Attack on Security Titans: Earth Longzhi Returns With New Tricks

Credit to Author: Ted Lee| Date: Tue, 02 May 2023 00:00:00 +0000

After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.

Read more

Apple, platform security, and the next big war

When Apple CEO Tim Cook in 2016 warned of a cybersecurity war, he was specifically discussing the pressure Apple then faced to create back doors on its platforms so law enforcement could snoop on users.  

He was championing encryption and opposing the creation of designer vulnerabilities that can be exploited by any entity that knows they exist. Since then, we’ve seen a cancerous tumult of surveillance as a service that companies such as the NSO Group break out, each of them using the kind of hard-to-find flaws governments may insist on platform providers creating.

To read this article in full, please click here

Read more

Update 1: Increased exploitation of PaperCut drawing blood around the Internet

Credit to Author: Angela Gunn| Date: Thu, 27 Apr 2023 18:43:38 +0000

A recent remote code execution (RCE) vulnerability is increasingly in use to deliver Cobalt Strike and other remote management software, along with multiple ransomware threats – what you need to know about CVE-2023-27350

Read more

Businesses, beware: The Motorola ThinkPhone comes with a major caveat

Let me just preface this by saying: No, the saga we’re about to dive into isn’t in any way related to April Fools’ — as far as I can tell, anyway. After all, we’re at the start of May.

And yet, one of Android’s best-known phone-makers is putting out a new device with such eye-rollingly off-the-mark claims, I can’t help but wonder if maybe they got mixed up on months and meant this to be a joke. It’s so hilariously and obviously ironic, I’m just not sure what else to make of it.

So here it is: Motorola’s got a new business-aimed Android phone called the Motorola ThinkPhone. It’s the first time the company — which has been owned by Lenovo since 2014, when Google broke our hearts and pawned the brand off after a glorious 20 months of control — is bringing a classic Lenovo name into the Motorola and Android arena this prominently.

To read this article in full, please click here

Read more

White House seeks information on tools used for automated employee surveillance

Credit to Author: avenkat@idg.com| Date: Tue, 02 May 2023 02:23:00 -0700

The White House Office of Science and Technology Policy (OSTP) would soon be releasing a public request for information (RFI) to learn more about the automated tools employers use to surveil, monitor, evaluate, and manage workers, OSTP announced on Monday.

“Employers are increasingly investing in technologies that monitor and track workers, and making workplace decisions based on that information,” the blog released on Monday said, adding that while these technologies can benefit both workers and employers in some cases, they can also create serious risks to workers.

To read this article in full, please click here

Read more

How to protect your small business from social engineering

Categories: Personal

Tags: Small Business Week 2023

Tags: Small Business Week

Tags: phishing

Tags: pretexting

Tags: baiting

Tags: tailgating

Tags: BEC

Tags: CEO fraud

Tags: business email compromise

Tags: O’Neill Bragg & Staffin

Tags: 2022 Internet Crime Report

Tags: FBI

Tags: most reported fraud

Tags: most damaging fraud

Small businesses are frequent targets of social engineering. Here’s what it is and how to protect against it.

(Read more…)

The post How to protect your small business from social engineering appeared first on Malwarebytes Labs.

Read more

A week in security (April 24 -30)

Categories: News

Tags: Lockbit

Tags: cl0p

Tags: papercut

Tags: vmware

Tags: magecart

Tags: fileless

Tags: chatgpt

Tags: apc

Tags: Pupy rat

Tags: guloader

Tags: black basta

Tags: flipper zero

Tags: clickjacking

The most interesting security related news of the week from April 24 till April 30

(Read more…)

The post A week in security (April 24 -30) appeared first on Malwarebytes Labs.

Read more

Generative AI is about to destroy your company. Will you stop it?

Credit to Author: eschuman@thecontentfirm.com| Date: Mon, 01 May 2023 10:21:00 -0700

As the debate rages about how much IT admins and CISOs should use generative AI — especially for coding — SailPoint CISO Rex Booth sees far more danger than benefit, especially given the industry’s less-than-stellar history of making the right security decisions.

Google has already decided to publicly leverage generative AI in its searches, a move that is freaking out a wide range of AI specialists, including a senior manager of AI at Google itself

To read this article in full, please click here

Read more