π΄ Security Bugs in Video Chat Tools Enable Remote Attackers π΄
π Read
via "Dark Reading: ".
Lifesize is issuing a hotfix to address vulnerabilities in its enterprise collaboration devices, which could give hackers a gateway into target organizations.π Read
via "Dark Reading: ".
Darkreading
Security Bugs in Video Chat Tools Enable Remote Attackers
Lifesize is issuing a hotfix to address vulnerabilities in its enterprise collaboration devices, which could give hackers a gateway into target organizations.
π΄ 4 Payment Security Trends for 2019 π΄
π Read
via "Dark Reading: ".
Visa's chief risk officer anticipates some healthy changes ahead.π Read
via "Dark Reading: ".
Dark Reading
4 Payment Security Trends for 2019
Visa's chief risk officer anticipates some healthy changes ahead.
β ThreatList: Latest DDoS Trends by the Numbers β
π Read
via "Threatpost | The first stop for security news".
Trends in DDoS attacks show a evolution beyond Mirai code and point to next-gen botnets that are better hidden and have a greater level of persistence on devices β making them "far more dangerous."π Read
via "Threatpost | The first stop for security news".
Threat Post
ThreatList: Latest DDoS Trends by the Numbers
Trends in DDoS attacks show a evolution beyond Mirai code and point to next-gen botnets that are better hidden and have a greater level of persistence on devices β making them "far more dangerous".
β Apple Fixes Pesky FaceTime Bug in iOS 12.1.4 Update β
π Read
via "Threatpost | The first stop for security news".
Apple's iOS 12.1.4 fixes a FaceTime bug that made headlines last week.π Read
via "Threatpost | The first stop for security news".
Threat Post
Apple Fixes Pesky FaceTime Bug in iOS 12.1.4 Update
Apple's iOS 12.1.4 fixes a FaceTime bug that made headlines last week.
π΄ Apple Patches Group FaceTime Flaw π΄
π Read
via "Dark Reading: ".
Teenaged Fortnite player gets credit for finding the bug.π Read
via "Dark Reading: ".
Dark Reading
Apple Patches Group FaceTime Flaw
Teenaged Fortnite player gets credit for finding the bug.
π΄ Carbonite Announces Webroot Purchase π΄
π Read
via "Dark Reading: ".
The purchase will add WebRoot's cloud-based security to the cloud-based data backup and recovery platform of Carbonite.π Read
via "Dark Reading: ".
Dark Reading
Carbonite Announces Webroot Purchase
The purchase will add WebRoot's cloud-based security to the cloud-based data backup and recovery platform of Carbonite.
π΄ Ransomware Attack Via MSP Locks Customers Out of Systems π΄
π Read
via "Dark Reading: ".
Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.π Read
via "Dark Reading: ".
Darkreading
Ransomware Attack Via MSP Locks Customers Out of Systems
Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
β Facebook ordered to keep apps data separate without user consent β
π Read
via "Naked Security".
So much for creating a three-headed Cerberus marketing-happy chat dog! Also, we'll soon see the who-what-huh? behind the ads we're shown.π Read
via "Naked Security".
Naked Security
Facebook ordered to keep apps separate unless users opt in to sharing
So much for creating a three-headed Cerberus marketing-happy chat dog! Also, weβll soon see the who-what-huh? behind the ads weβre shown.
β Police demands Waze stop pinpointing their checkpoints β
π Read
via "Naked Security".
Waze users are helping intoxicated drivers to evade checkpoints and could thus be "engaging in criminal conduct," say police.π Read
via "Naked Security".
Naked Security
Police tell Waze to stop pinpointing their checkpoints
Waze users are helping intoxicated drivers to evade checkpoints and could thus be βengaging in criminal conduct,β say police.
β Student gets creative with data accidentally blasted out by university β
π Read
via "Naked Security".
A university employee accidentally emailed a spreadsheet containing personal information on every one of the college's 4,557 students.π Read
via "Naked Security".
Naked Security
Student gets creative with data accidentally blasted out by university
A university employee accidentally emailed a spreadsheet containing personal information on every one of the collegeβs 4,557 students.
π Infographic: The death of passwords π
π Read
via "Security on TechRepublic".
Enterprises need to start preparing for a future without traditional passwords, according to LoginRadius.π Read
via "Security on TechRepublic".
β Child abuse imagery found in cryptocurrency blockchain β
π Read
via "Naked Security".
For the second time in a year, illegal child abuse images have been spotted inside a blockchain. According to a post by web blockchain payments system Money Button, on 30 January its service was abused to place βillegal contentβ inside the Bitcoin Satoshi Vision (BSV) ledger, a recent cryptocurrency hard fork from Bitcoin Cash [BCH]. [β¦]π Read
via "Naked Security".
Naked Security
Child abuse imagery found in cryptocurrency blockchain
For the second time in a year, illegal child abuse images have been spotted inside a blockchain. According to a post by web blockchain payments system Money Button, on 30 January its service was abβ¦
<b>⌨ Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions ⌨</b>
<code>A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.</code><code>The USA Patriot Act, passed in the wake of the terror attacks of Sept 11, 2001, requires all financial institutions to appoint at least two Bank Secrecy Act (BSA) contacts responsible for reporting suspicious financial transactions that may be associated with money laundering. U.S. credit unions are required to register these BSA officers with the NCUA.</code><code>On the morning of Wednesday, Jan. 30, BSA officers at credit unions across the nation began receiving emails spoofed to make it look like they were sent by BSA officers at other credit unions. The missives addressed each contact by name, claimed that a suspicious transfer from one of the recipient credit unionβs customers was put on hold for suspected money laundering, and encouraged recipients to open an attached PDF to review the suspect transaction.</code><code>Media</code><code>One of the many variations on the malware-laced targeted phishing email sent to dozens of credit unions across the nation last week.</code><code>The phishing emails contained grammatical errors and were sent from email addresses not tied to the purported sending credit union. It is not clear if any of the BSA officers who received the messages actually clicked on the attachment, although one credit union source reported speaking with a colleague who feared a BSA contact at their institution may have fallen for the ruse.</code><code>One source at an association that works with multiple credit unions who spoke with KrebsOnSecurity on condition of anonymity said many credit unions are having trouble imagining another source for the recipient list other than the NCUA.</code><code>βI tried to think of any public ways that the scammers might have received a list of BSA officers, but sites like LinkedIn require contact through the site itself,β the source said. βCUNA [the Credit Union National Association] has BSA certification schools, but they certify state examiners and trade association staff (like me), so non-credit union employees that utilize the school should have received these emails if the list came from them. As far as we know, only credit union BSA officers have received the emails. I havenβt seen anyone who received the email say they were not a BSA officer yet.β</code><code>βWonder where they got the list of BSA contacts at all of our credit unions,β said another credit union source. βThey sent it to our BSA officer, and [omitted] said they sent it to her BSA officers.β A BSA officer at a different credit union said their IT department had traced the source of the message they received back to Ukraine.</code><code>The NCUA has not responded to multiple requests for comment since Monday. The agencyβs instructions for mandatory BSA reporting (PDF) state that the NCUA will not release BSA contact information to the public. Officials with CUNA also did not respond to requests for comment.</code><code>A notice posted by the U.S. Treasury Departmentβs Financial Crimes Enforcement Network (FinCEN) said the bureau was aware of the phishing campaign, and was urging financial institutions to disregard the missives.</code><code>The latest scam comes amid a significant rise in successful phishing attacks, according to a non-public alert sent in late January by the U.S. Secret Service to financial institutions nationwide. βThe Secret Service is observing a noticeable increase in successful large-scale phishing attacks targetingβ¦
<code>A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.</code><code>The USA Patriot Act, passed in the wake of the terror attacks of Sept 11, 2001, requires all financial institutions to appoint at least two Bank Secrecy Act (BSA) contacts responsible for reporting suspicious financial transactions that may be associated with money laundering. U.S. credit unions are required to register these BSA officers with the NCUA.</code><code>On the morning of Wednesday, Jan. 30, BSA officers at credit unions across the nation began receiving emails spoofed to make it look like they were sent by BSA officers at other credit unions. The missives addressed each contact by name, claimed that a suspicious transfer from one of the recipient credit unionβs customers was put on hold for suspected money laundering, and encouraged recipients to open an attached PDF to review the suspect transaction.</code><code>Media</code><code>One of the many variations on the malware-laced targeted phishing email sent to dozens of credit unions across the nation last week.</code><code>The phishing emails contained grammatical errors and were sent from email addresses not tied to the purported sending credit union. It is not clear if any of the BSA officers who received the messages actually clicked on the attachment, although one credit union source reported speaking with a colleague who feared a BSA contact at their institution may have fallen for the ruse.</code><code>One source at an association that works with multiple credit unions who spoke with KrebsOnSecurity on condition of anonymity said many credit unions are having trouble imagining another source for the recipient list other than the NCUA.</code><code>βI tried to think of any public ways that the scammers might have received a list of BSA officers, but sites like LinkedIn require contact through the site itself,β the source said. βCUNA [the Credit Union National Association] has BSA certification schools, but they certify state examiners and trade association staff (like me), so non-credit union employees that utilize the school should have received these emails if the list came from them. As far as we know, only credit union BSA officers have received the emails. I havenβt seen anyone who received the email say they were not a BSA officer yet.β</code><code>βWonder where they got the list of BSA contacts at all of our credit unions,β said another credit union source. βThey sent it to our BSA officer, and [omitted] said they sent it to her BSA officers.β A BSA officer at a different credit union said their IT department had traced the source of the message they received back to Ukraine.</code><code>The NCUA has not responded to multiple requests for comment since Monday. The agencyβs instructions for mandatory BSA reporting (PDF) state that the NCUA will not release BSA contact information to the public. Officials with CUNA also did not respond to requests for comment.</code><code>A notice posted by the U.S. Treasury Departmentβs Financial Crimes Enforcement Network (FinCEN) said the bureau was aware of the phishing campaign, and was urging financial institutions to disregard the missives.</code><code>The latest scam comes amid a significant rise in successful phishing attacks, according to a non-public alert sent in late January by the U.S. Secret Service to financial institutions nationwide. βThe Secret Service is observing a noticeable increase in successful large-scale phishing attacks targetingβ¦
β iPhone apps record your screen sessions without asking β
π Read
via "Naked Security".
Absent from privacy policies, the tracking came to light after a breach with Air Canada's mobile app, then password slurping from Mixpanel.π Read
via "Naked Security".
Naked Security
iPhone apps record your screen sessions without asking
Absent from privacy policies, the tracking came to light after a breach with Air Canadaβs mobile app, then password slurping from Mixpanel.
π iPhone snooping: Apple cracks down on apps that secretly record taps, keystrokes π
π Read
via "Security on TechRepublic".
iOS app developers have been capturing how users interact with screens without gaining user consent.π Read
via "Security on TechRepublic".
TechRepublic
iPhone snooping: Apple cracks down on apps that secretly record taps, keystrokes
iOS app developers have been capturing how users interact with screens without gaining user consent.
π΄ Cyberattack Hits Australian Parliament π΄
π Read
via "Dark Reading: ".
Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.π Read
via "Dark Reading: ".
Darkreading
Cyberattack Hits Australian Parliament
Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.
β FireOS Flaw Allowed Limited Content Injection in Amazon Tablets β
π Read
via "Threatpost | The first stop for security news".
A vulnerability in FireOS, the Amazon Fire Tablet's operating system, has been patched.π Read
via "Threatpost | The first stop for security news".
Threat Post
FireOS Flaw Allowed Limited Content Injection in Amazon Tablets
A vulnerability in FireOS, the Kindle's operating system, has been patched.
π΄ We Need More Transparency in Cybersecurity π΄
π Read
via "Dark Reading: ".
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.π Read
via "Dark Reading: ".
Dark Reading
We Need More Transparency in Cybersecurity
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
β Android vulnerabilities open Pie to booby-trapped image attacks β
π Read
via "Naked Security".
A trio of bugs could have opened Android 7, 8 and 9 to remote attackers wielding booby-trapped image files. Here's what you need to know...π Read
via "Naked Security".
Naked Security
Android vulnerabilities open Pie to booby-trapped image attacks
A trio of bugs could have opened Android 7, 8 and 9 to remote attackers wielding booby-trapped image files. Hereβs what you need to knowβ¦
π΄ A Dog's Life: Dark Reading Caption Contest Winners π΄
π Read
via "Dark Reading: ".
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...π Read
via "Dark Reading: ".
Dark Reading
A Dog's Life: Dark Reading Caption Contest Winners
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
π Longest DDoS attack since 2015 lasts 329 hours π
π Read
via "Security on TechRepublic".
While the number of DDoS attacks have declined, they have become much more sophisticated, according to a Kaspersky Lab report.π Read
via "Security on TechRepublic".
TechRepublic
Longest DDoS attack since 2015 lasts 329 hours
While the number of DDoS attacks have declined, they have become much more sophisticated, according to a Kaspersky Lab report.