Security News > 2021 > September
Relying on a simple recipe that has proved successful time and time again, threat actors have deployed a malware campaign recently that used a Windows 11 theme to lure recipients into activating malicious code placed inside Microsoft Word documents. Security researchers believe that the adversary behind the campaign may be the FIN7 cybercrime group, also known as Carbanak and Navigator, that specializes in stealing payment card data.
The US Securities and Exchange Commission has warned investors to be "Extremely wary" of potential investment scams related to Hurricane Ida's aftermath. This alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues investor alerts to warn investors about the latest investment frauds and scams.
Microsoft is turning a blind eye to a loophole that allows you to install Windows 11 on incompatible hardware but warns that your device may no longer receive security updates. These system requirements, including a TPM 2.0 processor and newer CPUs, leave many Windows 10 users unable to upgrade to Windows 11 without purchasing new hardware.
A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don't implement MAC address randomisation - meaning they can be used to track their wearers. Norwegian state broadcaster NRK revealed Bjorn Hegnes' findings after helping him analyse Bluetooth emissions from a dozen different models of audio headphones, contained within 1.7 million Bluetooth messages he intercepted.
Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software that could be exploited by an attacker to take control of an affected system. The network equipment maker said it's aware of a publicly available proof-of-concept exploit code targeting the vulnerability, but added it's not detected any successful weaponization attempts in the wild.
Cybersecurity training is not the same across all companies; SMB training programs must be tailored according to size and security awareness. Who better to give advice about how small- or medium-sized businesses should handle cybersecurity than an organization and expert with currency in helping SMBs survive? Anete Poriete, UX researcher at CyberSmart, in her Real Business article, The Best Practises for Cybersecurity Training in SMEs, said there's a common misconception that SMBs aren't aware of cybersecurity threats.
Interesting article on squid communication. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Apple on Friday said it intends to delay the introduction of its plan to commandeer customers' own devices to scan their iCloud-bound photos for illegal child exploitation imagery, a concession to the broad backlash that followed from the initiative. Last month, Apple announced its child safety initiative, which involves adding a nudity detection algorithm to its Messages chat client, to provide a way to control the sharing of explicit images, and running code on customer's iDevices to detect known child sexual abuse material among on-device photos destined for iCloud storage.
Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. The FBI and CISA have also been busy, releasing advisories warning of ransomware attacks over holiday weekends, gangs targeting food and agriculture organizations, information about the 1% group, and IOCs for the Hive Ransomware.
