-
Microsoft approved and digitally-signed malicious drivers used in ransomware attacks
PRIVACY PRIVACY Microsoft has warned that malicious hackers were able to get the software giant to digitally sign their code so it could be used in attacks, such as the deployment of ransomware. Read more in my article on the Hot for Security blog. Read More
-
NSA, CISA Warn Against Threats to 5G Network Slicing
PRIVACY PRIVACY Improper network slice management may enable attackers to access data from different network slices Read More
-
Loan Scam Campaign ‘MoneyMonger’ Exploits Flutter to Hide Malware
PRIVACY PRIVACY Zimperium said the code was part of an existing campaign previously discovered by K7 Security Labs Read More
-
BrandPost: How to Choose Security Technology That Works
PRIVACY PRIVACY The role of a security practitioner is difficult. From operational workflow changes to accommodating the latest application requirement impacting policies, it’s a relentless wave of actions to ensure that users, environments, and data are protected as effectively as possible. After all, that’s management of the attack surface. This role becomes even more daunting…
-
Operation Power Off: 50 DDoS-services taken offline in international crackdown
PRIVACY PRIVACY Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites. Read more in my article on the Tripwire State of Security blog. Read More
-
Smashing Security podcast #302: Lensa AI, and a dog called Bob
PRIVACY PRIVACY Drug dealers come unstuck while using the Encrochat encrypted-messaging app, and we put the Lensa AI’s avatar-generation tool under the microscope. All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault. Plus – don’t miss our featured interview with…
-
2 Free Courses for Learning a Proven Risk Assessment Method
PRIVACY PRIVACY CIS has partnered with Trailhead to release a new trail that helps enterprises implement the CIS Controls using the CIS Risk Assessment Method (RAM).[…] Read More
-
F5 expands security portfolio with App Infrastructure Protection
PRIVACY PRIVACY F5 on Thursday announced the launch of F5 Distributed Cloud Services App Infrastructure Protection (AIP), expanding its SaaS-based security portfolio. The new release is a cloud workload protection solution that will provide application observability and protection to cloud-native infrastructures. AIP is built using technology acquired with Threat Stack and will be a part…
-
Dozens of cybersecurity efforts included in this year’s US NDAA
PRIVACY PRIVACY Last week, members of the US House of Representatives and Senate reconciled their versions of the annual must-pass National Defense Authorization Act (NDAA). Each year the NDAA contains a wealth of primarily military cybersecurity provisions, delivering hundreds of millions, if not billions, in new cybersecurity funding to the federal government. This year’s bill…
-
A Security Vulnerability in the KmsdBot Botnet
PRIVACY PRIVACY Security researchers found a software bug in the KmsdBot cryptomining botnet: With no error-checking built in, sending KmsdBot a malformed command—like its controllers did one day while Akamai was watching—created a panic crash with an “index out of range” error. Because there’s no persistence, the bot stays down, and malicious agents would need…