RobbinHood Kills Security Processes Before Dropping Ransomware

Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files. In a newly detected attack campaign, the attackers behind RobbinHood ransomware deploy legitimate, digitally signed hardware drivers to delete security tools on target machines before they encrypt files. These attacks exploit known vulnerability CVE-2019-19320, report Sophos researchers who

Facebook now lets parents monitor their children’s chats

The feature is part of expanded parental controls on the Messenger Kids app aimed at children under 13 Facebook is rolling out a slew of changes to Messenger Kids that give parents more control over how their children use the messaging app. You can review who your kids are interacting with and review their chat

How to catch a cybercriminal: Tales from the digital forensics lab

What is it like to defeat cybercrime? A peek into how computer forensics professionals help bring cybercriminals to justice. Many people ask me about what it was like working for law enforcement. More often than not, however, they are actually enquiring about how computer crime is truly investigated. Whether it’s questions about how accurately it

DDoS Attack Potentially Targeted State Voter Registration Site, Says FBI

The FBI said that a distributed denial-of-service (DDoS) attack potentially targeted a state-level voter registration site. In a Private Industry Notification (PIN) released on February 4, the FBI said that a state-level voter registration and voter information website received a high volume of DNS requests over the period of a month. Those requests were consistent

7 Ways Small And Midsize Businesses Can Secure Their Websites

  Small and Medium Size Businesses Can Secure Their Websites In These 7 Simple Ways Too often small and midsize business (SMBs) run websites that aren’t secure or even have the basics, such as SSL encryption technology or a Web application firewall. Here’s what small and midsize businesses should consider when they decide it’s time

Would you get hooked by a phishing scam? Test yourself

As the tide of phishing attacks rises, improving your scam-spotting skills is never a bad idea Many people are confident in their ability to recognize phishing scams a mile away. In a recent survey, however, only 5% of the respondents had a 100-percent success rate in spotting simulated attacks aimed at stealing their sensitive information.

Facebook privacy settings: Protect your data with these tips

As Facebook turns 16, we look at how to keep your personal information safe from prying eyes Sixteen years, that’s how long Facebook has been around. This means that it has accompanied some of us throughout our teenage years to adulthood. Quite an achievement since websites and services tend to lose popularity over the years

Researchers Find 24 ‘Dangerous’ Android Apps with 382M Installs

Shenzhen Hawk Internet Co. is identified as the parent company behind five app developers seeking excessive permissions in Android apps. Security researchers have identified 24 Android applications seeking dangerous and excessive permissions, all of which come from app developers under Chinese company Shenzhen Hawk Internet Co., Ltd., and have a combined total of 382 million

Ashley Madison Breach Extortion Scam Targets Hundreds

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE

VPN: Useful More Than Just For Security

Virtual Private Networks (VPNs) are undoubtedly the most trusted tools for protecting your privacy while you browse the internet. Essentially, a VPN routes your internet traffic and hides your real IP address so that no one, not even your Internet Service Provider, can see your activity on the internet. Further, the entire data you send

Financial tech firms disagree on ban of customer data screen-scraping

by Lisa Vaas For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing transactions in your bank account, using

Facebook to pay $550m to settle face-tagging suit

by Lisa Vaas A class-action lawsuit against Facebook for scanning a user’s face in photos and offering tagging suggestions looks like it’s finally done churning through the courts. The upshot: it will pay $550 million to settle the suit, Facebook disclosed in its quarterly earnings report on Wednesday. Filed in 2015, plaintiffs had claimed that

Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE

Trello exposed! Search turns up huge trove of private data

by John E Dunn Hands up who’s used the increasingly popular online collaboration platform Trello? Trello is great for organising to-do lists and for coordinating team tasks. But it has its downsides too. While the default for Trello boards is set to ‘private’, many users set them to ‘public’ which means that anyone can see

Government spyware company spied on 100s of innocent people

In March 2019, researchers with a group called Security Without Borders identified more than 20 government spyware apps squatting in plain sight, pretending to be harmless, vanilla apps on Google’s Play store. Security Without Borders is a non-profit that often investigates threats against dissidents and human rights defenders. Those apps were just a decoy through

Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE

Why Companies Should Care about Data Privacy Day

Marking yesterday’s 14th anniversary of Europe’s first data protection day reminds us how far we still have to go. Enterprisewide leverage of company data is now a near-universal objective for the modern organization, but this must be balanced with the needs of data protection and privacy compliance. The frequency with which breaches of personally identifiable

15 NFL teams’ Twitter hijacked in lead-up to the Super Bowl

by Lisa Vaas The cybercriminal group OurMine has struck again, claiming responsibility for hijacking and defacing the Twitter accounts of the US National Football League (NFL) and 15 of its teams. The timing is pointed: The attacks hit during this, the media-hectic week that leads up to Sunday’s Super Bowl Championship, which will pit the

How to take charge of your Google privacy settings

Have you had a Google Privacy Checkup lately? If not, when better than Data Privacy Day to audit the privacy of your Google account? Users have become increasingly sensitive about how their data is handled, which in turn means that tech companies face increasing scrutiny. Google, for example, has introduced new privacy features in recent

NFL, Multiple NFL Teams’ Twitter Accounts Hacked and Hijacked

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2015-3154PUBLISHED: 2020-01-27 CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. CVE-2019-17190PUBLISHED: 2020-01-27 A Local Privilege Escalation

5 Ways To Be a Bit Safer This Data Privacy Day

5 Safety Tips For Data Privacy Day Today is Data Privacy Day. As we say every year, Data Privacy Day is more than just a 24-hour period when you try to keep safe online. It’s a day to think about changes you can make in your digital life that will keep you safer today, and

Security admins checklist: 10 tasks to perform every year

security admin checklist

Here is a checklist of 10 important tasks security administrators should perform to keep devices protected and secure. Security administrators oversee the secured processes in place, safeguarding the day-to-day operations of an organization. While it is easy for users to focus solely on protecting computers and their devices, security admins are tasked with managing the overall

Time for Some Straight Talk Around Network Traffic Analysis

According to research from the Enterprise Strategy Group, 87% of organizations use Network Traffic Analysis (NTA) tools for threat detection and response today, and 43% say that NTA is a “first line of defense” in case of an attack. The increasing IT complexity is one of the main factors in the adoption of NTA tools

FTC Marks Tax Identity Theft Awareness Week February 3-7, 2020

The Federal Trade Commission will mark Tax Identity Theft Awareness Week, February 3-7, 2020, by co-hosting a series of free events highlighting the warning signs of tax identity theft and government imposter scams, ways consumers can protect themselves, and what to do if a consumer is a victim of tax identity theft. Tax identity theft

Background Check Services Provider Agrees to Settle FTC Allegations that it Falsely Claimed Participation in the EU-U.S. Privacy Shield

A company that provides security and investigative services, including background check services, has agreed to settle Federal Trade Commission allegations that the firm misrepresented its participation in and compliance with the EU-U.S. Privacy Shield framework, which enables companies to transfer consumer data legally from European Union countries to the United States. In a complaint, the

5 Ways Your Organization Can Ensure Improved Data Security

Each year on January 28, the United States, Canada, Israel and 47 European countries observe Data Privacy Day. The purpose of Data Privacy Day is to inspire dialogue on the importance of online privacy. These discussions also seek to inspire individuals and businesses to take action in an effort to respect privacy, safeguard data and