Information Security

All about Information Security
·
3,551 Pins
 2y
Collection by
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA Multi Factor Authentication, Email Spoofing, Devices, Toolbox, Networking, Spoofs, Tool Box, Microsoft
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA | Microsoft Security Blog
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
Sophos researchers investigated a Midas ransomware attack that leveraged at least two different commercial remote access tools (AnyDesk & TeamViewer) and an open-source Windows utility (Process Hacker) in the process. Windows, Commercial, Access Control, Antivirus Software, Access, It Network, Windows Service, Open Source, Target Organization
Windows services lay the groundwork for a Midas ransomware attack
Sophos researchers investigated a Midas ransomware attack that leveraged at least two different commercial remote access tools (AnyDesk & TeamViewer) and an open-source Windows utility (Process Hacker) in the process.
Ransomware attacks increased again in 2021, which already grew 150% over 2019. Since 2016 there are more than 4,000 daily ransomware attacks. They target high-profile firms, demanding higher payments. Please find this sponsored article examining the top 5 attacks of 2021 and how Zero Trust security could have helped. Technology News, Technology, Ghostwriter, Computer Virus, Threat, Antivirus, Cyber Crime News, Tech News
5 Ransomware Attacks from 2021 & How To Prevent Them in 2022
Ransomware attacks increased again in 2021, which already grew 150% over 2019. Since 2016 there are more than 4,000 daily ransomware attacks. They target high-profile firms, demanding higher payments. Please find this sponsored article examining the top 5 attacks of 2021 and how Zero Trust security could have helped.
Video conference platform Zoom is under fire for allegedly sharing users’ private information without their consent and lying about their end-to-end encryption; it has promised to pay $85m in claims to users and vows to improve its privacy practices. Action, End To End Encryption, Data Protection, Consumer Data, Data Tracking, Private Sector, Marketing Director, Encryption, Conference
What Zoom’s $85m class action lawsuit means for data privacy
Video conference platform Zoom is under fire for allegedly sharing users’ private information without their consent and lying about their end-to-end encryption; it has promised to pay $85m in claims to users and vows to improve its privacy practices.
I was lucky enough to receive from the friends at Lacework the book from Chris Castaldo's "Start-Up Secure" which I devoured in a heartbeat. I am very sympathetic to the content and invite to this #SposoredContent from Ermetic https://cybersec.ermetic.com/s/how-to-start-up-your-cloud-security-2549/2?utm_content=buffercb484&utm_medium=social&utm_source=pinterest.com&utm_campaign=buffer Leadership, Friends, Cloud Infrastructure, Cloud Computing, Webinar, Start Up, Data Storage, Roadmap, Online Journal
How to start-up your Cloud Security
I was lucky enough to receive from the friends at Lacework the book from Chris Castaldo's "Start-Up Secure" which I devoured in a heartbeat. I am very sympathetic to the content and invite to this #SposoredContent from Ermetic https://cybersec.ermetic.com/s/how-to-start-up-your-cloud-security-2549/2?utm_content=buffercb484&utm_medium=social&utm_source=pinterest.com&utm_campaign=buffer
BrakTooth is a collection of flaws affecting commercial Bluetooth stacks on more than 1,400 chipsets used in billions of devices – including smartphones, PCs, toys, internet-of-things (IoT) devices and industrial equipment – that rely on Bluetooth Classic (BT) for communication. Proof-of-Concept (POC) code has been released by the researchers to exploit it, and CISA suggest how to tackle it. Water, Art, Breath Of The Wild, Sea World, Blood, Fear, Cthulhu, Dental, Great White Shark
BrakTooth POC released
BrakTooth is a collection of flaws affecting commercial Bluetooth stacks on more than 1,400 chipsets used in billions of devices – including smartphones, PCs, toys, internet-of-things (IoT) devices and industrial equipment – that rely on Bluetooth Classic (BT) for communication. Proof-of-Concept (POC) code has been released by the researchers to exploit it, and CISA suggest how to tackle it.
Yoroi Malware ZLAB researchers recently noticed peaks of activity and fast evolution of a new emerging malware threat, the "Spectre" Remote Access Trojan - advertised in the underground communities during the past weeks and including infrastructure renting services. Technology Support, Remote, Infrastructure, Trojan, Underground, Rent, Renting
Evolution of Spectre malware variants and renting services
Yoroi Malware ZLAB researchers recently noticed peaks of activity and fast evolution of a new emerging malware threat, the "Spectre" Remote Access Trojan - advertised in the underground communities during the past weeks and including infrastructure renting services.
Very interesting and technical research. Anomali Threat Research has discovered an open server to a directory listing that they attribute with high confidence to a German-speaking threat group called TeamTNT. The server contains source code, scripts, binaries, and cryptominers targeting Cloud environments. Command And Control, Directory Listing, Server, Attribute, Technical Analysis, Source Code, Topics, Scripts
Inside TeamTNT’s Impressive Arsenal | Anomali
Very interesting and technical research. Anomali Threat Research has discovered an open server to a directory listing that they attribute with high confidence to a German-speaking threat group called TeamTNT. The server contains source code, scripts, binaries, and cryptominers targeting Cloud environments.
Over the past few months, NCC Group Research has observed an increasing number of data breach extortion cases, where the attacker steals data and threatens to publish it online - but without involvement of encryption. Iphone, Macbook, Decor Online, Decor Ideas, Decor Direct, Brown Furniture, Interior Fabric, Decorating, Macbook Pro
SnapMC skips ransomware, steals data
Over the past few months, NCC Group Research has observed an increasing number of data breach extortion cases, where the attacker steals data and threatens to publish it online - but without involvement of encryption.
A Pentagon official said he resigned because US cybersecurity is no match for China, calling it 'kindergarten level' https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10?utm_content=buffer9249e&utm_medium=social&utm_source=pinterest.com&utm_campaign=buffer China, People, Alternative Health, Homeland Security, Defense, In Recent Years, Medical Professionals, Financial Times, Medical Conditions
A Pentagon official said he resigned because US cybersecurity is no match for China
A Pentagon official said he resigned because US cybersecurity is no match for China, calling it 'kindergarten level' https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10?utm_content=buffer9249e&utm_medium=social&utm_source=pinterest.com&utm_campaign=buffer
Amazon, Google, Microsoft and other tech giants establish Trusted Cloud Principles https://www.zdnet.com/article/amazon-google-microsoft-and-other-tech-giants-establish-trusted-cloud-principles/?utm_content=buffer12e12&utm_medium=social&utm_source=pinterest.com&utm_campaign=buffer from @ZDNet Data Security, Google, Software Update, Cloud Services, Tech, Cloud Data, Cloud Company
Amazon, Google, Microsoft and other tech giants establish Trusted Cloud Principles
Amazon, Google, Microsoft and other tech giants establish Trusted Cloud Principles https://www.zdnet.com/article/amazon-google-microsoft-and-other-tech-giants-establish-trusted-cloud-principles/?utm_content=buffer12e12&utm_medium=social&utm_source=pinterest.com&utm_campaign=buffer from @ZDNet
Undetected Azure Active Directory Brute-Force Attacks via Seamless SSO Active Directory, Analysis, Active, Force, Passwords, Error Message
Undetected Azure Active Directory Brute-Force Attacks
Undetected Azure Active Directory Brute-Force Attacks via Seamless SSO
HCRootkit / Sutersu Linux Rootkit Analysis - exploited RIGHT NOW! Thanks to Lacework Linux, Ipv4, Coded Message, Detection, Values List, Behavior, Elf Writing, One Liner
HCRootkit / Sutersu Linux Rootkit Analysis
HCRootkit / Sutersu Linux Rootkit Analysis - exploited RIGHT NOW! Thanks to Lacework
“Everyone Gets a Rootkit” - interesting technical deep dive on how ACPI and Windows driver works, but basically it all reduced to: do not install a driver if you don’t know where it comes from. Supply Chain, Windows System, Windows Defender, Github, Enterprise, Energy Supply, Complex Systems, Umbrella Term
Everyone Gets a Rootkit - Eclypsium | Supply Chain Security for the Modern Enterprise
“Everyone Gets a Rootkit” - interesting technical deep dive on how ACPI and Windows driver works, but basically it all reduced to: do not install a driver if you don’t know where it comes from.
Report: Apple and FitBit Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online Fitness, Fitness Tracker, Fitbit Fitness Tracker, Runkeeper, Users, Report, Healthcare Industry, Data, Data Breach
Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online
Report: Apple and FitBit Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online