RIP Online Ads? Proposed Bill Would Ban 'Surveillance Advertising'

A proposal from Democratic lawmakers would upend online ads, if they can actually get it passed.

Prying eyes and ears—the impact of Facebook's Project Aria on people's privacy

Credit: Unsplash/CC0 Public Domain The rapid evolution and spread of digital technology raise various privacy and ethical issues both for those developing technologies and for the public. Some new technology contains small cameras that can be easily disguised in ...

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details. The mobile app that all attendees and athletes of the upcoming Beijing Winter Olympics ...

Smart devices can now read your mood and mind: New concerns about technology and consent

Computer-brain interfaces are no longer science fiction. Credit: Shutterstock While waiting to board a plane on a recent trip out of town, an airline staff member asked me to momentarily take off my face mask to allow the facial ...

Cloned Dept. of Labor Site Hawks Fake Government Contracts

A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects — but harvests credentials instead. A new phishing campaign is targeting aspiring government vendors with an invitation to bid on various ...

Israel probes alleged Pegasus use to spy on citizens

Smartphone shows the website of Israel’s NSO Group which features ‘Pegasus’ spyware. Israel’s justice minister on Wednesday pledged a full investigation into allegations that the controversial Pegasus spyware was used on Israeli citizens, including people who led protests against ...

An unpatched Safari bug can leak browsing history and other identifying data

Why it matters: Researchers have discovered a bug in Safari 15 that can allow a website to access your recent browsing history as well as your Google account ID and avatar. Apple is aware of the vulnerability and has ...

Microsoft warns of disk-wiping malware targeting Ukraine

In brief: Microsoft issued a warning over the weekend of malware targeting government and other organizations in Ukraine, which wipes the data on affected systems. This news comes right as cyberattacks were reported against Ukraine amidst rising tensions with neighboring ...

Will 2022 Be the Year of the Software Bill of Materials?

Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. Here, have a can of soup. Nah, we don’t know what’s in it. Could be ...

The Log4j Vulnerability Puts Pressure on the Security World

It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. It’s not my intention to be alarmist about the Log4j vulnerability (CVE-2021-44228), known as Log4Shell, but this one is ...

Cybercriminals Actively Target VMware vSphere with Cryptominers

VMware’s container-based application development environment has become attractive to cyberattackers. Organizations running sophisticated virtual networks with VMware’s vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, ... exchange compromised, but CEO downplays severity

Editor’s take: One of the world’s largest crypto exchanges has apparently suffered a security breach in which an estimated 4,600 Ethereum tokens valued at more than $14 million were stolen. That’s no small amount of money, but things could ...

Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst

All those attending the Olympics in Beijing have to download MY2022, an app China says is to monitor Covid, but which anaylsts warn has “devastating” security flaws. An app all attendees of the upcoming Beijing Olympics must use has ...

‘White Rabbit’ Ransomware May Be FIN8 Tool

It’s a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art. A new ransomware family, White Rabbit, chewed through a local U.S. bank last month ...

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central MSP platforms could allow authentication bypass, the company has ...

Stop Apps from Collecting Your Private Information

The most popular apps are the worst offenders when it comes to raiding your account for data. In this edition of SecurityWatch, we offer some privacy-focused alternatives.

Organizations Face a ‘Losing Battle’ Against Vulnerabilities

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said. After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a “losing battle” ...

What Does Big Tech Know About You? Basically Everything

Security Baron examined the privacy policies of Facebook, Google, Apple, Twitter, Amazon, and Microsoft; just how much these tech giants actually know about you might be surprising..

British Government launches ‘scaremongering’ Saatchi PR blitz over end-to-end encryption concerns

Privacy campaigners argue that the government is trying to scare people into giving up valuable end-to-end encryption features that support online privacy.

How open banking benefits customers, banks – and cybercriminals

Article by Radware, Prakash Sinha. Australia is progressing steadily with an open banking rollout. The Big Four banks — CBA, Westpac, ANZ and National Australia Bank — introduced open banking in July 2021, and other banks and financial services ...

DigiCert announces acquisition of IoT cybersecurity provider Mocana

DigiCert, the provider of TLS/SSL, IoT and other PKI solutions, and backed by Clearlake Capital Group, Crosspoint Capital and TA Associates, has announced that it has acquired internet of things (IoT) cybersecurity provider Mocana. The combination of DigiCert and ...

Hackers Exploit Log4Shell to Infect VMware Horizon Servers

Huntress Labs says Cobalt Strike is being installed on at least some of these servers.

CrowdStrike expands Zero Trust support to macOS and Linux

CrowdStrike has expanded its Zero Trust support to macOS and Linux to further help with cross-platform protection and expansion of partnerships. The company says the new CrowdStrike Falcon Zero Trust Assessment (ZTA) will encompass a data-centric approach to safely ...

Microsoft: Ukrainian Companies Are Being Targeted by Destructive Malware

All the ransomware, none of the recovery capabilities.

Stolen Credit Card Vendors Retire With $358 Million in Crypto

Elliptic described the shuttered platform, UniCC, as "the leading dark web marketplace of stolen credit cards."

Protecting EV charging stations from cyberattacks

Credit: Pixabay/CC0 Public Domain As the number of electric cars on the road grows, so does the need for their electric vehicle (EV) charging stations and the Internet-based managing systems within those stations. However, these managing systems face their ...

Cyberattack in Ukraine targets government websites

Credit: Pixabay/CC0 Public Domain A cyberattack left a number of Ukrainian government websites temporarily unavailable Friday, officials said. While it wasn’t immediately clear who was responsible, the disruption came amid heightened tensions with Russia and after talks between Moscow ...

Poland: huge military data leak has only public information

Poland’s Defense Ministry said Friday that a massive leak from a military equipment database includes only publicly available information and is not harmful. The ministry said that the database found online is a list from a body responsible for making ...

myEntropy calculates entropy level of online services file types, may reveal corruption

Credit: Pixabay/CC0 Public Domain We are, in the pandemic world, even more dependent on online services than we ever have been before, whether as remote workers, those learning from home, or in healthcare. As such, there is an increasing ...

North Korean hackers stole $400 mn in crypto in 2021: Chainalysis

Pyongyang’s cyberwarfare abilities first came to global prominence in 2014 when it was accused of hacking into Sony Pictures Entertainment as revenge for “The Interview”, a satirical film that mocked leader Kim. North Korean hackers stole around $400 million ...

Cyber attack in Albuquerque latest to target public schools

Albuquerque Public Schools superintendent Scott Elder poses for a photo outside of Highland High School on Aug. 11, 2021, in Albuquerque, N.M. Albuquerque Public Schools says classes will be canceled Friday, Jan. 14, 2022, for a second day after ...

Ukrainian Government Websites Defaced Amid Threat of Russian Invasion

The Ukrainian government websites were altered to claim local citizens' personal information had been leaked.

Russia Arrests Members of REvil Ransomware Group, Citing US Request

It may be the first time the Russian government has publicly cracked down on a ransomware gang operating within the country.

Don't Plug It In! How to Prevent a USB Attack

USB drives are affordable and convenient, but that makes them attractive targets for hackers. Here’s how to avoid getting scammed by these portable storage devices.

Russia Takes Down REvil Hackers as Ukraine Tensions Mount

Over a dozen alleged members of the notorious ransomware group have been arrested, but the Kremlin's critics are wary of the underlying motivation.

Russia says it has shut down notorious REvil ransomware group

What just happened? Russia’s FSB has arrested members of REvil, a ransomware group responsible for many cyberattacks across the US last year, including the Kaseya attack. Amid the arrest, the FSB seized millions of dollars in cash and assets. ...

Google wants to increase government collaboration to secure open-source

Google says that it wants to increase government collaboration to help secure open-source after participating in a White House summit. On Thursday, Google participated in the White House Open Source Software Security Summit with the aim of building on ...

Top Illicit Carding Marketplace UniCC Abruptly Shuts Down  

UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next. A top underground market for buying and selling stolen credit-card details, UniCC, has announced it’s shutting down operations. The site accounted for about 30 ...

Real Big Phish: Mobile Phishing & Managing User Fallibility

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike. According to a recent survey from Ivanti, nearly three-quarters (74 percent) ...

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers. A critical security bug affecting Cisco’s Unified Contact Center Enterprise (UCCE) portfolio could allow privilege-escalation and platform takeover. ...


‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites

Russian Security Takes Down REvil Ransomware Gang

Three Plugins with Same Bug Put 84K WordPress Sites at Risk

Cyberattack targets Ukrainian gov websites amid Russia tensions

Microsoft Yanks Buggy Windows Server Updates

YouTube Shorts a haven for scammers using stolen TikTok videos

Amazon Web Services Patches 'Superglue' Vulnerability

Netcetera partners with EML Payments Ltd. to enhance secure payment solutions

Kaseya sees continued growth following a standout 2021

Google to White House: It's Time to Secure Open-Source Software

Trickbot takes top malware spot in Australia, Emotet returns

Smart device security the focus of newly funded research

North Korean APTs Stole ~$400M in Crypto in 2021

North Korean Hackers Stole $400M in Cryptocurrency Last Year

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

'TLDR' Bill Would Make a Federal Case Out of Unreadable Terms of Service

Largest seller of stolen credit cards on Dark Web shuts down

New GootLoader Campaign Targets Accounting, Law Firms

Adobe Cloud Abused to Steal Office 365, Gmail Credentials

Modelling the spread of viruses

Palo Alto Networks joins Microsoft 365 Networking Partner Program

Thycotic named Gartner Peer Insights customers’ choice for Privileged Access Management

Google Cloud acquires cybersecurity provider Siemplify

Cyberattacks increased by 50% in 2021, peaking in December due to Log4J exploits

CrowdStrike launches $100 million investment vehicle Falcon Fund II for tech innovators

Manufacturers struggle to close security gaps as they undergo digital transformation

IT leaders need purpose-built PAM solutions, ThycoticCentrify finds

Ransom DDoS attacks surged in final quarter of 2021 - report

Internet of Things security firm Nozomi Networks wins excellence award

Log4Shell zero day vulnerability most significant security threat of past decade

NormCyber delivers cyber and data protection with latest release

Hundreds of Australian corporations identified with email security vulnerabilities

Aussie app startup raises $1M through crowd-sourced funding campaign

Is BYOD the final mile to Digital Transformation success?

6 significant changes to online fraud we saw in 2021

ThycoticCentrify adds new security controls and automation to Secret Server

Zoom awarded new international security certification after intensive evaluation

Coping with increasing cybersecurity challenges (from the good side and the bad!)

Kaspersky APAC retains top spot in channel satisfaction matrix

Cybersecurity in 2022: End of passwords, cybersecurity education and the compromised home

CyberRes launches Galaxy, brings cyber threat intelligence to security exes

Lenovo technology predictions for 2022: AI, hybrid working, security and sustainability

Honeywell and Acalvio Technologies launch shared solution to stop zero-day attacks

New lows for ransomware attacks, decline in critical infrastructure defences expected in 2022

Surfshark launches tool to stop personal info being sold by data brokers

Experts place the human factor at the centre of cybersecurity strategies

New RCE bug is making APAC businesses vulnerable to Log Injection attacks

The shape of risk management in 2022: Cyber risk quantification, ESG, and operational resilience

LogicMonitor's leadership transition marks a new phase in the company's trajectory

Why cyber crime will continue to flourish in 2022

GlobalDots and Lacework enter partnership to extend cloud security

E-signature software use in small to medium businesses on the rise

D-Link now offering complete cloud managed solution following latest release

Aussie's Veyor raises $4 million in equity, plans to double workforce

Emmi gears up for global expansion following latest funding round

January promises rise in ransomware, Business Australia offers 7 top tips

New malware campaign exploits Microsoft's digital signature verification

Cloudflare Radar releases surprising internet traffic and security statistics in 2021 review

Fujitsu Australia chosen to roll out new system for SA Department for Correctional Services

Scammers Stick Fraudulent QR Codes on Texas Parking Meters