an increasingly important issue that’s becoming more complex as reliance on technology grows. While technology is critical to cybersecurity, it is not the only factor that needs consideration.
Microsoft disables SMB1 file-sharing protocol by default in Windows 11 Home
Microsoft’s Windows 10 operating system already disables by default SMB (Server Message Block) version 1, the 30-year-old file-sharing protocol. Now the company is doing the same with Windows 11 Home Dev
What to Know About Anti-Malware Solutions for 2022
Anti-malware software is something that can save your business from total financial destruction and save its reputation. Anti-malware software can be the deciding factor in whether your business survives in
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Exploring what’s next for public-cloud security, including top risks and how to implement better risk management. The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google
US Officials Increase Warnings About Russian Cyber-Attacks
The energy and finance sectors are likely to be targeted by Russian cyber-criminalsRead More: https://www.infosecurity-magazine.com/news/us-officials-russian-cyber-attacks/
‘CatalanGate’ Spyware Infections Tied to NSO Group
Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia. An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either Pegasus or
Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says
Written by AJ Vicens Apr 19, 2022 | CYBERSCOOP Researchers at Google’s Project Zero said they tracked 58 cases of zero-day exploits “in the wild” in 2021 — the most
Funky Pigeon Suspends Orders Following Cyber-Attack
The retailer is currently investigating whether personal data was accessed in the attackRead More: https://www.infosecurity-magazine.com/news/funky-pigeon-cyber-attack/
The Future of the IT Industry Is Now: 5 Ways MSPs Can Stay Ahead of the Curve
Every MSP is on a journey for success, relevance, and growth. But in all likelihood their current business model may not be enough to sustain that pace for much longer.
North Korea aims 'TraderTraitor' malware at cryptocurrency workers
Written by Tonya Riley Apr 19, 2022 | CYBERSCOOP North Korean state-backed hackers are phishing cryptocurrency company employees in order to gain access to systems that allow them to make
Google fixes Chrome zero day being used in exploits in the wild
Google has released patches for two security flaws in Chrome, of which one was being exploited in the wild. The zero day is tracked as CVE-2022-1364, a high severity flaw
Protect Your Executives’ Cybersecurity Amidst Global Cyberwar
In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage. It’s been
LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks
The research found that phishing attempts impersonating LinkedIn made up 52% of attacks globally in Q1 2022Read More: https://www.infosecurity-magazine.com/news/linkedin-impersonated-brand/
MetaMask Asks Apple Users to Disable iCloud Backup for Wallet After User Lost $650,000
MetaMask has warned Apple users to disable automatic iCloud backup of their wallet data. The warning results from the losses sustained by an NFT collector, Domenic Lacovone, using the Twitter
Blockchain warning: Hackers are targeting developers and DevOps teams
The US government has detailed how North Korean state-sponsored attackers have been hacking cryptocurrency firms using phishing, malware and exploits to steal funds and initiate fraudulent blockchain transactions. The Federal
Court rules that data scraping is legal in LinkedIn appeal
It seems self-evident that public data on a website is, well, public. But, that’s never stopped people from arguing that scraping–copying data from public websites–is somehow illegal. Now, the U.S.
A Zero-Click Vulnerability Is Exploited by NSO Spyware
Citizen Lab researchers have discovered two independent Pegasus malware campaigns, that targeted the prime minister’s office and other official UK government networks as well as the Catalan presidents and members
Lazarus Hackers Make Use of Fraudulent Crypto Apps, US Warns
CISA, the FBI, and the US Treasury Department have recently issued a warning that firms in the cryptocurrency and blockchain industries are being targeted by the North Korean Lazarus hacking
Microsoft: We're boosting our bug bounties for these high-impact security flaws
Microsoft has announced new “scenario-based” awards for its Dynamics and Power Platform Bounty Program and the Microsoft 365 Bounty Program. Microsoft says the scenario-based awards are designed to encourage researchers
Lenovo patches UEFI firmware vulnerabilities impacting millions of users
Lenovo has patched a trio of bugs that could be abused to perform UEFI attacks. Discovered by ESET researcher Martin Smolár, the vulnerabilities, assigned as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, could
Ronin Crypto Heist of $618m Traced to North Korea
Lazarus Group blamed by US TreasuryRead More: https://www.infosecurity-magazine.com/news/ronin-crypto-heist-618m-north-korea/
Attacker Accessed Dozens of Repositories After OAuth Token Theft
GitHub says npm is among the organizations affectedRead More: https://www.infosecurity-magazine.com/news/attacker-oauth-token-token-theft/
Pegasus Spyware Targeted UK Prime Minister, Say Researchers
UAE linked to covert cyber-espionage plotRead More: https://www.infosecurity-magazine.com/news/pegasus-spyware-uk-prime-minister/
APAC consumers share more data, but will ditch firms over security breach
Consumers in Singapore and Australia share more personal information now than they did two years ago, but more in the two Asian markets will ditch service providers that suffer a
Attacker Steals $182 Million From Ethereum-based Beanstalk Stablecoin Protocol
Interestingly, the attacker donated $250,000 of the stolen funds to an address used for raising donations for the Ukrainian government. According to security firm PeckShield, a credit-focused, Ethereum-based stablecoin protocol
U.S. Cyber Command gives Congress $236M unfunded priorities wish list
Written by Suzanne Smalley Apr 18, 2022 | CYBERSCOOP A U.S Cyber Command wish list shared with Congress shows $236 million worth of unfunded priorities, including about $168 million to
9 Steps Necessary for Infrastructure Security
The ever-present threat of cyber security attacks has made IT infrastructure security a priority for most businesses. Cybercriminals are nowadays using bots to troll the internet for vulnerabilities. IT security
Healthcare Cybersecurity Standards: How to Prepare
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required hospital networks, clinics, and research institutes to meet strict healthcare cybersecurity standards. But complying with the new Strengthening American
Recover Deleted Photos from PC and Mobile
Suppose many of you have deleted or erased images by accident. It may happen on a computer, be it a Windows or Mac, or on your smartphone. How to fulfill
EDR & XDR – Security Solutions for Hybrid & Remote SMB Ecosystems
Organizations, including small and midsized businesses (SMBs), should be on the lookout for any tools and techniques they can find to stop cyber criminals and other bad actors in their
Cyberattackers Put the Pedal to the Medal: Podcast
Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. Cyber-defenders have
Recent Mobile Payment Trends And How They Are Shaping The Future
Consumers, retailers, banks, and payment processors form a complicated network in today’s payment processing environment. Recently, there has been a massive change from physical to digital payment, especially with the
IcedID Malware Is Being Used in a New Hacking Campaign Targeting the Ukrainian Government
A warning about a new wave of social engineering cyberattacks that distribute the IcedID malware and employ Zimbra exploits for sensitive data theft purposes has been recently issued by the
Industrial Spy, a New Stolen Data Market Is Advertised via Adware and Cracks
Cybercriminals have recently launched a marketplace named Industrial Spy, which sells information stolen from compromised organizations while also “spoiling” its customers with stolen data that’s free of charge. Unlike traditional
An Investigation of the BlackCat Ransomware via Trend Micro Vision One
Trend Micro – An Investigation of the BlackCat Ransomware via Trend Micro Vision One Ransomware We recently investigated a case related to the BlackCat ransomware group using the Trend Micro
GitHub Blocks Accounts of Two Large Russian Banks Amid US Sanctions
As of now, this move has mainly impacted two large banks reportedly Sberbank and Alfa-Bank, and some individual developers. GitHub has started suspending Russian-registered users’ accounts as part of the
GitHub Suspends Accounts of Two Large Russian Banks Amid US Sanctions
As of now, this move has mainly impacted two large banks reportedly Sberbank and Alfa-Bank, and individual developers. GitHub has started suspending Russian-registered users’ accounts as part of the blocking
GitHub: Hackers Stole OAuth Access Tokens to Target Dozens of Firms
GitHub has revealed that attackers have abused OAuth user tokens issued to Heroku and Travis-CI, popular third-party OAuth integrators. GitHub revealed on Friday about receiving evidence of an unidentified adversary
Latest Update for Google Chrome Fixes Actively Exploited 0-day Flaw
One of the two security vulnerabilities identified in the Google Chrome web browser was reportedly being actively exploited in the wild. On Thursday, Google released emergency fixes for the Chrome
Threat Roundup for April 8 to April 15
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 8 and April 15. As with previous roundups, this post isn’t meant to be an
Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web
Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims. Researchers have found financial and technological links
Prolific cyber extortion group Karakurt might be a Conti side hustle
Written by AJ Vicens Apr 15, 2022 | CYBERSCOOP In late February, a Ukrainian researcher with longtime access to Conti’s internal chats and files began leaking them online, exposing in
Conti Ransomware Gang Hits German Wind Turbine Giant Nordex
All of Nordex’s internal IT systems were shut down, and remote access to the turbines was disrupted due to the attack. The infamous pro-Russian Conti ransomware gang managed to forcefully shut down
When it Comes to Developing Tech Leadership, Credentials Matter
According to CompTIA’s recently released State of the Tech Workforce report, there will be 8.9 million net tech employment jobs in 2022 in the U.S. And there is no retreat
What is a Security Operations Center (SOC)? Definition, Scope, Roles, and Benefits.
In an ever-shifting threatscape, the necessity to identify, assess risk, respond, and hunt down emergent threats becomes even more pressing. The Security Operations Center or S.O.C is the preferred trade-off
What Is Email Spam?
Spamming is the annoying and dangerous act of sending unsolicited bulk emails or other types of messages over the Internet. Spam is often used to spread malware and phishing and
ZingoStealer: New Malware Making Way on the Threat Landscape
A new info-stealer is making way on the cyber threat landscape as Haskers Gang has just added to their arsenal ZingoStealer. More Details on ZingoStealer The malware, as mentioned above,