Cybersecurity News
Researchers Find Significant Vulnerabilities in macOS Privacy Protections
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.05 August 2021
A New Approach to Securing Authentication Systems' Core Secrets
Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.05 August 2021
MacOS Flaw in Telegram Retrieves Deleted Messages
Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.
05 August 2021
Organizations Still Struggle to Hire & Retain Infosec Employees: Report
Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.05 August 2021
Is your personal information being abused?
Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls.
The post Is your personal information being abused? appeared first on WeLiveSecurity
05 August 2021
Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say
Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.
05 August 2021
Black Hat: Charming Kitten Leaves More Paw Prints
IBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.
05 August 2021
The Importance of Properly Scoping Cloud Environments
PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) recently released a joint industry threat bulletin highlighting the importance of properly scoping cloud environments. In this blog, the PCI SSC and CSA share guidance and best practices for properly scoping cloud environments.
05 August 2021
Why Supply Chain Attacks Are Destined to Escalate
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.05 August 2021
Ransomware Gangs and the Name Game Distraction
It's nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don't go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years. Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one's demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere. Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members -- such as which types of victims aren't allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network.05 August 2021
There's been a rise in stalkerware. And the tech abuse problem goes beyond smartphones
No matter how stalkerware is marketed, it is part of a wider problem: the use of technology in coercive control.05 August 2021
Why cloud security is the key to unlocking value from hybrid working
How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats?
The post Why cloud security is the key to unlocking value from hybrid working appeared first on WeLiveSecurity
05 August 2021
‘I’m Calling About Your Car Warranty’, aka PII Hijinx
Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
04 August 2021
Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms
A researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities.
04 August 2021
Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch
If that job offer looks too good to be true, something else may be afoot.04 August 2021
Black Hat: Let’s All Help Cyber-Immunize Each Other
We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity.
04 August 2021
Bob had a bad night: IoT mischief takes neighbourly revenge to the next level in a capsule hotel
When you hand over control of capsule bedrooms to guests, you also offer them the means to troll others.04 August 2021
The Graph Foundation launches bug bounty program
Bugs in scope include RCE and those leading to the loss of user funds.04 August 2021
Black Hat 2021 – non‑virtual edition
How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?
The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity
04 August 2021
Phishing Campaign Dangles SharePoint File-Shares
Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.
04 August 2021