Independent – Page 63 – PossibleThreat Articles

Actions Target Russian Govt. Botnet, Hydra Dark Market

April 7, 2022 0 Comments ars technica, asus, beserk bear, cyclops blink, dan goodin, dragonfly 2.0, FBI, federal security service, garantex, german federal criminal police office, gru, hydra market, main intelligence directorate, Ne'er-Do-Well News, notpetya, Ransomware, russian fsb, sandworm, trisis, triton, u.s. department of justice, u.s. department of treasury, voodoo bear, vpnfilter, watchguard, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 07 Apr 2022 22:03:45 +0000

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.

Independent Krebs Security

The Original APT: Advanced Persistent Teenagers

April 6, 2022 0 Comments A Little Sunshine, advanced persistent teenagers, amit yoran, APT, cisa, FBI, lapsus, Microsoft, Ne'er-Do-Well News, NVIDIA, okta, Samsung, tenable, The Coming Storm, twitter hack, vishing, voice phishing, wired

Credit to Author: BrianKrebs| Date: Wed, 06 Apr 2022 17:55:38 +0000

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world’s biggest corporations on edge.

ComputerWorld Independent

Windows 11 — we haven’t seen anything, yet

April 6, 2022 0 Comments Microsoft, Security, windows 11

Credit to Author: Rob Enderle| Date: Wed, 06 Apr 2022 10:24:00 -0700

Disclosure: Microsoft is a client of the author.

Microsoft this week had an analyst event about Windows 11 and a variety of productivity, management, and security features the company has planned. Over the last couple of years, Microsoft has aggressively improved both Windows and Office 365, but the big change ahead is the potential blend of Windows with Windows 365. We’ll see that start by the end of the year. The end game should be what appears to be a Windows desktop that integrates so well with the cloud that it can, when necessary, seamlessly switch between instances to comply with company policy, assure security, and provide recourse on automatic demand from Azure Cloud.

To read this article in full, please click here

ComputerWorld Independent

Apple quietly stops meaningful auto-updates in iOS

April 5, 2022 0 Comments Apple, Mobile, Security, small and medium business

Credit to Author: Evan Schuman| Date: Tue, 05 Apr 2022 09:14:00 -0700

In the mobile world pitting Apple’s iOS devices against Google’s Android devices, Apple has historically had one distinct advantage: patches and updates.

Given the fragmented nature of Android (hundreds of handset manufacturers versus just one for iOS), it is simply far easier for Apple to quickly and efficiently push out updates in a way that allows a large percentage of users get updates quickly. That has been true regardless of whether its new functionality or a critical security patch.

So what’s the problem? Craig Federighi, Apple’s senior vice president of software engineering, has quietly said that Apple has dramatically slowed down auto updates — by as much as a month.

To read this article in full, please click here

ComputerWorld Independent

Android 12 Upgrade Report Card: What a weird year

April 5, 2022 0 Comments Android, Google, Operating Systems, productivity software, samsung electronics, Security, smartphones, software provider

Credit to Author: JR Raphael| Date: Tue, 05 Apr 2022 03:00:00 -0700

In the world of software, six months is an eternity.

Heck, look at how much has happened over the past six months since Android 12 came into the universe. Google started and then finished a hefty 0.1-style update that lays the groundwork for significant large-screen improvements to the Android experience. And it’s now well into the public development phase of its next big Android version, Android 13 — which is the rapidly forming release on most folks’ minds at this point.

To read this article in full, please click here

ComputerWorld Independent

The Russian cyberattack threat might force a new IT stance

April 4, 2022 0 Comments Security

Credit to Author: Evan Schuman| Date: Mon, 04 Apr 2022 09:20:00 -0700

There’s a lot of fear of possible Russian cyberattacks stemming from Russia’s attempted takeover of Ukraine. Perhaps the biggest worry —and quite possibly the most likely to materialize — is that these cyberattacks will likely be finely tuned as retaliation for US financial moves against the Russian economy.

The cyberattacks would be designed not to steal money or data per se, but to harm the US economy by strategically hitting major players in key verticals. In other words, the Russian government might say, “You hurt our economy and our people? We’ll do the same to you.”

Thus far, there’s no evidence of any large-scale attack, but one could be launched at any time.

To read this article in full, please click here

ComputerWorld Independent

When should the data breach clock start?

April 1, 2022 0 Comments Security

Credit to Author: Evan Schuman| Date: Fri, 01 Apr 2022 08:39:00 -0700

One of the most difficult issues in enterprise cybersecurity — something the US Securities and Exchange Commission is now openly struggling with — is when should an enterprise report a data breach?

The easy part is, “how long after the enterprise knows of the breach should it disclose?” Different compliance regimes come to different numbers, but they are relatively close, from GDPR’s 72 hours to the SEC’s initial four days.

To read this article in full, please click here

Independent Krebs Security

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

March 31, 2022 0 Comments A Little Sunshine, Apple, bloomberg, Bug, discord, facebook, Instagram, lapsus, meta, Ne'er-Do-Well News, sen. ron wyden, snapchat, twitter, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 31 Mar 2022 22:54:45 +0000

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.

ComputerWorld Independent

How to stop worrying and love zero trust

March 31, 2022 0 Comments remote work, Security, Technology Industry

Credit to Author: Mike Elgan| Date: Thu, 31 Mar 2022 03:00:00 -0700

Countless articles have been published in the past few years about zero trust, most of them explorations and expositions for security professionals.

But I want to write for remote workers on the other side of the so-called “trust” equation — the people who will deal with the changes and inconveniences as zero-trust strategies are implemented and refined over the next few years.

Welcome to this jargon-free explanation of zero trust.

To read this article in full, please click here

ComputerWorld Independent

How Russia’s invasion of Ukraine affected the cyber threat landscape

March 30, 2022 0 Comments cyberattacks

Since Russia’s invasion of Ukraine last month and consequential sanctions against the Kremlin, the threat of cyberattacks in the U.S. and abroad has been looming. While the threat of attacks on critical infrastructure has increased, it hasn’t escalated to the all-out cyberwar that some were expecting. CSO Online senior writer Lucian Constantin joins Juliet to discuss how the cyber threat landscape has evolved as a result of the war in Ukraine and what organizations can do to increase their cyber incident defenses. For more on this topic, check out this article from CSO Online: Conti gang says it's ready to hit critical infrastructure in support of Russian government: https://www.csoonline.com/article/3651498/conti-gang-says-its-ready-to-hit-critical-infrastructure-in-support-of-russian-government.html