Day: September 30, 2021

Revealed: How to steal money from victims' contactless Apple Pay wallets

Apple’s digital wallet Apple Pay will pay whatever amount is demanded of it, without authorization, if configured for transit mode with a Visa card, and exposed to a hostile contactless reader. Boffins at the University of Birmingham and the University of Surrey in England have managed to find a way to remove the contactless payment …

Revealed: How to steal money from victims' contactless Apple Pay wallets Read More »

Revealed: How to steal money from victims’ contactless Apple Pay wallets

Apple’s digital wallet Apple Pay will pay whatever amount is demanded of it, without authorization, if configured for transit mode with a Visa card, and exposed to a hostile contactless reader. Boffins at the University of Birmingham and the University of Surrey in England have managed to find a way to remove the contactless payment …

Revealed: How to steal money from victims’ contactless Apple Pay wallets Read More »

Revealed: How to make fraudulent contactless Apple Pay payments with Visa

Apple’s digital wallet Apple Pay will pay whatever amount is demanded of it, without authorization, if configured for transit mode with a Visa card, and exposed to a hostile contactless reader. Boffins at the University of Birmingham and the University of Surrey in England have managed to find a way to remove the contactless payment …

Revealed: How to make fraudulent contactless Apple Pay payments with Visa Read More »

Tips for Protecting Your Confidential Security Data

Over the last few years, vendor risk management has become an increasingly important focus on InfoSec teams in every industry. Data and privacy hacks are a regular fixture in the news, from global corporations to smaller companies. As the data world continues to become more interconnected, cloud-based, and open-source, these threats will continue to grow.Read …

Tips for Protecting Your Confidential Security Data Read More »

Alkira partners with Check Point to improve security for enterprise cloud networking

Alkira and Check Point Software Technologies announced a technology alliance to provide Check Point Software’s CloudGuard firewalls in Alkira’s Cloud Network infrastructure as-a-Service (CNaaS). This comes as organizations deploying application workloads to the cloud are struggling with the complexity of implementing consistent enterprise-wide security controls spanning cloud, multi-cloud and on-premises environments. The Check Point CloudGuard …

Alkira partners with Check Point to improve security for enterprise cloud networking Read More »

Expanding on the Creation of Collapsible Containers

You might remember that industrial designer [Eric Strebel] tried to make a collapsible silicone container with 3D printed molds a few weeks ago, and was finally successful after dozens of attempts. Someone commented that commercial containers are molded in the collapsed position instead of the expanded position, so naturally, [Eric] had to try it once …

Expanding on the Creation of Collapsible Containers Read More »

More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic

Organizations that have not implemented controls for detecting malware hidden in encrypted network traffic are at risk of having a vast majority of malicious tools being distributed in the wild, hitting their endpoint devices. A study of threat activity conducted by WatchGuard Technologies using anonymized data gathered from customer networks showed 91.5% of malware detections …

More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic Read More »

Congress demands briefing from FBI on decision not to share Kaseya decryption keys

The US House Committee on Oversight and Reform has demanded a briefing with the FBI to determine whether it was justified in withholding the Kaseya ransomware decryption keys. Committee chairwoman Rep. Carolyn Maloney and ranking member Rep. James Comer sent a letter to FBI director Christopher Wray asking him to appear before Congress to explain …

Congress demands briefing from FBI on decision not to share Kaseya decryption keys Read More »

What 10,000 Analysts Showed Us About the State of Threat Hunting

Cybersecurity has gotten pretty tough lately. Today’s teams contend with an ever-growing IT ecosystem accelerated by critical digital transformation efforts and moving workforces into remote environments. At the same time, they’re managing a rapidly evolving threat landscape composed of both sophisticated nation-state actors and a crush of low-level criminals armed with off-the-shelf crimeware. All told, …

What 10,000 Analysts Showed Us About the State of Threat Hunting Read More »

The Clash: “…find an Afghan rebel the bullets missed and ask him what he thinks…”

This is from a song called Washington Bullets on The Clash’s 1980 Sandinista! triple album: ‘nd if you can find a Afghan rebel That the Moscow bullets missed Ask him what he thinks of voting Communist Dare I say one of the best albums of all time, and one of their best songs? Yet it …

The Clash: “…find an Afghan rebel the bullets missed and ask him what he thinks…” Read More »

Windows 10 KB5005611 update fixes Microsoft Outlook issues

Microsoft has released the optional KB5005611 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes bugs in Microsoft Outlook and makes it easier to mitigate the PrintNightmare vulnerability. This cumulative update is part of Microsoft’s September 2021 monthly “C” update, allowing Windows users to test the upcoming …

Windows 10 KB5005611 update fixes Microsoft Outlook issues Read More »

Credential Harvesting at Scale Without Malware

Executive Summary While ransomware and ransomware-as-a-service (RaaS) attacks have dominated much of the cybersecurity community’s discussions over the past several months, criminals and hackers continue to compromise corporate, business and personal emails for financial gain. These scams, business email compromise (BEC) and personal email account compromise (EAC), continue to be the most pervasive and costly …

Credential Harvesting at Scale Without Malware Read More »

California Extends Telehealth Privacy, Security Waivers

State’s Renewal of Relaxed Regs Mirrors Handling of Federal HIPAA WaiversCalifornia is extending a waiver that was set to expire this week. Similar to action taken by federal regulators, the extended California waiver relaxes enforcement of certain privacy and security regulations related to healthcare providers that offer telehealth services.Read the article

CISA Launches Insider Threat Self-Assessment Tool

Agency Is Also Keeping Its ‘Rumor Control’ Website Active Ahead of Midterm ElectionsA new self-assessment tool aims to help public and private sector organizations assess their level of vulnerability to insider threats, according to CISA. The agency also indicated this week it will keep its “rumor control” website active ahead of the 2022 midterm elections.Read …

CISA Launches Insider Threat Self-Assessment Tool Read More »

APT29 targets Active Directory Federation Services with stealthy backdoor

Security researchers have recently seen a notorious cyberespionage group with ties to the Russian government deploy a new backdoor that’s designed to hook into Active Directory Federation Services (AD FS) and steal configuration databases and security token certificates. [ How well do you know these 9 types of malware and how to recognize them. | …

APT29 targets Active Directory Federation Services with stealthy backdoor Read More »