📢 US government sanctions crypto-exchange Chatex over ransomware allegations 📢
📖 Read
via "ITPro".
Treasury department moves to sanction another exchange following restriction of Suex in September📖 Read
via "ITPro".
IT PRO
US Treasury sanctions crypto exchange Chatex over ransomware ties | IT PRO
The move comes after the US government sanctioned the Suex exchange in September
📢 Proofpoint impersonator steal Microsoft, Google logins in phishing campaign 📢
📖 Read
via "ITPro".
Clever hackers dodged Microsoft security by pretending to be a cyber security firm📖 Read
via "ITPro".
ITPro
Proofpoint impersonator steal Microsoft, Google logins in phishing campaign
Clever hackers dodged Microsoft security by pretending to be a cyber security firm
📢 Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack 📢
📖 Read
via "ITPro".
UK researcher Sam Thomas won the Pwn2Own bounty using a "unique three-bug chain"📖 Read
via "ITPro".
IT PRO
Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack | IT PRO
UK researcher Sam Thomas won the Pwn2Own bounty using a "unique three-bug chain"
📢 Counting the consequences of cyber attacks 📢
📖 Read
via "ITPro".
How can governments respond to the growing risk of online attacks by hostile nations?📖 Read
via "ITPro".
IT PRO
Counting the consequences of cyber attacks | IT PRO
How can governments respond to the growing risk of online attacks by hostile nations?
📢 Fake Steam phishing baits victims with free Discord Nitro 📢
📖 Read
via "ITPro".
Victims end up on a fake page where their credentials are stolen📖 Read
via "ITPro".
IT PRO
Fake Steam phishing baits victims with free Discord Nitro | IT PRO
Victims end up on a fake page where their credentials are stolen
📢 US offers $10 million for information on BlackMatter ransomware operators 📢
📖 Read
via "ITPro".
The sizeable reward will be given to anyone who can aid the investigation into those believed to be behind the Colonial Pipeline attack📖 Read
via "ITPro".
IT PRO
US offers $10 million for information on BlackMatter ransomware operators | IT PRO
The sizeable reward will be given to anyone who can aid the investigation into those believed to be behind the Colonial Pipeline attack
📢 IoT privacy and security concerns 📢
📖 Read
via "ITPro".
We take a look at what's needed to really secure internet-connected devices📖 Read
via "ITPro".
IT PRO
IoT privacy and security concerns | IT PRO
We take a look at what's needed to really secure internet-connected devices
📢 CISA gives civilian agencies two weeks to patch recent security exploits 📢
📖 Read
via "ITPro".
A total of 291 vulnerabilities have been detailed in an attempt to improve federal agency cyber security📖 Read
via "ITPro".
IT PRO
CISA gives civilian agencies two weeks to patch recent security exploits | IT PRO
A total of 291 vulnerabilities have been detailed in an attempt to improve federal agency cyber security
📢 161% surge in mobile phishing pushes energy industry to its limits 📢
📖 Read
via "ITPro".
Following Colonial Pipeline, crooks get a taste for energy companies📖 Read
via "ITPro".
IT PRO
161% surge in mobile phishing pushes energy industry to its limits | IT PRO
Following Colonial Pipeline, crooks get a taste for energy companies
📢 Labour Party unable to access data after suspected cyber attack on managed service provider 📢
📖 Read
via "ITPro".
The incident is being investigated by both the National Crime Agency and the Information Commissioner's Office📖 Read
via "ITPro".
IT PRO
Labour Party unable to access data after suspected cyber attack on managed service provider | IT PRO
The incident is being investigated by both the National Crime Agency and the Information Commissioner's Office
📢 Robinhood hack exposes data from millions of customers 📢
📖 Read
via "ITPro".
An attacker socially engineered an employee at the stock-trading platform to gain access to customer support systems📖 Read
via "ITPro".
IT PRO
Robinhood hack exposes data from millions of customers | IT PRO
An attacker socially engineered an employee at the stock-trading platform to gain access to customer support systems
📢 A third of UK workers are surveilled by employers 📢
📖 Read
via "ITPro".
The sharp rise in surveillance comes as it's revealed webcam monitoring has more than doubled📖 Read
via "ITPro".
IT PRO
A third of UK workers are surveilled by employers | IT PRO
The sharp rise in surveillance comes as it's revealed webcam monitoring has more than doubled
📢 IT Pro News In Review: Microsoft pitches 'metaverse', Graff's celebrity data leak, Meta facial recognition 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
ITPro
IT Pro News In Review: Microsoft pitches 'metaverse', Graff's celebrity data leak, Meta facial recognition
Catch up on the biggest headlines of the week in just two minutes
❌ 12 New Flaws Used in Ransomware Attacks in Q3 ❌
📖 Read
via "Threat Post".
The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021.📖 Read
via "Threat Post".
Threat Post
12 New Flaws Used in Ransomware Attacks in Q3
The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021.
🕴 How to Minimize Ransomware's Trail of Destruction and Its Associated Costs 🕴
📖 Read
via "Dark Reading".
One of the biggest mistakes an organization can make is blindly throwing technology at the problem instead of properly investing in building a security team.📖 Read
via "Dark Reading".
Dark Reading
How to Minimize Ransomware's Trail of Destruction and Its Associated Costs
One of the biggest mistakes an organization can make is blindly throwing technology at the problem instead of properly investing in building a security team.
🕴 Zoho ManageEngine Flaw Highlights Risks of Race to Patch 🕴
📖 Read
via "Dark Reading".
Attackers used a pre-auth vulnerability in a component of the enterprise management software suite to compromise businesses, highlighting the dangers of Internet-facing software.📖 Read
via "Dark Reading".
Dark Reading
Zoho ManageEngine Flaw Highlights Risks of Race to Patch
Attackers used a pre-auth vulnerability in a component of the enterprise management software suite to compromise businesses, highlighting the dangers of Internet-facing software.
🦿 Ransomware attacks are increasingly exploiting security vulnerabilities 🦿
📖 Read
via "Tech Republic".
The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti.📖 Read
via "Tech Republic".
TechRepublic
Ransomware attacks are increasingly exploiting security vulnerabilities
The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti.
🦿 Digital driver's licenses: Are they secure enough for us to trust? 🦿
📖 Read
via "Tech Republic".
States should use a privacy by design approach instead of creating a new system to track purchases and other activities, according to security experts.📖 Read
via "Tech Republic".
TechRepublic
Digital driver's licenses: Are they secure enough for us to trust?
States should use a privacy by design approach instead of creating a new system to track purchases and other activities, according to security experts.
‼ CVE-2021-43172 ‼
📖 Read
via "National Vulnerability Database".
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43173 ‼
📖 Read
via "National Vulnerability Database".
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43174 ‼
📖 Read
via "National Vulnerability Database".
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element.📖 Read
via "National Vulnerability Database".