You are here
Home > Be Aware

ETSI Releases New Standard for Consumer IoT Security

I want to see vendors differentiating their products through security and privacy controls. This standard should be a baseline, entry-level requirement to sell anything...: The ETSI Technical Committee on Cybersecurity (TC CYBER) last week unveiled a new standard, ETSI EN 303 645 (EN) for cybersecurity in the Internet of Things (IoT). As more devices in the home connect to the internet, the cybersecurity of the IoT has become a growing concern. The EN is designed to preve

IOTW: Twitter Leaves Confidential Information Vulnerable—Again

Do you, as a matter of habit, clear your browser cache? No, thought not...: [...] Why It’s A Big Deal It is possible that the leaked information could fall into the wrong hands in the case of shared or public computers or devices. From there, there is a risk of the information being used in phishing schemes. Remember, phishers often compile personal data over a long period of time before utilizing the information. From there, convincing phone calls and emails are sent ...

Bitcoin Scammers Use Celebrity Names to Lure Victims

A few of these emails made it through my various spam filters. I'm in the UK, the Daily Mirror page mentioned was very convincing (unless you're paranoid, like me)...: [...] Victims receive a text message informing them of a news report about a lucrative new investment scheme. The message contains a URL supposedly pointing to a well-known media outlet. In fact, it is a unique short link to a redirect page. This page uses the short link to look up extensive personal data abou

Mandiant Security Effectiveness Report 2020: What You Need to Know NOW About Reconnaissance

I'm going to make a shameless plug for our Private Threat Intelligence free trial here, and another for our security awareness partner OutThink...: [...] As we uncovered in our report Mandiant Security Effectiveness Report 2020, looking across network, email and endpoint and cloud-based security controls, all too often, security controls are not performing as expected. Knowing this, security leaders need to ask themselves why are their controls not performing the way they’re

Remote workers more aware of security, but still flout the rules

The issue here is that the home environment gives many more opportunities to bend/break security rules than a controlled office...: Almost three-quarters (approximately 72%) of people forced to work remotely through the Covid-19 coronavirus pandemic believe they are now more conscious of their organisational cyber security policies than they were before, but are still happy to break the rules if expedient, according to a Trend Micro study distilled from interviews conducted

EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities

Why it's a bad idea to install software from dodgy sources...: [...] A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. Researchers say the ransomware is being distributed via various versions of pirated software. EvilQuest, first discovered by security researcher Dinesh Devadoss, goes beyond the normal encryption capabilities for run-of-the-mill ransomware, including the ability to deploy a keylogger (for monitoring what’s typed int

#COVID19 HMRC Phishing Scams Persist, Begin Targeting Passport Details

Unlike enterprises with programs to manage human risk (take a look at ), the self-employed are relatively easy prey...: Fraudsters are continuing to exploit self-employed people with advancements in already-established COVID-related HMRC phishing scams. Uncovered by Griffin Law, the latest variation of this attack is now targeting the passport details of self-employed people, along with other information including personal and bank details. According

Business giant Xerox allegedly suffers Maze Ransomware attack

It looks like this story will be playing for the next few weeks at least...: [...] Maze published a set of 10 screenshots, showing directory listings from June 24 and 25, network shares, and the ransom note that is dropped after the encryption routine completes. Specifically, one image shows that hosts on “,” managed by Xerox Corporation, were compromised. Systems on other domains might also be impacted. While the domain reveals that Maze ransomware breac

Microsoft releases emergency security update to fix two bugs in Windows codecs

Worth checking to see if your update process has actually updated these codecs...: Microsoft has published on Tuesday two out-of-band security updates to patch two vulnerabilities in the Microsoft Windows Codecs Library. Tracked as CVE-2020-1425 & CVE-2020-1457, the two bugs only impact Windows 10 and Windows Server 2019 distributions. In security advisories published today, Microsoft said the two security flaws can be exploited with the help of a specially crafted

Researchers Find New Calendar-Based Phishing Campaign

This strikes me as more of an awareness problem than anything else. If a calendar invite sent me to login to a banking site, I'd delete it immediately...: Researchers have once again spotted crooks using calendar invitations to mount phishing attacks. The Cofense Phishing Defense Center found the attack in enterprise email environments protected by Proofpoint and Microsoft, it announced last week. The phishing scam uses iCalendar, which is a media type that lets users sto