How to get more out of Edge (and bolster its security)

Credit to Author: Susan Bradley| Date: Mon, 29 Nov 2021 11:54:00 -0800

I use Edge, the built-in browser in Windows, though I’m very much in the minority. I even think it has the potential to be a better browser than Firefox or Chrome. Case in point: the recent “Super Duper Secure Mode” that has rolled out to the default Edge version after being in beta channels for several weeks. (Let’s call it the “SDSM” setting.)

As noted in a past Edge blog post, SDSM provides additional security features that allows you to disable just-in-time Javascript and then enable Controlflow-Enforcement Technology (CET) instead. Just-in-time Javascript has been used in many zero-day browser attacks in the past — thus, blocking it will help protect our systems and platforms going forward. In my testing so far, I have not seen any side effects running Edge in this mode ,even when doing online shopping or banking.

To read this article in full, please click here

Read more

The Internet is Held Together With Spit & Baling Wire

Credit to Author: BrianKrebs| Date: Fri, 26 Nov 2021 19:03:53 +0000

Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s largest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the world’s largest Internet backbones.

Read more

Apple’s NSO lawsuit targets illegal spying by oppressive regimes

Credit to Author: Lucas Mearian| Date: Fri, 26 Nov 2021 03:00:00 -0800

Apple says its lawsuit against NSO Group this week is an attempt to hold the surveillance firm “accountable for … the surveillance and targeting of Apple users.” And it spared no ire in accusing the Israeli spyware company of its selling surveillance software to authoritarian governments — regardless of whether those governments use it to target dissidents, journalists, and activists.

NSO Group was already facing legal problems after messenger platform provider WhatsApp filed suit in 2019 for similar reasons. Earlier this month, the US Ninth Circuit Court of Appeals rejected the spyware company’s claim that it should be protected under sovereign immunity laws. In the high-profile case, WhatsApp alleged NSO’s spyware was used to hack 1,400 users of the messaging app.

To read this article in full, please click here

Read more

Apple pulls no punches in lawsuit against 'amoral' NSO Group

Credit to Author: Jonny Evans| Date: Wed, 24 Nov 2021 06:51:00 -0800

Apple has punched back against the “amoral” surveillance as a service industry of smartphone snoopers, filing suit against the NSO Group and its owner, Q Cyber Technologies, and taking steps to further secure digital lives.

Why this should matter to your business

Israeli firm NSO Group is a spyware firm that provides surveillance services to governments. It effectively privatizes state-sponsored snooping and enables even the most repressive government to outsource such tasks. It has been widely reported that software from NSO Group was used to target family members of murdered Saudi journalist Jamal Khashoggi.

To read this article in full, please click here

Read more

Ransomware is a threat, even for the smallest of businesses

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 23 Nov 2021 04:00:00 -0800

If I’ve heard it once, I’ve heard it a million times: “My business is too small for a cyber crook to bother with me.” Oh, my friend you are so, so wrong. No company is too big or too small for a ransomware dealer to come knocking at your virtual door.

A recent report from Webroot, The Hidden Costs of Ransomware, found the vast majority—85%—of managed service providers (MSPs) have reported attacks against small and midsized businesses (SMBs). Despite that appallingly high number, just 28% of SMBs consider ransomware a worry.

To read this article in full, please click here

Read more

Arrest in ‘Ransom Your Employer’ Email Scheme

Credit to Author: BrianKrebs| Date: Mon, 22 Nov 2021 21:57:18 +0000

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.

Read more

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Credit to Author: BrianKrebs| Date: Fri, 19 Nov 2021 21:36:30 +0000

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

Read more

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Credit to Author: BrianKrebs| Date: Wed, 17 Nov 2021 23:56:07 +0000

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.

Read more