Independent – Page 39 – PossibleThreat Articles

Q&A: Cisco CIO Fletcher Previn on the challenges of a hybrid workplace

March 27, 2023 0 Comments endpoint protection, IT Leadership, it management, IT Strategy, networking, remote work, Security

In April, 2021, Cisco CEO Chuck Robbins announced he would let all 75,000 employees work remotely indefinitely, even after the COVID-19 pandemic ended. The company had seen no drop in productivity by allowing employees to work from home and expected to save money by not fully staffing offices. When and how often employees should come into the office would be up to their managers, who abide by a flexible hybrid policy.

But that shift brought technology challenges most companies are by now familiar with: how do you secure networks when the employee’s home is essentially a branch office? How do you create company culture from afar? And, how do you retain employees at a time when IT talent is in historically high demand.

To read this article in full, please click here

Independent Krebs Security

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

March 22, 2023 0 Comments A Little Sunshine, breachforums, bytedance, darknavy, Data Breaches, Google, Latest Warnings, liu huafang, pdd holdings, pinduoduo, Project Zero, temu, TikTok, Web Fraud 2.0, weibo

Credit to Author: BrianKrebs| Date: Wed, 22 Mar 2023 23:11:08 +0000

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.

Independent Krebs Security

Why You Should Opt Out of Sharing Data With Your Mobile Provider

March 20, 2023 0 Comments A Little Sunshine, AT&T, CCPA, cpni, custom experience plus, customer proprietary network information, Data Breaches, Electronic Privacy Information Center, enhanced relevant advertising program, FCC, Federal Communications Commission, gavin wright, maids, mashable, mobile advertising ids, T-Mobile, techtarget, verizon, verizon custom experience plus, verizon selects, Verizon Wireless

Credit to Author: BrianKrebs| Date: Mon, 20 Mar 2023 14:47:56 +0000

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like “What the heck is CPNI?” And, ‘If it’s so ‘customer proprietary,’ why is AT&T sharing it with marketers?” Also maybe, “What can I do about it?” Read on for answers to all three questions.

ComputerWorld Independent

Russia’s iPhone ban and the digital supply chain

March 20, 2023 0 Comments Apple, iPhone, Mobile, Security, small and medium business

Russia’s Kremlin ordered officials to stop using iPhones, apparently over concerns the devices could be vulnerable to Western intelligence agencies, Reuters reports. When surveillance-as-a-service firms sit exposed for brazenly undermining device security, it’s hard to think there isn’t an argument there. But the bigger story isn’t the harm to Apple’s small business in Russia, it’s the threat to digital supply chains it shows.

To read this article in full, please click here

Independent Krebs Security

Feds Charge NY Man as BreachForums Boss “Pompompurin”

March 17, 2023 0 Comments A Little Sunshine, breachforums, conor brian fitzpatrick, dc health link, FBI, john langmire, Ne'er-Do-Well News, pompompurin

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2023 23:39:22 +0000

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum’s administrator “Pompompurin” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.

ComputerWorld Independent

Patch Office and Windows now to resolve two zero-days

March 17, 2023 0 Comments Microsoft, Security, small and medium business, Windows

Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month’s Patch Tuesday release to 84.

Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a “Patch Now” release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.

To read this article in full, please click here

Independent Krebs Security

Microsoft Patch Tuesday, March 2023 Edition

March 15, 2023 0 Comments cve-2023-23397, cve-2023-24800, dustin childs, immersive labs, kevin breen, microsoft 365 apps for enterprise, microsoft patch tuesday march 2023, rapid7, security tools, The Coming Storm, Time to Patch, windows smartscreen, zero day initiative

Credit to Author: BrianKrebs| Date: Wed, 15 Mar 2023 15:19:32 +0000

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.

ComputerWorld Independent

Feds to Microsoft: Clean up your security act — or else

March 15, 2023 0 Comments Government, Government IT, Microsoft, Security

The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.

Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.

It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.

To read this article in full, please click here

Independent Krebs Security

Two U.S. Men Charged in 2022 Hacking of DEA Portal

March 14, 2023 0 Comments A Little Sunshine, convict, Data Breaches, doxbin, emergency data request, kt, Ne'er-Do-Well News, nicholas ceraolo, ominus, phobia, ryan stevenson, sagar steven singh, u.s. drug enforcement agency, vile, Web Fraud 2.0, weep

Credit to Author: BrianKrebs| Date: Wed, 15 Mar 2023 01:25:20 +0000

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

Independent Krebs Security

Who’s Behind the NetWire Remote Access Trojan?

March 9, 2023 0 Comments A Little Sunshine, Breadcrumbs, constella intelligence, domaintools, dugidox, FBI, mario zanko, Ne'er-Do-Well News, netwire rat

Credit to Author: BrianKrebs| Date: Thu, 09 Mar 2023 18:52:25 +0000

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.