Sochisi
59 subscribers
7 photos
17.9K links
24x7
Download Telegram
A ransomware attack hit the systems at the Toronto Transit Commission public transportation agency and disrupted its operations.The Toronto Transit Commission announced on Friday that its systems have been infected with ransomware, the attack began on Thursday night and disrupted its activities. At this time, no ransomware gang has taken responsibility for the attack. TTC spokesman, Stuart Green, initially declared that the attack had no significant impact on the transit service, but things have gotten worse since Friday.“Impact was minimal until midday today (Friday) when hackers broadened their strike on network servers,” reads a press release published by the agency.The security breach impacted the agency’s internal email server, the Wheel-Trans bookings, the vehicle information on platform screens, apps, and the TTC Vision communication system, along with other internal systems.The drivers were forced to communicate using a classic radio-based communication system.The TTC also announced to have canceled a Saturday subway closure on Line 1 between St. Clair and College stations which was going to be used to complete track work.“The full extent of the attack is being looked into and the TTC is working with law enforcement and cybersecurity experts on this matter. The City of Toronto’s IT Services department has also been consulted.” continues the statement. The #TTC was the victim of an IT system breach today. No significant service impact and the transit system remains safe.
Work underway to resolve the issue.
Our statement below… pic.twitter.com/3fAzOh3fde— TTCStuart 🚈🗣 (@TTCStuart) October 29, 2021The public transportation routes were not impacted by the incident. TTC reported the incident to the authorities and an investigation is still ongoing. This isn’t the first ransomware attack that hit the public transportation systems in Canada. In October 2020, an attack hit Montreal’s STM, and two months later another attack hit Metro Vancouver’s transportation agency TransLink.Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini(SecurityAffairs – hacking, ransomware)
A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed "Trojan Source attacks," the technique "exploits subtleties in text-encoding standards such as Unicode to produce sourceMedia

via listcisos https://bit.ly/3CFUsC2
The smartphone revolution was supposed to provide a second chance for the tech industry to roll out a secure computing platform. These new devices were purported to be locked down and immune to malware, unlike buggy PCs and vulnerable servers.But it turns out that phones are still computers and their users are still people, and computers and people will always be weak links. We spoke to a number of security experts to help you get a sense of the most common ways attackers might go about breaking into the powerful computers in your users’ pockets. This should hopefully give you perspective on potential vulnerabilities.7 ways to hack a phoneSocial engineeringMalvertisingSmishingMalwarePretextingBreaking in via BluetoothMan-in-the-middle Wi-Fi attacks1. Social engineering
The easiest way for any hacker to break into any device is for the user to open the door themselves. Making that happen is easier said than done, of course, but it's the goal of most forms of social engineering attacks.To read this article in full, please click here

via listcisos https://bit.ly/3BHHmTk
Cybersecurity buzzwords and buzz phrases are a dime a dozen. Used to simplify complex terminology or boost sales and marketing campaigns, buzzwords are an inescapable reality for an innovative and fast-paced industry like information security. However, such terms are not always helpful and can be inaccurate, outdated, misleading, or even risk causing harm. For example, a buzzword that exploits fear, uncertainty and doubt to maximize a profit-led agenda can be damaging, while a legitimate, once-useful term may become outdated, with continued use and reliance upon it hampering more evolved understandings of the root issue.[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ]Here are the 11 cybersecurity buzzwords and phrases that should be laid to rest in 2021.To read this article in full, please click here

via listcisos https://bit.ly/2ZI3QGz
Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patchedMedia

via listcisos https://bit.ly/3BF84My
MediaeCommerce affiliate networks allow the bloggers to promote the offers and earn money. This profitable niche can help in obtaining high payouts by promoting websites, gadgets, and offers. These affiliate programs are not much popular, but proficient bloggers in the field can leverage them. Many top brands offer eCommerce affiliate programs for cost-effective bloggers, track...The post Join these 5 Ecommerce Platform Affiliate Programs and Make Money appeared first on Geekflare.

via listcisos https://bit.ly/2ZNBquH
A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution.Media

via listcisos https://bit.ly/31iUnGp
Ever wonder what the state of cybersecurity in 2031 will look like? While 10 years may seem a long way into the future, the speed at which the industry is evolving is sure to make the next decade fly by. Predicting the future of cybersecurity isn’t about looking into the crystal ball merely for fun. By envisioning how the industry will change in 10 years, chief information officers and chief security officers can prepare for future challenges, so they don’t look back and wish they had acted in 2021.As much as I enjoy making predictions, to give this story the best chance at getting things right, I interviewed three top cybersecurity experts for their perspectives on the future of cybersecurity. Tyler Cohen Wood is an author, speaker and former senior intelligence officer with the Defense Intelligence Agency.Roger Grimes is the defense evangelist for KnowBe4 and author of several books about hacking.Troy Hunt is a cybersecurity speaker and trainer. Founder of the popular ‘Have I Been Pwned’ website, he has also testified before Congress about data breaches. We talked about the future of the cloud, passwords, artificial intelligence (AI), data breaches and the skills gap. Take a look at their expert insight on what the industry needs to know about the future of cybersecurity in 2031.<strong>Future of Cybersecurity: Cloud Computing </strong>If there’s one aspect of IT that has experienced the most growth in the last 10 years, it’s undoubtedly the use of cloud. In 2031, cloud can only keep blazing forward. Or can it? Depends on who you ask.According to Hunt, cloud makes it faster, cheaper and easier than ever to put services online and collect huge amounts of data.“But, faster and easier and cheaper than ever means it’s easier to leave it all exposed,” he said. “We are seeing a lot of them go wrong now. I don’t see any of those factors reducing over the next decade. Mostly because there’s just such a high demand for them. Of course, we want cheap, ubiquitous cloud services; of course, we want to connect our washing machines to the internet, and that’s not going to change.”Cohen Wood, however, predicts that the future of cloud computing might be short: the cloud might evaporate in 2031. “I don’t think things will be in the cloud in 10 years; I think things will be back to on-prem,” she said. “There will be more peer-to-peer closed networks. People will figure out how to use blockchain.”She envisions a peer-to-peer system. In it, each network carries different types of traffic for different types of communication. This is not unlike what the intelligence community uses.“You’ll have an unsecure network, a secure network and then you’ll have a very secure network,” she added. However, Cohen Wood said cloud won’t ever go away. “Things will swing [towards on-prem] for a while, but eventually it will swing back to cloud because that’s how it works. History has proven that time and time again.”<strong>The State of Passwords</strong>Ahh, the password. We’ve been <a href="https://securityintelligence.com/posts/long-live-the-password-even-if-you-dont-want-it-to/">discussing</a> its demise for decades. Yet today, we’re amassing them at unprecedented rates. According to Grimes, the same attacks that allow threat actors to steal our passwords will still be the same in 10 years. So, it follows that the password we know and love (or hate) will be alive and well, too.“There are 10 root causes of all hacking and malware exploitation, including social engineering, unpatched software, misconfiguration and eavesdropping,” he said. “The methods used 34 years ago (when I started in the industry) are the same methods used today. They haven’t invented a new way of hacking. So, I believe that passwords will be around at least another 10 years, or two decades, or forever. I’m going to go against the conventional wisdom.” Did Past Predictions Come True?Grimes wrote his first article about the password’s demise thirty years ago, and while he still revisits that…
Investigadores de ciberseguridad revelaron detalles de lo que dicen que es la "red de bots más grande observada en la naturaleza en los últimos seis años", infectando a más de 1,6 millones de dispositivos ubicados principalmente en China, con el objetivo de lanzar ataques distribuidos de denegación de servicio (DDoS) y insertar anuncios en sitios web HTTP visitados por usuarios desprevenidos. El equipo de seguridad de Netlab de Qihoo 360 apodó a la botnet "Pink"según una muestra obtenida el...

Puede leer el contenido completo en https://bit.ly/3izulD8Media MediaMedia

via listcisos https://bit.ly/2Ya4iNn
What browser do you use?There’s a good chance—roughly one in seven—that it’s Google Chrome. And even if you prefer a different browser, there’s a good chance that you’re using something that’s based on Google Chrome, such as Edge, Vivaldi, Chromium, Brave, or Opera.After a decade and and a half of relatively healthy competition between vendors, the World Wide Web is trending towards a browser monoculture. We’ve been there <a href="https://en.wikipedia.org/wiki/Browser_wars#First_Browser_War_(1995%E2%80%932001)">before</a> and history suggests it’s bad news.Last time it was Microsoft in the driver’s seat, and open standards and security were left tumbling about in the rear without a seat belt. This time Google has its hands on the wheel, and it’s our privacy in the back seat, being taken for a ride.Chrome needs a counterweight and, thankfully, it still has one in Apple’s Safari browser. It’s imperfect, for sure, and its glacial pace of development might even be holding us all up, as Scott Gilbertson thoughtfully illustrated in a <a href="https://www.theregister.com/2021/10/22/safari_risks_becoming_the_new_ie/">recent article</a> on The Register. But it might also be the last, best hope for browser privacy we have.Hear me out…How Chrome ate the webGoogle Chrome first appeared in 2008 and rapidly established itself as a browser that couldn’t be ignored, thanks to some catchy marketing on Google’s massive advertising platform. It was an excellent product with a ravenous appetite for market share, and its noisy focus on speed and security forced its rivals to take notice and compete on the same terms. Everyone benefitted.And because none of the major browser vendors had enough market share to “<a href="https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish">embrace, extend and extinguish</a>“, as Microsoft had attempted when Internet Explorer was dominant, everyone was forced to follow the same open standards. This meant that web applications mostly worked the same way, no matter what browser you used.However, as Chrome’s popularity increased, Google was able to exert more and more influence on the web in service of its ad-based business model, to the detriment of users’ privacy.For example, in 2016 Google introduced <a href="https://amp.dev/">AMP</a>, a set of web standards that were designed to make websites faster on mobile devices. In a move that could have come straight out of Redmond circa 1996, the AMP rulebook was written by Google and varied wildly from the open standards everyone had been working towards for the past fifteen years or so.AMP was superficially open, but there was no AMP without Google. To use AMP your pages had to load code from Google-owned domains, debugging your code required Google-owned tools, your pages were stored in a Google-owned cache, and they were displayed under a Google-owned domain, so that users weren’t really on your website anymore, they were looking at your web pages on Google, thank you very much.To incentivise the use of AMP, Google leveraged its search monopoly by creating “reserved” slots at the top of its mobile search rankings that were only available to AMP pages. If you wanted to top the search rankings, you had to play the AMP game.Google pulled another bullish move in 2018 when it decided that logging into and out of a Google website like GMail or YouTube was the same as logging into the Chrome browser, because it could. So instead of being logged into the giant surveillance monster while you were using its websites, you were logged into the giant surveillance monster all the time, unless you remembered to log out of the browser, which of course you didn’t, because people just don’t think about logging in and out of their <em>browser</em>.And then this year we had a great illustration of the bind that Google’s in even when it tries to do the right thing. It’s got the message that users want less tracking and more privacy, but unlike Firefox and Safari, Chrome can’t simply…
Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project.Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat actors to hide vulnerabilities in the source code of a software project. The technique could be exploited to inject stealth malware without impacting the semantics of the source code while changing its logic. <em>“We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers.” reads the paper published by the experts.</em>Trojan Source attacks pose a severe risk to software organizations and could allow supply-chain attacks across the industry.The researchers exploited two vulnerabilities, tracked as CVE-2021-42574 and CVE-2021-42694, that affect compilers of most popular programming languages, including C, C++, C#, Go, Java, JavaScript, Python, and Rust.The researchers discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One of these techniques leverages Unicode directionality override characters to display code as an anagram of its true logic.<a href="https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/11/trojan-source-1.jpg?ssl=1">MediaThe issue concerns Unicode’s bidirectional (or <a href="https://unicode.org/reports/tr9/">Bidi) algorithm which allows supporting both left-to-right (e.g., English) and right-to-left (e.g., Arabic or Hebrew) languages. <em>“Bidi overrides will typically cause a cursor to jump positions on a line when using arrow keys to click through tokens, or to highlight a line of text character-by-character. This is an artifact of the effect of the logical ordering of tokens on many operating systems and Unicode implementations. Such behavior, while producing no visible changes in text, may also be enough to alert some experienced developers.” continues the paper.</em>The researchers demonstrated that an attacker could use control characters embedded in comments and strings and change the logic of the source code by reordering it to trigger the above vulnerabilities.<em>“Bringing all this together, we arrive at a novel supply-chain attack on source code. By injecting Unicode Bidi override characters into comments and strings, an adversary can produce syntactically-valid source code in most modern languages for which the display order of characters presents logic that diverges from the real logic. In effect, we anagram program A into program B.” continues the paper. “Such an attack could be challenging for a human code reviewer to detect, as the rendered source code looks perfectly acceptable.” </em>Expert also warns of varients of the Trojan Source attacks that use homoglyphs, in these attacks threat actors leverage
characters that look the same, such as the Cyrillic letter ‘х’ which typically renders identical to the Latin letter ‘x’ used in English but that occupies a different code point.The attackers could use this trick to create a homoglyph function that seemingly looks similar to the original one but that actually contains a malicious code.“The fact that the Trojan Source vulnerability affects almost all computer languages makes it a rare opportunity for a system-wide and ecologically valid cross-platform and cross-vendor comparison of responses,” concludes the paper.Follow me on Twitter: <a href="https://twitter.com/securityaffairs">@securityaffairs and <a href="https://www.facebook.com/sec.affairs">Facebook <a href="http://www.linkedin.com/pub/pierluigi-paganini/b/742/559">Pierluigi Paganini(<a href="http://se…
adware removal on macWith some of the best adware removal solutions for Mac, you can protect yourself from unwanted pop-ups, advertisements, redirection, and other adware-related performance issues. It isn’t easy to find a program that provides decent adware protection. Some internet security solutions don’t detect adware, other adware removal tools don’t do an excellent job of identifying and...The post 7 Best Adware Removal Tools for Mac appeared first on Geekflare.

via listcisos https://bit.ly/2Y7VSWL
For the last several years, the Verizon DBIR report has identified misconfigurations, errors that are unintended actions by an internal party, as one of the top reasons for data breaches. This trend is further reinforced by the results of a recent survey conducted by Cybersecurity Insiders. They surveyed 613 cybersecurity professionals, and 67% of them identified misconfiguration as the biggest threat to cloud platform security. The danger has not diminished, as evidenced by a recent news article, where ethical hackers found 80 misconfigured Amazon S3 buckets, holding PII data totaling over 1000 GB of data and over 1.6 million files, was accessible without any password nor encryption.Cloud Security Posture Management (CSPM) tools are typically used most use for securing public clouds. CSPM tools utilize the cloud service provider API, the source of truth for your cloud infrastructure, to report whether the configuration of your resources meets the best practices prescribed by various industry groups.  CSPM tools, while effective, have not been able to prevent misconfigurations from creeping up in production environments. The main reason for this is that CSPM tools are reactive, i.e., they detect misconfigurations after the resource is deployed. A hacker can potentially exploit the misconfigured resource from when it was misconfigured to when it is detected and fixed. For organizations with stringent change policies, the time between the detection and remediation can be long, several days to weeks. The bottom line is that traditional CSPM tools will not cut it as they catch these problems too late in the cycle.The real answer is to prevent misconfigurations in the first place – fix the issues at the source. In many cases, that means fixing the misconfigurations in the Infrastructure As Code (IaC) that was used to create the resources. DevOps teams are increasingly using IaC to deploy cloud-native applications and provision their infrastructure. IaC languages, like Terraform, CloudFormation (CF), Azure Resource Manager (ARM), make it easy to express resource configuration. For example, if you want to create a private S3 bucket, you can do so in just a couple of lines of Terraform coderesource “aws_s3_bucket” “bucket” {         Bucket = “my-tf-test-bucket”,      acl = “private”   } The above code appears safe – you are simply creating an S3 bucket and have made it private. While there may not be an issue here, at first sight, you are missing many critical configuration settings in terms of security, like enabling encryptions or access logging. The question then becomes how to prevent the deployment of this template. The answer is to shift security left and embed security automation at each stage of the CI/CD process with built-in automated assessments.Qualys has built a security automation solution for IaC. Qualys is extending CloudView’s capability to assess assets and resources deployed in the cloud for misconfigurations and non-standard deployments to IaC templates. IaC assessment analyzes Terraform, CF, and ARM files and identifies security misconfigurations for resources and services for AWS, Azure, and GCP. IaC assessment can be performed throughout the pipeline – on the source code when it is checked into the source code repository, during the integration phase, and before deployment. IaC assessment can be initiated through multiple means – CLI, API, source code repository plugins, and CI/CD tool plugins. Customers can now assess the security posture earlier in the development cycle, dramatically reducing security risk post-deployment.A few Qualys’ customers have participated in the private beta, and the feedback has been very positive. One of the beta participants, a security engineer responsible for checking IaC templates for security misconfigurations, has moved away from a manual review process to using the IaC assessment tool. They found the CloudView IaC security assessment to be far more comprehensive in detecting …
<a href="https://blog.cloudflare.com/content/images/2021/11/image3-2.png">How we build software at Cloudflare</a><a href="https://blog.cloudflare.com/content/images/2021/11/image3-1.png">How we build software at Cloudflare</a>Cloudflare provides a broad range of products — ranging from security, to performance and serverless compute — which are used by millions of Internet properties worldwide. Often, these products are built by multiple teams in close collaboration and delivering them can be a complex task. So ever wondered how we do so consistently and safely at scale?Software delivery consists of all the activities to get working software into the hands of customers. It’s usual to talk about software delivery with reference to a model, or framework. These provide the scaffolding for most modern software delivery models, although in order to minimise operational friction it’s usual for a company to tailor their approach to suit their business context and culture.For example, a company that designs the autopilot systems for passenger aircraft will require very strict tolerances, as a failure could cost hundreds of lives. They would want a different process to a cutting edge tech startup, who may value time to market over system uptime or stability.Before outlining the approach we use at Cloudflare it’s worth quickly running through a couple of commonly used delivery models.The Waterfall Approach<a href="https://en.wikipedia.org/wiki/Waterfall_model">Waterfall</a> has its foundations (pun intended) in construction and manufacturing. It breaks a project up into phases and presumes that each phase is completed before the next begins. Each phase “cascades” into the next bit like a waterfall, hence the name.<a href="https://blog.cloudflare.com/content/images/2021/11/image2-1.png">How we build software at Cloudflare</a>The main criticism of waterfall approaches arises when flaws are discovered downstream, which may necessitate a return to earlier phases — though this can be managed through governance processes that allows for adjusting scope, budgets or timelines.More recently there are a number of modified waterfall models which have been developed as a response to its perceived inflexibility. Some notable examples are the <a href="https://en.wikipedia.org/wiki/Rational_Unified_Process">Rational Unified Process (RUP)</a>, which encourages iteration within phases, and <a href="https://www.thomasalspaugh.org/pub/fnd/softwareProcess.html#Sashimi">Sashimi</a> which provides partial overlap between phases.Despite falling out of favour in recent years, waterfall still has a place in modern technology companies. It tends to be reserved for projects where the scope and requirements can be defined upfront and are unlikely to change. At Cloudflare, we use it for infrastructure rollouts, for example. It also has a place in very large projects with complex dependencies to manage.Agile ApproachesAgile isn’t a single well-defined process, rather a family of approaches which share similar philosophies — those of the <a href="https://agilemanifesto.org">agile manifesto</a>. Implementations vary, but most agile flavours tend to share a number of common traits:Short release cycles, such that regular feedback (ideally from real users) can be incorporated.Teams maintain a prioritized to-do list of upcoming work (often called a ‘backlog’), with the most valuable items are at the top.Teams should be self-organizing, and work at a sustainable pace.A philosophy of Continuous Improvement, where teams seek to improve their ways of working over time.Continuous improvement is very much the heart of agile, meaning these approaches are less about nailing down “the correct process” and focus more on regular reflection and change. This means variances between any two teams is expected, and encouraged.Agile approaches can be divided into two main branches — iterative and flow-based. <a href="https://scrumprimer.org/">Scrum</a> is probably the most prevalent of the…
The challenges facing today’s security industry can easily be described as a perfect storm: increasingly sophisticated cyber attackers combined with the proliferation of security tools to cover an expanding attack surface driven by remote work and cloud adoption. These dynamics can lead to disconnected insights and data, putting even more pressure on the existing shortage of security skills. As a result, the way security teams approach threat detection and response is at a turning point. To guard against complex threats and safely navigate digital transformation, organizations need broad visibility, connected data and the ability to make smart decisions, fast.Given these challenges, it’s not surprising that <a href="https://securityintelligence.com/posts/what-is-extended-detection-response/">extended detection and response (XDR) has gained so much momentum of late. One of the promises of XDR is to provide the security analyst with high-fidelity insights and the ability to take action quickly, with end-to-end visibility, detection, investigation and response across multiple security layers. In short, XDR must enable security teams to work more efficiently.With the industry on the cusp of this turning point, I wanted to take a brief look at the current threat environment, how XDR addresses security challenges and why truly open XDR can empower security operations center (SOC) teams. I’ll also discuss why IBM intends to acquire <a href="https://newsroom.ibm.com/2021-11-02-IBM-to-Expand-Security-Portfolio-with-Plans-to-Acquire-ReaQta">ReaQta and how XDR Connect, launched today, can help enhance your security strategy.A Quick View Into the Current Threat LandscapeThe stakes of a security incident are higher than ever. Security teams are navigating enterprise adoption of cloud workloads and a remote workforce, leading to increasingly complex IT environments and an expanded attack surface. According to the <a href="https://www.ibm.com/security/data-breach">Cost of a Data Breach Report 2021, conducted independently by the Ponemon Institute, and sponsored, analyzed and published by IBM Security, for organizations surveyed, the average cost of a data breach was $1.07M higher in breaches where remote work was a factor. For organizations with more than 50% of their workforce working remotely, it took 58 days longer to identify and contain a breach. The transition to remote work has clearly been costly for organizations.At the same time, the volume and severity of threats are on the rise, putting more pressure on security teams to detect and respond quickly. Yet, the most daunting challenge facing security teams is the proliferation of security point solutions, which contributes to the sprawl of data and tools and makes it nearly impossible for security analysts to get a complete view of threats and take action quickly. In fact, according to the 2021 <a href="https://www.ibm.com/resources/guides/cyber-resilient-organization-study/">Cyber Resilient Organization Study based on Ponemon Institute survey data and sponsored by IBM, 60% of organizations surveyed stated that lack of visibility into applications and data assets was an impediment to improving cyber resiliency. Furthermore, while traditional security analytics relies on ingesting and analyzing as much data as possible, it can pose challenges in terms of speed, accuracy and cost and make it difficult for security analysts to get a complete understanding of potential threats.Learn moreHow XDR Addresses Security ChallengesXDR fundamentally brings all the anchor tenants that are required to detect and respond to threats into a simple, seamless user experience for analysts that automates repetitive work. Bringing together all the required context enables analysts to take action quickly, without getting lost in a myriad of use cases, different screens and workflows and search languages. It can also help security analysts respond quickly without creating endless playbooks to cover every possible…
Twitch is primarily a site dedicated to live streaming content. It also offers the ability to chat with others in the Stream you happen to be in via text. The primary draw of Twitch streams is video games and e-sports, leading to the rise of many <a href="https://www.theloadout.com/streamers/biggest-streamers">big name streamers</a> and content creators.Is Twitch just for gaming?In addition to gaming streams, Twitch also offers user generated content on a wide variety of themes and subjects. Everything from watching somebody sleep, or musical events, to walking around the streets of Japan shopping for clothes is available.What age is Twitch for?Statistics show a <a href="https://www.businessofapps.com/data/twitch-statistics/">heavy leaning</a> towards younger age ranges, with 41% of them in the 16-24 bracket and 32% in the 25-34 demographic. The proliferation of younger users makes it an appealing target for scammers.Is it free? What is Twitch Prime?The default Twitch experience is free to use. You can open up the Twitch website or download the app and start watching content right away. There’s no payment required to do this. However, Twitch does have paid options in the form of <a href="https://www.twitch.tv/creatorcamp/en/get-rewarded/bits-and-subscriptions/">subscriptions, and also Prime Gaming</a> (often referred to as “Twitch Prime”). Being a subscriber supports specific channels and also adds functionality for the user, such as emotes. Paid features and services make Twitch accounts an attractive proposition for scammers.What are the dangers of Twitch?It’s a variety of malware, phish pages, and social engineering.<a href="https://blog.malwarebytes.com/cybercrime/2015/07/twitch-audio-fix-hijacks-stream-key/">Fake spam blogs</a>, which may or may not claim to be official Twitch sources, offer up some kind of “fix”. It could be related to stream quality, or audio, or broken emotes (for example). In one case, we found malware served up as an “audio fix”. This file actually steals the streamer’s Stream Key and gives it to the malware author. From there, they’re able to take control of the Stream and send out whatever they want to their audience, as well as change the channel name.Bogus video plugins are also a popular way of tricking people into running files that are not necessary to use Twitch. We found an <a href="https://blog.malwarebytes.com/threat-analysis/2014/10/fake-twitch-tv-site-recommends-pup-as-video-plugin/">imitation Twitch site</a> offering up a “video player plugin” required to stream the site’s content. In actuality, the file is an installer manager which we detect as a PUP (Potentially Unwanted Program). The program offers a variety of installs, and also opens a streaming site unrelated to Twitch. Though listed as “free”, often these types of site require a paid monthly subscription to view the content – only registering on the site is “free”.<a href="https://blog.malwarebytes.com/cybercrime/2014/10/malware-and-pup-disguised-as-twitch-bombing-tools/">Fake “bombing” tools</a>. Twitch bombing is where bots jump into someone’s channel and entice viewers away to another stream. This is a bad enough thing to happen, but the waters are muddied further when you discover fake tools claiming to help you “bomb” are actually just Trojans or other forms of PUP.Discord/Twitch crossovers. We often see <a href="https://blog.malwarebytes.com/cybercrime/2020/04/discord-users-tempted-by-bots-offering-free-nitro-games/">bots in Discord channels</a>, claiming to be from Twitch bearing free gifts. These generally direct potential victims to phishing pages hunting for Discord credentials.Has Twitch ever been compromised?Yes. <a href="https://blog.malwarebytes.com/privacy-2/2021/10/twitch-compromised-what-we-know-so-far-and-what-you-need-to-do/">Data was exposed to the internet</a> after a server configuration change. This alteration was taken advantage of by a third party. Although no payment or address data was found to be leaked…
Crypto exchanges that want to maintain credibility must implement some of the same "know your customer" controls used by banks and similar institutions.

via listcisos https://bit.ly/3nUb2HY
MediaProtecting passwords and sensitive information is essential more than ever with the increasing cyberattacks. There are countless cases of password and data theft, credential stuffing, and other crimes related to passwords. Password theft can devastate a business and expose its sensitive information. People nowadays are burdened with plenty of passwords used for social media, bank...The post Secure Your Business Passwords and Sensitive Information with 1Password  appeared first on Geekflare.

via listcisos https://bit.ly/2ZNPSTL
A new report has shown the energy sector is under immense cyber threat as hackers continue to target this vital industry. The threat report by Lookout shows that mobile phishing exposure had surged by 161% within the energy industry between the second half of 2020 and the first half of 2021.Further key findings include:20% of energy employees were exposed to a mobile phishing attack in the first half of 2021, a 161% increase from the second half of 2020.17.2% of all cyberattacks originating on mobile endpoints targeted energy organizations, making the industry the biggest target of cybercriminals and nation-state-sponsored attackers.The average mobile app threat exposure rate was 7.6% — nearly double the average of all other industries combined.56% of Android users were exposed to nearly three hundred exploitable vulnerabilities by continuing to run out-of-date versions of Android OS.Riskware and vulnerabilities were the cause of 95% of mobile app threats.Regional mobile phishing exposure rates: North America (11.2%), APAC (13.2%) and EMEA (15.8%).EMEA and APAC employees were 41% and 18% more likely to experience a mobile phishing attack than their North American peers.The Lookout Energy Industry Threat Report is based on analysis of data in the Lookout Security Graph. The Graph encompasses telemetry from more than 200 million devices, 150 million apps and detections from the Lookout Secure Web Gateway (SWG) use. Lookout SWG is used by customers to protect against phishing attacks on their mobile devices. Lookout researchers analyzed this information specific to organizations involved in the production and sale of energy, including fuel extraction, manufacturing, refining and distribution.Energy organizations provide the infrastructure essential for the safety and well being of society. Recent events such as the Colonial Pipeline breach demonstrate that the energy industry is particularly vulnerable to cyberattacks. Bad actors phish and exploit vulnerabilities in mobile endpoints to circumvent legacy security systems to gain access to corporate infrastructure, steal sensitive data and extort money.Securing mobile endpoints that employees use to do their jobs is imperative to protect enterprise data as iOS, Android and ChromeOS devices are increasingly essential to digital transformation initiatives. Protecting against mobile phishing and app threats enables energy organizations to prevent cyberattackers who want to steal credentials and data, or halt operations with ransomware.“As the energy industry modernizes and relies more heavily on mobile devices and cloud solutions, these insights into mobile phishing and app threats can help organizations strengthen their security program,” said Stephen Banda, Senior Manager of Security Solutions at Lookout and the author of the report. “We recommend organizations train employees about the dangers of mobile phishing attacks and have dedicated solutions in place to secure against them. They also need visibility into mobile app and operating system vulnerabilities to safeguard corporate data.”The post Mobile phishing threats surged 161% in 2021 – Lookout Energy Threat Report appeared first on IT Security Guru.

via listcisos https://bit.ly/3By7eB6
<i>The IT Security Guru’s Most Inspiring Women in Cyber Awards aims to shed a light on the remarkable women in our industry. The following is a feature on just one of the many phenomenal women put forward for the 2021 awards. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability.</i><i>This year, the awards are sponsored by KPMG and Beazley.</i><b>Bronwyn Boyle, CISO at Mambu</b><b>What does your job role entail?</b>I’ve recently joined Mambu as Chief Information Security Officer, accountable for the security of Mambu’s banking-as-a-service platform and of the broader organisation. I’ll also be supporting security across the broader ecosystem of customers that are utilising Mambu to open up financial services, promote innovation and support financial inclusion across underserved communities across the globe. <b>How did you get into the cybersecurity industry?</b>I started my career as a software developer, cutting Java code and working on the first wave of digital banking services, back in the DotCom era. At the time, developers received very little support or training on security – it was seen as someone else’s problem and often bolted on at the end of the development lifecycle. This didn’t sit well with me, so I decided I’d better upskill – I took a year out to study an MSc in Security & Forensic Computing, and the rest is history..!<b>What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?</b>The lack of female role models, particularly when I was first starting out. I was frequently the only woman and struggled to make my voice heard. I overcame this by actively seeking out inspiring female role models (I’ve been lucky enough to have worked with a number of formidably talented women) and by getting involved in female networking communities. I also learned to silence the “imposter syndrome” voice and speak up, and to create psychologically safe spaces in meetings that encouraged contributions from all individuals.<b>What are your top three greatest accomplishments you have achieved during your career so far?</b><strong>Supporting the security of the open banking ecosystem</strong>My recent role at the Open Banking Implementation Entity has given me an amazing opportunity to support the open banking ecosystem by helping improve the security of the 600+ companies enrolled in open banking.I’m particularly passionate about supporting smaller organisations and third-party providers (TPPs) who may not have the resources or subject matter expertise relating to cyber and fraud risks. I’m proud to have designed and delivered a number of initiatives to better help these organisations and support the overall security of the ecosystem, including:Creation of tailored good practice on security and counter fraud, to accelerate maturity and understanding of new entrants to the open banking ecosystem.Providing tailored threat intelligence to TPPs, to ensure they can keep track of the evolving threat landscape.Hosting thought leadership sessions to upskill open banking participants on key security and fraud best practices. Our last session was on Threat Modelling, with Adam Shostack, and was a great success!Building a trusted community, the Security & Fraud Working Group, to collaboratively address emerging threats and share best practices. As a result of my work in maturing this community and furthering trusted relationships with organisations such as the Cyber Defence Alliance, the SFWG is now collaborating together on coordinated responses to security and fraud events, allowing earlier intervention, minimising the blast radius of incidents and reducing fraud. Creating focused security awareness messages that can support TPPs and promote secure user adoption, while fostering the safety and security of the ~4m SMEs and consumers using open banking products and services. <b>Fostering closer alignment of…