Computer Security Tip of the Day
October 22nd
If you have children visiting or staying with family members (such as grandparents), make sure the family members know your rules concerning technology that your kids must follow. Just because your kids leave the house does not mean the rules about what t…
Bruce Schneier on Security
October 22nd
Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an…
October 21st
Roger Grimes on why multifactor authentication isn’t a panacea: The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year lat…
October 20th
Here’s a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to …
October 19th
Researchers trained a machine-learning system on videos of people typing their PINs into ATMs: By using three tries, which is typically the maximum allowed number of attempts before the card is withheld, the researchers reconstructed the correct sequence …
October 19th
According to a report from CISA last week, there were three ransomware attacks against water treatment plants last year. WWS Sector cyber intrusions from 2019 to early 2021 include: In August 2021, malicious cyber actors used Ghost variant ransomware agai…
Dark Reading Security News
October 23rd
When life inside the security operations center feels treacherous, here are some suggestions for getting out alive.
October 22nd
The launch of Android 12 brings several new default security features, along with new security efforts for Android Enterprise.
October 22nd
Researchers warn that Discord's bot framework can be easily weaponized.
October 22nd
Online cybersecurity professional development platform bolsters the Check Point Education Initiative.
October 22nd
Security leaders are adopting a multilayered approach to address new security threats and risks.
New Security Threats
October 23rd
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
October 22nd
The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.
October 22nd
Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said.
October 22nd
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.
October 22nd
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.