Month: June 2024
TikTok’s legal troubles in the U.S. could get thornier after the FTC refers complaint to the DOJ. Meanwhile, France says Russia-backed Nobelium / Midnight Blizzard is a major cyber espionage threat to European governments. Plus, a Tenable poll about dealing with vulnerabilities without patches. And did LockBit 3.0 make a comeback in May? Maybe –…
Read MoreRoss Anderson’s Memorial Service The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. (The passcode is “L3954FrrEF”.) Tags: cryptography, security engineering Posted on June 21, 2024 at 7:04 AM • 0 Comments Sidebar photo of Bruce Schneier by Joe MacInnis. Source link lol
Read More
CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access. The warning follows ongoing cyberattacks that have hit CDK, forcing the company to shut down its customer support channels and take most of its systems offline. CDK Global is a software-as-a-service (SaaS) platform that thousands of US…
Read More
However, to defeat detection, the scripts first performed checks to ensure the user was not operating in a virtual machine or sandbox (a common way for researchers to vet suspicious sites without compromising their machines); if a VM or sandbox was detected, the script exited without performing its malicious activities. ClickFix Another threat actor popped…
Read More
Jun 21, 2024NewsroomMalware / Malvertising A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That’s according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them…
Read More
As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to do so, but the use of third-party services can also come with significant — often unforeseen — risks. Third…
Read More
Concerns outlined in the Final Determination paint a mixed picture for Kaspersky-like commercial security products. “The administration’s move to ban Kaspersky Lab products in the United States underscores the stakes of security products gone bad, wherein the privileges that are supposed to be used to protect networks and systems are instead used to subvert security…
Read More
Jun 21, 2024NewsroomVulnerability / Data Protection A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions…
Read More
Digital Security As health data continues to be a prized target for hackers, here’s how to minimize the fallout from a breach impacting your own health records 20 Jun 2024 • , 5 min. read Digital transformation is helping healthcare providers across the globe to become more cost-efficient, while improving standards of patient care. But…
Read More
Jun 21, 2024NewsroomSoftware Security / Threat Intelligence The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) on Thursday announced a “first of its kind” ban that prohibits Kaspersky Lab’s U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company’s affiliates, subsidiaries and…
Read More