Security News
Swiss politicians only found out last year that cipher machine company Crypto AG was owned by the US and Germany during the Cold War, a striking report from its parliament has revealed. Although Swiss spies themselves knew that Crypto AG's products were being intentionally weakened so the West could read messages passing over them, they didn't tell governmental overseers until last year - barely one year after the operation ended.
Lumu announced the launch of the Lumu Agent for Windows, a lightweight software built for remote workers in mind, that measures user device's compromise levels in real time. Once installed on an end user's machine, the Lumu Agent silently and persistently runs in the background, collecting network metadata which is then correlated and analyzed by Lumu to provide the most complete compromise visibility available today.
A critical vulnerability in Git Large File Storage, an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker's malicious repository using a vulnerable Git version control tool, security researcher Dawid Golunski has discovered. Golunski found that Git LFS does not specify a full path to git binary when executing a new git process via a specific exec.
The Business Email Compromise is a particular type of phishing attack in which cybercriminals impersonate a trusted contact or other party, either internal or external. During the third quarter of 2020, the median number of BEC attacks received per company each week rose by 15% from the second quarter, according to the report.
An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems, according to the DFIR Report, a project that provides threat intelligence from real attacks observed by its honeypots. Over the past two years, Ryuk has been responsible for a significant number of high-profile attacks, including incidents involving Pennsylvania-based UHS and Alabama hospital chain DCH Health System.
Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. Disclosure of the flaws come just as the owner of social-media platform have reportedly chosen Oracle as an American tech partner that could help keep the app running in the U.S.,on the heels of U.S. president Donald Trump threatening to ban the app over spying concerns.
Business Email Compromise, is a form of targeted phishing where attackers disguise themselves as senior executives to dupe employees into doing something they absolutely shouldn't, like wire money. BEC emails can be difficult to detect using security solutions because no malware is involved.
Employees find significant value in having access to an identity compromise solution, having an available remediation solution creates a better mindset for those that use it, and there are halo results that benefit others, an Identity Theft Resource Center and Aura Identity Guard survey reveals. There is an opportunity to provide the needed support employees are asking for by giving them access to an identity compromise solution as a component of the benefits suite.
DEF CON is perhaps the ultimate "Come one/come all" hackers' convention, now in its 28th year, and it famously takes place in Las Vegas each year in a fascinating juxtaposition with Black Hat USA, a corporate cybersecurity event. The DEF CON Villages are breakout zones at the event where where likeminded researchers gather to attend talks and discussions in research fields all the way from Aerospace, Application Security and AI to Social Engineering, Voting Machines and Wireless.
The United States National Security Agency has issued new advice on securing mobile devices that says location services create a security risk for staff who work in defence or national security. The new guide [PDF], titled "Limiting Location Data Exposure", notes that smartphones, tablets and fitness trackers "Store and share device geolocation data by design."