- The Most Pressing Concerns Facing CISOs Todayby John Worrall Chief Executive Officer at ZeroNorth on January 19, 2021 at 6:00 pm
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
- The SolarWinds Hackers Used Tactics Other Groups Will Copyby Lily Hay Newman on January 19, 2021 at 2:00 pm
The supply chain threat was just the beginning.
- Joker’s Stash Carding Market to Call it Quitsby BrianKrebs on January 18, 2021 at 7:50 pm
Joker's Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it's closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.
- SolarWinds Malware Arsenal Widens with Raindropby Tara Seals on January 19, 2021 at 4:40 pm
The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.
- Injecting a Backdoor into SolarWinds Orionby Bruce Schneier on January 19, 2021 at 12:16 pm
Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code. Several safeguards were added to SUNSPOT to avoid the Orion builds from failing, potentially alerting developers to the adversary’s presence...
- Labour Party urges UK data watchdog to update its Code of Employment Practices to tackle workplace snoopingby Gareth Corfield on January 19, 2021 at 2:21 pm
Key doc hasn't been updated since 2018, warn politicos and trade union The UK's Information Commissioner's Office needs to update its Code of Employment Practices to tackle workplace spying by bosses, the Prospect trade union and the Labour Party have said.…
- Interpol: Trading scammers lure love-struck victims via dating appsby Sergiu Gatlan on January 19, 2021 at 6:10 pm
The Interpol (International Criminal Police Organisation) warns of fraudsters targeting dating app users and attempting to trick them into investing through fake trading apps. [...]
- Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attackby noreply@blogger.com (Ravie Lakshmanan) on January 19, 2021 at 3:04 pm
Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that
- BrandPost: Ensuring Security with Modern IT Endpoint Managementby Brand Post on January 19, 2021 at 5:58 pm
Work habits already were changing pre-pandemic, with employees becoming increasingly mobile. Today, employees largely work from home and are not going anywhere; however, from an IT standpoint, they’re still considered mobile.This dynamic has changed once-simple tasks, such as updating an operating system, into a complex, multilayered undertaking, driving companies to look for new ways to manage their distributed workforces while ensuring security.Modern endpoint management definedWhat is required is a strategy that makes onboarding a new Windows PC as easy as getting a new phone, says Jim Cooper, Chief Technologist for Personal System Services at HP. Nearly everyone today knows how to configure a new phone: Merely enter your username and password, and almost everything is migrated from your old device to the new one via the cloud, including your applications, data, and settings.To read this article in full, please click here