π΄ Google Creates Online Phishing Quiz π΄
π Read
via "Dark Reading: ".
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.π Read
via "Dark Reading: ".
Darkreading
Google Creates Online Phishing Quiz
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.
β Monero: Cybercrimeβs Top Choice for Mining Malware β
π Read
via "Threatpost | The first stop for security news".
Illicit Monero-mining malware accounts for more than 4 percent of the XMR in circulation, and has created $57 million in profits for the bad guys.π Read
via "Threatpost | The first stop for security news".
Threat Post
Monero: Cybercrimeβs Top Choice for Mining Malware
Illicit Monero-mining malware accounts for more than 4 percent of the XMR in circulation, and has created $57 million in profits for the bad guys.
<b>⌨ How the U.S. Govt. Shutdown Harms Security ⌨</b>
<code>The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.</code><code>Media</code><code>One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown βis crushing our ability to take the fight to cyber criminals.β</code><code>βThe talent drain after this is finally resolved will cost us five years,β said the source, who asked to remain anonymous because he was not authorized to speak to the news media. βLiterally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.β</code><code>The source said his agency canβt even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.</code><code>βInvestigators who are eligible to retire or who simply wish to walk away from their job arenβt retiring or quitting now because they canβt even be processed out due to furlough of the organizationβs human resources people,β the source said. βThese are criminal investigations involving national security. Itβs also a giant distraction and people arenβt as focused.β</code><code>The sourceβs comments echoed some of the points made in a 72-page report (PDF) released this week by the FBI Agents Association, a group that advocates on behalf of active and retired FBI special agents.</code><code>βToday we have no funds for making Confidential Human Source payments,β reads a quote from the FBIAA report, attributed to an agent in the FBIβs northeast region. βIn my situation, I have two sources that support our national security cyber mission that no longer have funding. They are critical sources providing tripwires and intelligence that protect the United States against our foreign adversaries. The loss in productivity and pertinent intelligence is immeasurable.β</code><code>My federal law enforcement source mentioned his agency also was unable to pay confidential informants for their help with ongoing investigations.</code><code>βWe are having the same problems like not being able to pay informants, no travel, critical case coordination meetings postponed, and no procurements to further the mission,β the source said.</code><code>The extended shutdown directly affects more than 800,000 workers, many of them furloughed or required to work without pay. Some federal employees, now missing at least two back-to-back paychecks, are having trouble keeping food on the table. CNN reports that FBI field offices across the country are opening food banks to help support special agents and staff struggling without pay.</code><code>An extended lack of pay is forcing many agents to seek side hustles and jobs, despite rules that seek to restrict such activity, according to media reports. Missing multiple paychecks also can force investigators to take on additional debt. This is potentially troublesome because excess debt down the road can lead to problems keeping oneβs security clearances.</code><code>Excessive debt is a threat to clearances because it can make people more susceptible to being drawn into illegal activities or taking bribes for money, which in turn may leave them vulnerable to extortion. Indeed, this story from Clearancejobs.com observes that the shutdown may be inadvertently creating new recruiting opportunities for foreign intelligence operatives.</code><code>βIf you are a hostileβ¦
<code>The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.</code><code>Media</code><code>One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown βis crushing our ability to take the fight to cyber criminals.β</code><code>βThe talent drain after this is finally resolved will cost us five years,β said the source, who asked to remain anonymous because he was not authorized to speak to the news media. βLiterally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.β</code><code>The source said his agency canβt even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.</code><code>βInvestigators who are eligible to retire or who simply wish to walk away from their job arenβt retiring or quitting now because they canβt even be processed out due to furlough of the organizationβs human resources people,β the source said. βThese are criminal investigations involving national security. Itβs also a giant distraction and people arenβt as focused.β</code><code>The sourceβs comments echoed some of the points made in a 72-page report (PDF) released this week by the FBI Agents Association, a group that advocates on behalf of active and retired FBI special agents.</code><code>βToday we have no funds for making Confidential Human Source payments,β reads a quote from the FBIAA report, attributed to an agent in the FBIβs northeast region. βIn my situation, I have two sources that support our national security cyber mission that no longer have funding. They are critical sources providing tripwires and intelligence that protect the United States against our foreign adversaries. The loss in productivity and pertinent intelligence is immeasurable.β</code><code>My federal law enforcement source mentioned his agency also was unable to pay confidential informants for their help with ongoing investigations.</code><code>βWe are having the same problems like not being able to pay informants, no travel, critical case coordination meetings postponed, and no procurements to further the mission,β the source said.</code><code>The extended shutdown directly affects more than 800,000 workers, many of them furloughed or required to work without pay. Some federal employees, now missing at least two back-to-back paychecks, are having trouble keeping food on the table. CNN reports that FBI field offices across the country are opening food banks to help support special agents and staff struggling without pay.</code><code>An extended lack of pay is forcing many agents to seek side hustles and jobs, despite rules that seek to restrict such activity, according to media reports. Missing multiple paychecks also can force investigators to take on additional debt. This is potentially troublesome because excess debt down the road can lead to problems keeping oneβs security clearances.</code><code>Excessive debt is a threat to clearances because it can make people more susceptible to being drawn into illegal activities or taking bribes for money, which in turn may leave them vulnerable to extortion. Indeed, this story from Clearancejobs.com observes that the shutdown may be inadvertently creating new recruiting opportunities for foreign intelligence operatives.</code><code>βIf you are a hostileβ¦
ATENTIONβΌ New - CVE-2017-17836
π Read
via "National Vulnerability Database".
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-17835
π Read
via "National Vulnerability Database".
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15720
π Read
via "National Vulnerability Database".
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.π Read
via "National Vulnerability Database".
β Malware in Ad-Based Images Targets Mac Users β
π Read
via "Threatpost | The first stop for security news".
Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted.π Read
via "Threatpost | The first stop for security news".
Threat Post
Malware in Ad-Based Images Targets Mac Users
Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted.
π Phishing and spearphishing: A cheat sheet for business professionals π
π Read
via "Security on TechRepublic".
When criminals use technology to propagate social engineering attacks, securing your organization can become complicated. Here's what you need to know about phishing and spearphishing.π Read
via "Security on TechRepublic".
TechRepublic
Phishing and spearphishing: A cheat sheet for business professionals
When criminals use technology to propagate social engineering attacks, securing your organization can become complicated. Here's what you need to know about phishing and spearphishing.
β Redaman Spams Russian Banking Customers with Rotating Tactics β
π Read
via "Threatpost | The first stop for security news".
The banking trojan hides its misdeeds with a rotating set of tactics.π Read
via "Threatpost | The first stop for security news".
Threat Post
Redaman Spams Russian Banking Customers with Rotating Tactics
The banking trojan hides its misdeeds with a rotating set of tactics.
π How to reset local user passwords from the macOS recovery partition π
π Read
via "Security on TechRepublic".
Mac admins or users savvy around Terminal can easily reset a password and have the affected account back to work within minutes.π Read
via "Security on TechRepublic".
TechRepublic
How to reset local user passwords from the macOS recovery partition
Mac admins or users savvy around Terminal can easily reset a password and have the affected account back to work within minutes.
π΄ Aging PCs Running Out-of-Date Software Bring Security Worries π΄
π Read
via "Dark Reading: ".
Age is an issue with application languages and frameworks, too.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ 'Anatova' Emerges as Potentially Major New Ransomware Threat π΄
π Read
via "Dark Reading: ".
Modular design, ability to infect network shares make the malware dangerous, McAfee says.π Read
via "Dark Reading: ".
Dark Reading
'Anatova' Emerges as Potentially Major New Ransomware Threat
Modular design, ability to infect network shares make the malware dangerous, McAfee says.
π΄ 'Anatova' Emerges as Potentially Major New Ransomware Threat π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
'Anatova' Emerges as Potentially Major New Ransomware Threat
Modular design, ability to infect network shares make the malware dangerous, McAfee says.
π΄ DHS Issues Emergency Directive on DNS Security π΄
π Read
via "Dark Reading: ".
All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign.π Read
via "Dark Reading: ".
Darkreading
DHS Issues Emergency Directive on DNS Security
All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign.
ATENTIONβΌ New - CVE-2018-0187
π Read
via "National Vulnerability Database".
A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system.π Read
via "National Vulnerability Database".
π Hackers impersonate these 10 brands the most in phishing attacks π
π Read
via "Security on TechRepublic".
Phishers often spoof major tech brands in their efforts to gain payments from individuals and businesses, according to a Vade Secure report.π Read
via "Security on TechRepublic".
TechRepublic
Hackers impersonate these 10 brands the most in phishing attacks
Phishers often spoof major tech brands in their efforts to gain payments from individuals and businesses, according to a Vade Secure report.
β βProceed with cautionβ: Microsoft browser says Mail Online is untrustworthy β
π Read
via "Naked Security".
Hanging up on the fact-checkers probably isn't the best way for a news outlet to assure them that it's trustworthy.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Update now! Apple releases first 2019 iOS and macOS patches β
π Read
via "Naked Security".
Apple has issued its January security updates fixing a list of mostly shared CVE flaws affecting iOS and macOS with a smattering for Safari, watchOS, tvOS, and iCloud for Windows.π Read
via "Naked Security".
Naked Security
Update now! Apple releases first 2019 iOS and macOS patches
Apple has issued its January security updates fixing a list of mostly shared CVE flaws affecting iOS and macOS with a smattering for Safari, watchOS, tvOS, and iCloud for Windows.
π 3 enterprise cybersecurity trends CISOs must pay attention to π
π Read
via "Security on TechRepublic".
With the CISO at the table, organizations must focus on products, processes, and people to stay secure, according to the executive director of the National Cyber Security Alliance.π Read
via "Security on TechRepublic".
TechRepublic
3 enterprise cybersecurity trends CISOs must pay attention to
With the CISO at the table, organizations must focus on products, processes, and people to stay secure, according to the executive director of the National Cyber Security Alliance.