This week on the Kaspersky Transatlantic Cable podcast, Jeff and I spoke with Claire Hatcher, our fraud prevention team’s head of business development. During the call, we discussed the wide-ranging issues surrounding fraud and how it affects its victims — a view often overlooked because of fraud’s show more ...
common portrayal as a victimless crime. We also chat about how people can best defend themselves against fraud and scams, especially e-mail and phone scams, and also briefly look at an upcoming webinar Claire is hosting. To learn more about Kaspersky Fraud Prevention, head here.
The events of the past year have forced many companies to change their approach to work and, by extension, information security. Seeking to learn about their pandemic-related challenges, we polled 5,266 IT decision-makers in 31 countries. Respondents talked about the threats they encountered, the costs of show more ...
cyberincident recovery, and the current state of security within their organizations. To learn more about major trends of the past year, forecasts for the coming year, and recommendations from Kaspersky and invited experts, see our report, “Plugging the gaps: 2021 corporate IT security predictions.” IT departments have to get creative Although the number of cyberattacks continues to rise, security budgets for IT departments in general are shrinking. In 2020, spending by large companies (1,000 or more employees) on cybersecurity fell by an average of 26% against the year before; In the SMB segment (50–999 employees), IT budgets are also down by about 10%; Spending on IT departments and information security is likely to decrease further. In other words, IT teams will have to do more with less. Perimeter security is becoming irrelevant Company software has moved to home computers and personal smartphones, so companies can no longer rely on a secure corporate network segregated from a dangerous external environment. According to our experts, the best protection strategy for companies will involve inspecting cybersecurity and certifying employee workplaces. Training must be practical and coherent Working from home, employees cannot always rely on corporate security and prompt assistance from IT. Therefore, more than ever, they need up-to-date, applicable knowledge about cyberthreats and how to stay safe. Their training must be systematic and extensive — a handful of seminars will not suffice. Outsourcing helps cut HR costs Maintaining a full roster of highly specialized cybersecurity experts is expensive for every company type and size, from SMBs to the largest enterprises. Therefore, reliable MSSPs (managed security service providers) are more important than ever. At the same time, experts recommend additional training for in-house infosec staff (if any), so that they can manage outsourcing. Cloud services will take off According to IDG, spending on cloud services in 2021 will consume about 32% of IT budgets, so it is essential to oversee the platforms’ monitoring and security. Experts strongly encourage deploying tools for analyzing employee actions, including use of unauthorized third-party software and cloud services, as well as expanding the transparency of work done on personal mobile devices. Trends from 2020 will continue in 2021, with 75% of professionals worldwide saying they intend to reevaluate their relationship with the office after the pandemic ends. For details of the challenges ahead and advice for protecting your business in 2021, see the full report. For ease of use, it is divided into sections with forecasts and recommendations for CEOs, CIOs/CISOs, SOC team leads, and IT security managers.
Threat actors behind a distributed denial-of-service campaign targeted the same set of victims again after the organizations failed to pay the initial ransom, as per a new report by Radware.
Intel Corp. confirmed that an internal error is the cause of a data leak that prompted it to release a quarterly earnings report early and that attackers did not compromise the corporate network.
In cases of ransomware attacks, many victims restore data from backups and do not bother contacting the attackers. The Avaddon ransomware gang now uses DDoS attacks to force victims to contact them.
Tesla has sued a former employee for allegedly stealing about 26,000 confidential files in his first week of working at the company, according to a court filing seen by AFP.
CISOs of organizations that have been hit by the attackers who compromised SolarWinds Orion are now mulling over how to make sure that they’ve eradicated the attackers’ presence from their networks.
A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign.
Researchers found that out of all the companies and organizations that installed a backdoored SolarWinds Orion update, the majority were never targeted by the threat actors using Sunburst.
The leaked data includes real names, emails, location details, body details, dating preferences, marital status, hashed passwords, Facebook user IDs, Facebook authentication tokens, and IP addresses.
The archive included email addresses and last update dates for 8,242,000 user accounts, full names, phone numbers, locations, and other account details of over 4 million users and apparel creators.
While Russia has continued to deny its involvement in the attacks, as first reported by ZDNet, the Russia's NKTsKI issued a warning to Russian organizations to improve their networks' security.
On the day of discovery, a Saturday, WebsitePlanet informed the Cook County CTO about the exposure. Early the following Monday, the database was secured and public access restricted.
Analyzed in a report published last week by security firm Zscaler, the company said this new threat is a variant of an older botnet named SystemdMiner, first seen in early 2019.
According to independent cybersecurity researcher Rajshekhar Rajaharia, thousands of such explicit and illegal content is being circulated via Google Drive, including files linking to malware.
The Indian government seems determined to implement the new security directives in the telecom sector, cleared by the Cabinet Committee on Security (CCS), within the next six months.
The incident occurred with the file sharing software provided by California-based Accellion. The same software was also used by New Zealand’s central bank, who faced a cyber attack earlier this month.
QNAP is warning unsuspecting customers of an ongoing malware campaign that exploits NAS devices to mine bitcoin while hogging up the whole of CPU and memory resources.
Software supply chain attacks are becoming more widespread. The recent incidents manifest how they have grown patiently and become more complex to tackle.
During the last few months, VirusTotal has included additional meaningful relationships to create a rich ecosystem that interconnects samples, URLs, domains, and IP addresses.
After hacking it a few days back, the ransomware actors again targeted the IObit forums to display a message demanding that IObit pay them $100,000 in DERO or the attacks would continue.
Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon.
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
This Metasploit module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint.
This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user show more ...
that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.
Ubuntu Security Notice 4702-1 - It was discovered that Pound incorrectly handled certain HTTP requests A remote attacker could use it to retrieve some sensitive information.
Gentoo Linux Security Advisory 202101-21 - A vulnerability was discovered in Flatpak which could allow a remote attacker to execute arbitrary code. Versions less than 1.10.0 are affected.
Backdoor.Win32.Wollf.16 malware creates and runs a service named contime.exe with SYSTEM integrity and listens on port 5240. The malware uses a weak hardcoded password of 12345678 which can easily be viewed in the binary using strings utility.
Gentoo Linux Security Advisory 202101-20 - Multiple vulnerabilities have been found in glibc, the worst of which could result in the arbitrary execution of code. Versions less than 2.32-r5 are affected.
Gentoo Linux Security Advisory 202101-19 - Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in the arbitrary execution of code. Versions less than 8.272_p10 are affected.
Gentoo Linux Security Advisory 202101-18 - Multiple vulnerabilities have been found in Python, the worst of which could result in the arbitrary execution of code. Versions less than 2.7.18-r6:2.7 are affected.
Gentoo Linux Security Advisory 202101-17 - Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.83 are affected.
Gentoo Linux Security Advisory 202101-16 - A vulnerability in KDE Connect could lead to a Denial of Service condition. Versions less than 20.04.3-r1 are affected.
CASAP Automated Enrollment System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Richard Jones.
Gentoo Linux Security Advisory 202101-15 - Multiple vulnerabilities have been found in VirtualBox, the worst of which could result in privilege escalation. Versions prior to 6.1.18 are affected.
Gentoo Linux Security Advisory 202101-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.6.1 are affected.
Gentoo Linux Security Advisory 202101-13 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 88.0.4324.96 are affected.
Red Hat Security Advisory 2021-0247-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and show more ...
includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include information leakage and memory leak vulnerabilities.
Red Hat Security Advisory 2021-0246-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and show more ...
includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include information leakage and memory leak vulnerabilities.
Ubuntu Security Notice 4703-1 - It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2021-0248-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and show more ...
includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include information leakage and memory leak vulnerabilities.
Red Hat Security Advisory 2021-0250-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and show more ...
includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include information leakage and memory leak vulnerabilities.
A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said. The link to the fake
Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat
In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted
Another day, and another report that a cryptocurrency exchange has been breached by malicious hackers. Indian cryptocurrency exchange BuyUCoin says that is investigating claims that sensitive data related to hundreds of thousands of its users has been published on the dark web, where it is available for free download. Read more in my article on the Hot for Security blog.
