Day: July 15, 2022

How to Avoid Credit Card Skimming: 5 Tips to Keep Your Information Safe

Thieves steal your credit or debit card information by attaching a device to the card reader at a gas station, restaurant, or other business. They can then use this information to make fraudulent purchases or withdraw money from your account. Skimming can happen anywhere so it’s important to always be vigilant about protecting your information. …

How to Avoid Credit Card Skimming: 5 Tips to Keep Your Information Safe Read More »

Log4j Flaw Is 'Endemic', Says Cyber Safety Review Board

Software Bill of Materials Among Recommended Mitigations Mihir Bagwe (MihirBagwe) • July 15, 2022     A flaw in ubiquitous open-source logging utility Log4j may plague systems for the next decade or longer, making it an “endemic vulnerability,” declared a panel of U.S. public and private sector security experts. See Also: OnDemand Crowdsourced Security and …

Log4j Flaw Is 'Endemic', Says Cyber Safety Review Board Read More »

Bishop Fox Raises $75M to Fortify Offensive Security Muscle

The Money Will Fuel Bishop Fox’s Visibility and Continuous Testing for All Services Michael Novinson (MichaelNovinson) • July 15, 2022     Vinnie Liu, co-founder and CEO, Bishop Fox (Image: Bishop Fox) An emerging offensive security player has closed an eight-figure funding round to strengthen its visibility and continuous testing capabilities across all of its …

Bishop Fox Raises $75M to Fortify Offensive Security Muscle Read More »

This Vulnerability May Allow Hackers to Steal Your Ether

Today we’re going to look into a new scam method! Do not confuse it with allowance approve scam (to prevent which you can use revoke.cash / unrekt.net) which targets ERC20 tokens, but not Ethers. (1, 2, 3, 4). Source: graph.org/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30–DeFi-03-31 In the presented attack, scammers may steal your Ether! Use this information for educational purposes only ❗️ Prehistory Recently in the network began to appear …

This Vulnerability May Allow Hackers to Steal Your Ether Read More »

Tiny Mantis Botnet Can Launch More Powerful DDoS Attacks Than Mirai

Mantis Botnet launched 3,000 DDoS attacks in one month using only 5,000 small bots after which Cloudflare dubbed the botnet as “the most powerful botnet to date.” According to Cloudflare content distribution network, a botnet named after a small shrimp is so powerful that it has launched the biggest ever DDoS attacks. Dubbed Mantis, the …

Tiny Mantis Botnet Can Launch More Powerful DDoS Attacks Than Mirai Read More »

Google Hit With $1M Discovery Sanctions In 'Incognito' Suit

By Dorothy Atkins (July 15, 2022, 10:33 PM EDT) — A California magistrate judge ordered Google to pay class counsel $1 million in attorney fees and costs for its discovery violations in a putative class action alleging the company surreptitiously tracks Chrome users running the browser’s incognito mode. In a four-page order, U.S. Magistrate Judge …

Google Hit With $1M Discovery Sanctions In 'Incognito' Suit Read More »

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine …

Tainted password-cracking software for industrial systems used to spread P2P Sality bot Read More »

At-Bay appoints Scott Carmilani and David Lockton to its Board of Directors

At-Bay announced the appointment of insurance industry veterans Scott Carmilani and David Lockton to its Board of Directors. With nearly six decades of experience between them, Carmilani and Lockton bring a strong track record of innovation and insurance expertise to At-Bay’s board. “At-Bay is committed to building the next generation of specialty insurance, with deep …

At-Bay appoints Scott Carmilani and David Lockton to its Board of Directors Read More »

Ring Reveals They Give Videos to Police Without User Consent or a Warrant

Amazon’s Ring devices are not just personal security cameras. They are also police cameras—whether you want them to be or not. The company now admits there are “emergency” instances when police can get warrantless access to Ring personal devices without the owner’s permission. This dangerous policy allows police, in conjunction with Ring, to decide when …

Ring Reveals They Give Videos to Police Without User Consent or a Warrant Read More »

New H0lyGh0st Ransomware Linked to N. Korea!

Microsoft has linked a threat that emerged in June 2021 & targets small-to-mid-sized businesses to state-sponsored players tracked as DEV-0530. Microsoft researchers have linked a new ransomware threat that already has compromised a number of small-to-mid-sized businesses to financially motivated N. Korean state-sponsored players that have been active since 2021. DEV-0530 A group tracked by researchers from …

New H0lyGh0st Ransomware Linked to N. Korea! Read More »

Former CIA Engineer Convicted for Leaking Classified 'Vault 7' Trove

A former software engineer for the U.S. Central Intelligence Agency (CIA) has been convicted for his role in one of the largest thefts of classified information in history. Joshua Schulte was hit with 13 charges in June of 2018 after he leaked nearly 9,000 documents from an isolated network within the CIA. The documents contained …

Former CIA Engineer Convicted for Leaking Classified 'Vault 7' Trove Read More »

Live Webinar | BEC: Did You Get Trapped in That Conversation?

Tonia Dudley Strategic Advisor, Cofense Tonia Dudley joined Cofense in 2018 as Director, Security Solution Advisor. In this role, she focuses on phishing defense advocacy while demonstrating how Cofense solutions help organizations across the globe minimize the impact of attacks while reducing the cost of operations. Tonia evangelizes Cofense’s approach to phishing defense and incident …

Live Webinar | BEC: Did You Get Trapped in That Conversation? Read More »

Are tech companies at fault for the addictive nature of social media? What to expect from the White House’s cybersecurity strategy. DHS gives CISA thumbs-up for Log4j response.

At a glance.Are tech companies at fault for the addictive nature of social media?What to expect from the White House’s cybersecurity strategy. DHS gives CISA thumbs-up for Log4j response.Are tech companies at fault for the addictive nature of social media? The New York Law Journal examines how lawsuits against social media companies are utilizing product liability …

Are tech companies at fault for the addictive nature of social media? What to expect from the White House’s cybersecurity strategy. DHS gives CISA thumbs-up for Log4j response. Read More »

SWN #223 – Naivety, Microsoft, UEFI, Mantis, Celsius, Ring, & Minority Report

Paul’s Security Weekly Fri, 15 Jul 2022 21:04:47 +0000 Fri, 15 Jul 2022 21:10:19 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no SWN #223 – Naivety, Microsoft, UEFI, Mantis, Celsius, Ring, & Minority Report Fri, 15 Jul 2022 21:04:47 +0000 26:29 false podcast full …

SWN #223 – Naivety, Microsoft, UEFI, Mantis, Celsius, Ring, & Minority Report Read More »

Friday Squid Blogging: Squid Inks Fisherman

Friday Squid Blogging: Squid Inks Fisherman Short video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Tags: squid, video Sidebar photo of Bruce Schneier by Joe MacInnis.Read more

PSW #747 – Andy Robbins

Paul’s Security Weekly Fri, 15 Jul 2022 21:04:47 +0000 Fri, 15 Jul 2022 21:10:20 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no PSW #747 – Andy Robbins Fri, 15 Jul 2022 21:00:00 +0000 03:08:00 false podcast full Read more

TikTok shakes up security team as it faces renewed U.S. scrutiny

TikTok announced major changes to its security leadership on Friday as the social media platform faces renewed scrutiny from U.S. lawmakers over its ties to China. The short-form video service’s global security chief Roland Cloutier will step down in September, transitioning to a senior advisor role while current security executive Kim Albarella will replace him …

TikTok shakes up security team as it faces renewed U.S. scrutiny Read More »

ESW #280 – Fleming Shi, Kevin L. Jackson, Meritt Maxim

Paul’s Security Weekly Fri, 15 Jul 2022 21:04:47 +0000 Fri, 15 Jul 2022 21:10:01 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no ESW #280 – Fleming Shi, Kevin L. Jackson, Meritt Maxim Fri, 15 Jul 2022 20:58:57 +0000 02:27:38 false podcast full Read more

CISA pulls the fire alarm on Juniper Networks bugs

Juniper Networks has patched critical-rated bugs across its Junos Space, Contrail Networking and NorthStar Controller products that are serious enough to prompt CISA to weigh in and advise admins to update the software as soon as possible. “CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates,” according …

CISA pulls the fire alarm on Juniper Networks bugs Read More »