π΄ Attackers Exploit MSP's Tools to Distribute Ransomware π΄
π Read
via "Dark Reading: ".
Early information suggests threat actors gained access to the managed service provider's remote monitoring and management tools and used them to attack the firm's clients.π Read
via "Dark Reading: ".
Darkreading
Customers of 3 MSPs Hit in Ransomware Attacks
Early information suggests threat actors gained access to remote monitoring and management tools from Webroot and Kaseya to distribute malware.
β Government is exposing identities of child abuse victims β
π Read
via "Naked Security".
DHS and FBI investigators are using Facebook profile IDs in court records - IDs that are easily used to look up their profile pages.π Read
via "Naked Security".
Naked Security
Government is exposing identities of child abuse victims
DHS and FBI investigators are using Facebook profile IDs in court records β IDs that are easily used to look up their profile pages.
β Florida city will pay over $600,000 to ransomware attackers β
π Read
via "Naked Security".
Riviera Beach, Florida, has agreed to pay attackers over $600,000 three weeks after its systems were crippled by ransomware.π Read
via "Naked Security".
Naked Security
Florida city will pay over $600,000 to ransomware attackers
Riviera Beach, Florida, has agreed to pay attackers over $600,000 three weeks after its systems were crippled by ransomware.
β Millions of Dell PCs Vulnerable to Flaw in Third-Party Component β
π Read
via "Threatpost".
A component in SupportAssist software pre-installed on Dell PCs - and other OEM devices - opens systems up to DLL hijacking attacks.π Read
via "Threatpost".
Threat Post
Millions of Dell PCs Vulnerable to Flaw in Third-Party Component
A component in SupportAssist software pre-installed on Dell PCs - and other OEM devices - opens systems up to DLL hijacking attacks.
π OEM diagnostic software used by Dell and other manufacturers has a serious security flaw π
π Read
via "Security on TechRepublic".
SupportAssist, which comes pre-installed on millions of Dell PCs, is based on a platform called PC-Doctor, and it can be abused to give attackers system-level access to hardware and software.π Read
via "Security on TechRepublic".
TechRepublic
OEM diagnostic software used by Dell and other manufacturers has a serious security flaw
SupportAssist, which comes pre-installed on millions of Dell PCs, is based on a platform called PC-Doctor, and it can be abused to give attackers system-level access to hardware and software.
β Used Nest cams were letting previous owners spy on you β
π Read
via "Naked Security".
Google says it's fixed the issue, but we haven't heard details on how many, and which, products were affected.π Read
via "Naked Security".
Naked Security
Used Nest cams were letting previous owners spy on you
Google says itβs fixed the issue, but we havenβt heard details on how many, and which, products were affected.
π΄ Attackers Exploit MSP's Tools to Distribute Ransomware π΄
π Read
via "Dark Reading: ".
Early information suggests threat actors gained access to the managed service provider's remote monitoring and management tools and used them to attack the firm's clients.π Read
via "Dark Reading: ".
Darkreading
Customers of 3 MSPs Hit in Ransomware Attacks
Early information suggests threat actors gained access to remote monitoring and management tools from Webroot and Kaseya to distribute malware.
β Microsoft uses AI to push Windows 10 upgrade to users β
π Read
via "Naked Security".
From November, users running some versions of Windows 10 will be required to upgrade or find themselves unable to receive security updates.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π KGB agents' wearables: Watches, cufflinks, shoes, and more π
π Read
via "Security on TechRepublic".
The KGB Espionage Museum's curator Agne Urbaityte describes how agents concealed spying devices in what they wore when working in the field.π Read
via "Security on TechRepublic".
TechRepublic
KGB agents' wearables: Watches, cufflinks, shoes, and more
The KGB Espionage Museum's curator Agne Urbaityte describes how agents concealed spying devices in what they wore when working in the field.
π΄ Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia π΄
π Read
via "Dark Reading: ".
This special October event in Alexandria, Virginia offers unique, practical courses in everything from data breach response to military strategy for cybersecurity.π Read
via "Dark Reading: ".
Dark Reading
Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia
This special October event in Alexandria, Virginia offers unique, practical courses in everything from data breach response to military strategy for cybersecurity.
β Mozilla Fixes Second Actively-Exploited Firefox Flaw β
π Read
via "Threatpost".
Mozilla has patched a second actively-exploited vulnerability in Firefox this week.π Read
via "Threatpost".
Threat Post
Mozilla Fixes Second Actively-Exploited Firefox Flaw
Mozilla has patched a second actively-exploited vulnerability in Firefox this week.
π΄ Patrolling the New Cybersecurity Perimeter π΄
π Read
via "Dark Reading: ".
Remote work and other developments demand a shift to managing people rather than devices.π Read
via "Dark Reading: ".
Darkreading
Patrolling the New Cybersecurity Perimeter
Remote work and other developments demand a shift to managing people rather than devices.
π The KGB's eavesdropping and spying devices in everyday items π
π Read
via "Security on TechRepublic".
The KGB Espionage Museum's curator Agne Urbaityte explains why and how plates and ashtrays were used as eavesdropping and spying devices.π Read
via "Security on TechRepublic".
TechRepublic
The KGB's eavesdropping and spying devices in everyday items
The KGB Espionage Museum's curator Agne Urbaityte explains why and how plates and ashtrays were used as eavesdropping and spying devices.
π΄ Startup Raises $13.7M to Stop Breaches with Behavioral Analytics π΄
π Read
via "Dark Reading: ".
TrueFort plans to use the funding to expand sales, marketing, R&D, customer support, and go-to-market initiatives.π Read
via "Dark Reading: ".
Dark Reading
Startup Raises $13.7M to Stop Breaches with Behavioral Analytics
TrueFort plans to use the funding to expand sales, marketing, R&D, customer support, and go-to-market initiatives.
ATENTIONβΌ New - CVE-2016-7404
π Read
via "National Vulnerability Database".
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.π Read
via "National Vulnerability Database".
π΄ Pledges to Not Pay Ransomware Hit Reality π΄
π Read
via "Dark Reading: ".
While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.π Read
via "Dark Reading: ".
Darkreading
Pledges to Not Pay Ransomware Hit Reality
While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.
π Friday Five: 6/21 Edition π
π Read
via "Subscriber Blog RSS Feed ".
A $600,000 ransom is paid, a phishing attack yields more victims than expected, and a trio of university data breaches - catch up on the week's news with this roundup!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 6/21 Edition
A $600,000 ransom is paid, a phishing attack yields more victims than expected, and a trio of university data breaches - catch up on the week's news with this roundup!
π΄ Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities π΄
π Read
via "Dark Reading: ".
Four new CVEs present issues that have a potential DoS impact on almost every Linux user.π Read
via "Dark Reading: ".
Darkreading
Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities
Four new CVEs present issues that have a potential DoS impact on almost every Linux user.
ATENTIONβΌ New - CVE-2017-15694
π Read
via "National Vulnerability Database".
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.π Read
via "National Vulnerability Database".
π΄ Cyber-Risks Hiding Inside Mobile App Stores π΄
π Read
via "Dark Reading: ".
As the number of blacklisted apps on Google Play continues to drop, attackers find new ways to compromise smartphones.π Read
via "Dark Reading: ".
Darkreading
Cyber-Risks Hiding Inside Mobile App Stores
As the number of blacklisted apps on Google Play continues to drop, attackers find new ways to compromise smartphones.
β Podcast: Dating App Privacy and NASA Cyberattack β
π Read
via "Threatpost".
The Threatpost team discusses the top news of the week - from a NASA cyberincident to dating app privacy issues.π Read
via "Threatpost".
Threat Post
Podcast: Dating App Privacy and NASA Cyberattack
The Threatpost team discusses the top news of the week - from a NASA cyberincident to dating app privacy issues.