Security News > 2021 > September
The British government is preparing to launch a full-scale policy assault against Facebook as the company gears up to introduce end-to-end encryption across all of its services. The backlash has already begun, showing that officials face a tooth-and-nail fight to derail the rollout of end-to-end encryption on the anti-social networking site and others in the Facebook estate.
What about your Internet of Things devices? A new survey from password manager NordPass reveals that many IoT devices are saddled with their default passwords, making them an open target for cybercriminals. In a survey of 7,000 people across Australia, Canada, France, Germany, the Netherlands, the UK and the United States, NordPass found that only 33% of users changed the default passwords on their IoT devices.
Acronis True Image, the leading personal cyber protection solution, is changing its name to Acronis Cyber Protect Home Office. Updating the name to Acronis Cyber Protect Home Office provides a better view into all of the capabilities available to the individuals, families, freelancers, and IT professionals who rely on the solution.
Researchers with threat intelligence company KELA have recently analyzed 48 active threads on underground marketplaces made by threat actors looking to buy access to organizations' systems, assets and networks, and have found that at least 40% of the postings were by active participants in the ransomware-as-a-service supply chain.Unsurprisingly, companies in developed countries such the US, Canada, Australia and European countries are preferred targets, while organizations based in countries that are members of the Commonwealth of Independent States are generally avoided - most likely because the threat actors are based in some of those countries and wish to avoid local law enforcement focusing on them.
Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents. Microsoft has not revealed much about the MSHTML bug, tracked as CVE-2021-40444, beyond that it is "Aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," according to an advisory released Tuesday.
AT&T's Alien Labs security division has sounded the alarm on a malware campaign from TeamTNT which, it claims, has gone almost entirely undetected by anti-virus systems - and which is turning target devices into cryptocurrency miners. Described by Alien Labs researcher Ofer Caspi as "One of the most active threat groups since 2020," TeamTNT is known for its use - and abuse - of open-source security tools for everything from finding vulnerable targets to dropping remote-control shells.
The COVID-19 pandemic was good for business, according to British infosec workers - although half of them still say they feel burnt out amid the surge in work. Two-thirds of the 557 cybersecurity professionals surveyed by the Chartered Institute of Information Security said they thought the last couple of years had been good for the local infosec market.
Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances.
Eoin Keary, CEO and founder of Edgescan, told The Register that the oldest common vulnerability discovered in its latest quarterly vulnerability scans report dated back to 1999. Before we look at the why, let's explore some of the what: the old vulnerabilities that are still being used in very real world enterprise attacks to this day.
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML, to compromise Windows/Office users in "a limited number of targeted attacks," Microsoft has warned on Tuesday. CVE-2021-40444 is a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.