Who is the Network Access Broker ‘Wazawaka?’

Credit to Author: BrianKrebs| Date: Wed, 12 Jan 2022 05:17:31 +0000

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.

Read more

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Credit to Author: BrianKrebs| Date: Tue, 11 Jan 2022 22:18:55 +0000

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Read more

Google finds a nation-state level of attacks on iPhone

Credit to Author: Evan Schuman| Date: Tue, 11 Jan 2022 03:31:00 -0800

When it comes to mobile security, users are routinely warned to be extremely careful, avoid suspicious links, emails, and attachments. But the growth of no-click attacks sidesteps these soft defenses.

Google recently drilled into one such attack, which happened to have hit an iPhone. “We assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities (one vendor) provides rival those previously thought to be accessible to only a handful of nation states,” said the Google advisory.

To read this article in full, please click here

Read more

Windows security in ’22 — you need more than just antivirus software

Credit to Author: Susan Bradley| Date: Mon, 10 Jan 2022 06:10:00 -0800

Do you need antivirus in 2022 — especially when some options now come with a cryptominers built in?

Several antivirus vendors — some options free, others, paid — have begun bundling their antivirus products with software that generates virtual currency. Of all of the requirements for antivirus, using excess cycles on your computer to generate crypto-coins is not on my list of must-haves.

Recently, Krebs on Security noted that both Norton Antivirus and Avira have told users that versions of their respective software now include a cryptominer. While it’s not enabled by default, it still gives me pause; antivirus is supposed to protect us from such potentially unwanted software, and these two vendors are now including it in their wares.

To read this article in full, please click here

Read more

How to choose a SaaS management platform

Credit to Author: Keith Shaw| Date: Mon, 10 Jan 2022 03:00:00 -0800

The flood of remote workers at the start of the global pandemic in early 2020 had companies scrambling to find new software for communicating and collaborating with remote workers. Many turned to software-as-a-service (SaaS) options.

It was an obvious choice. Under the SaaS model, applications are hosted and maintained by a third-party vendor and delivered to employees over the internet, making them easy to deploy remotely.

To read this article in full, please click here

Read more

500M Avira Antivirus Users Introduced to Cryptomining

Credit to Author: BrianKrebs| Date: Sat, 08 Jan 2022 18:05:14 +0000

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Read more

Norton 360 Now Comes With a Cryptominer

Credit to Author: BrianKrebs| Date: Thu, 06 Jan 2022 17:26:10 +0000

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and enables customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”

Read more

Apple is sneaking around its own privacy policy — and will regret it

Credit to Author: Evan Schuman| Date: Fri, 07 Jan 2022 03:04:00 -0800

Apple has a rather complicated relationship with privacy, which it always points to as a differentiator with Google. But delivering on it is a different tale. 

Much of this involves the definition of privacy. Fortunately for Apple’s marketing people, “privacy” is the ultimate undefinable term because every user views it differently. If you ask a 60-year-old man in Chicago what he considers to be private, you’ll get a very different answer than if you asked a 19-year-old woman in Los Angeles. Outside the US, privacy definitions vary even more. Germans and Canadians truly value privacy, but even they don’t agree on what they personally consider private.

To read this article in full, please click here

Read more