Credit to Author: Jonny Evans| Date: Thu, 02 Jun 2022 08:30:00 -0700
Apple says millions of fraudulent attempts are made against the App Store and its users each year. The company prevented $1.5 billion in fraudulent transactions in 2021, it said, in line with similar levels of fraud in 2020.
The company explains how fraudsters attempt to commit fraud via the store.
Credit to Author: BrianKrebs| Date: Tue, 31 May 2022 19:57:58 +0000
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.
Read more
Credit to Author: Susan Bradley| Date: Tue, 31 May 2022 12:55:00 -0700
If you’re like most PC users, your current computer can’t run Windows 11. Microsoft has placed a line in the hardware sand to ensure that only modern machines with certain specifications that harden security can run Windows 11.
Well, sort of. The company provides a workaround, as I’ll discuss in a moment. Whether you should take advantage of this loophole to upgrade PCs (whether yours or your users’) to Windows 11 is the question.
First, if you want to know if a computer can run Windows 11, you can use the PC Health Check app, Microsoft’s diagnostic tool. But if your PC doesn’t support Windows 11, Microsoft’s app doesn’t do a great job of explaining why. Instead, I recommend using either the Windows 11 Requirements Check Tool from ByteJams.com or WhyNotWin11, available on Github. Both tools provide granular detail about why a machine won’t run Windows 11. On my personal laptop at home, for instance, the processor can’t support hardware for hypervisor enforced code integrity, nor does Windows 11 like the graphics display.
Credit to Author: Jonny Evans| Date: Tue, 31 May 2022 12:16:00 -0700
For industrial applications, the Internet of Things risks becoming the Internet of Thieves. Perhaps industries making use of connected solutions should take a leaf out the Apple book and lock down their infrastructure.
As digital processes become deeply embedded across every industry, it makes sense that industrial control systems were tested at this year’s Pwn2Own contest. Hackers were asked to seek out vulnerabilities in industrial software and systems.
Contest winners Daan Keuper and Thijs Alkemade found that once they managed to break into the IT networks used at these companies, it was “relatively easy” to then cause havoc with systems and equipment.
Credit to Author: Evan Schuman| Date: Tue, 31 May 2022 02:30:00 -0700
One of the bigger threats to enterprise cybersecurity involves re-purposed third-party code and open-source code, so you’d
think Google’s Assured Open Source Software service would be a big help.
Think again.
Here’s Google’s pitch: “Assured OSS enables enterprise and public sector users of open source software to easily incorporate the same OSS packages that Google uses into their own developer workflows. Packages curated by the Assured OSS service are regularly scanned, analyzed, and fuzz-tested for vulnerabilities; have corresponding enriched metadata incorporating Container/Artifact Analysis data; are built with Cloud Build including evidence of verifiable SLSA-compliance; are verifiably signed by Google; and are distributed from an Artifact Registry secured and protected by Google.”
Credit to Author: Evan Schuman| Date: Thu, 26 May 2022 03:02:00 -0700
In a move that could have a major impact on enterprise penetration testing and other cybersecurity tactics, the US Department of Justice last Thursday reversed one of its own policies by telling prosecutors not to prosecute anyone involved in “good-faith security research.”
This is one of those common-sense decisions that makes me far more interested in exploring the original DOJ policy (set in 2014, during the Obama era).
The underlying law at issue is the Computer Fraud and Abuse Act, which made it illegal to access a computer without proper authorization. It was passed in 1986 and has been updated several times since then.
Credit to Author: Lucas Mearian| Date: Thu, 26 May 2022 03:00:00 -0700
Pay for some IT professionals is failing to keep up with inflation, according to a salary survey by IT employment consultancy Janco Associates for calendar year 2021. But preliminary data indicates pay for tech workers could soon change drastically with job market in IT tight, and many companies eyeing major tech projects in the year ahead.
With inflation in the US running at about 8% over the past year, salary increases — even for IT execs — have failed to keep pace.
The mean compensation for all IT pros last year rose only 2.05%, with the median salary at $100,022 for those at large enterprises and at $95,681 for IT workers at mid-sized firms, according to Janco.
Credit to Author: Jon Gold| Date: Wed, 25 May 2022 12:45:00 -0700
While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.
Read more
Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 16:55:40 +0000
Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me.
Read more
Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 01:07:59 +0000
Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.
Read more