Independent – Page 68 – PossibleThreat Articles

Take your time testing these February Patch Tuesday updates

February 11, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Credit to Author: Greg Lambert| Date: Fri, 11 Feb 2022 12:21:00 -0800

There are (as of now) 51 patches to the Windows ecosystem for February, but no critical updates and no “Patch Now” recommendations from the Readiness team. I’m hoping that with this month’s list of Patch Tuesday updates, we can enjoy the quiet after the storm. January was tough for a lot of folks. And, with this month’s very light release from Microsoft, corporate security and systems administrators can take the time needed to test their applications and desktop/server builds. It’s also important to invest in their testing methodologies, release practices, and how their applications may be affected by OS-level updates and patches.

To read this article in full, please click here

Independent Krebs Security

Russian Govt. Continues Carding Shop Crackdown

February 9, 2022 0 Comments alexander kovalev, artem bystrykh, denis pachevsky, department k, ferum shop, flashpoint, gemini advisory, get-net llc, infraud, Ne'er-Do-Well News, saratovfilm film company llc, sky-fraud, stas alforov, tass, transtekhkom llc, trump's-dumps, unicc, vladislav gilev, Web Fraud 2.0, yaroslav solovyov

Credit to Author: BrianKrebs| Date: Thu, 10 Feb 2022 01:34:48 +0000

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next.

Independent Krebs Security

Microsoft Patch Tuesday, February 2022 Edition

February 8, 2022 0 Comments allan liska, andrew cunningham, ars technica, cve-2022-21989, cve-2022-21996, cve-2022-22005, greg wiseman, immersive labs, kevin breen, print spooler, rapid7, recorded future, Time to Patch, win32k

Credit to Author: BrianKrebs| Date: Tue, 08 Feb 2022 22:38:16 +0000

Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.

Independent Krebs Security

IRS To Ditch Biometric Requirement for Online Access

February 7, 2022 0 Comments A Little Sunshine, id.me, internal revenue service, sen. ron wyden, the washington post, u.s. general services administration

Credit to Author: BrianKrebs| Date: Mon, 07 Feb 2022 20:56:52 +0000

The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less intrusive methods for validating one’s identity with the U.S. government online.

ComputerWorld Independent

Addigy talks up Apple-in-the-enterprise tech show

February 7, 2022 0 Comments Apple, iPhone, MacOS, mobile device management, Security

Credit to Author: Jonny Evans| Date: Mon, 07 Feb 2022 04:13:00 -0800

Apple’s continuing enterprise momentum means it’s grabbing a growing slice of the business ecosystem, and the expansion is driving growth across the Apple device management ecosystem.

Addigy Innovate 2022

Reflecting this, Addigy recently announced plans to hold its annual Innovate 2022 conference later this month. I spoke with Jason Dettbarn, founder and CEO, who says the event will include keynotes and product presentations, including one hosted by The Ethical Hacker author Ralph Echemendia.

To read this article in full, please click here

ComputerWorld Independent

Q&A: CISO sees 'enterprise' browser as easier way to monitor employee web use

February 4, 2022 0 Comments Browsers, chrome, Security

Credit to Author: Lucas Mearian| Date: Fri, 04 Feb 2022 03:00:00 -0800

Over the past several years, Ashland Specialty Chemicals, a global specialty materials and chemical company with about 4,200 employees, has been downsizing. It shuttered its physical datacenter and adopted more of a software-as-a-service strategy for business apps such as Salesforce and Workday. With the shift to the cloud, the company also had to address keeping web traffic secure as its hybrid workforce accessed sensitive data online.

While the company continues to use more traditional, and costly, firewalls such as Cloud Access Security Brokers (CASB) and Secure Access Service Edge (SASE) to secure web gateways, it has also been testing an enterprise-specific browser from a start-up company named Island.

To read this article in full, please click here

Independent Krebs Security

How Phishers Are Slinking Their Links Into LinkedIn

February 3, 2022 0 Comments A Little Sunshine, amazon, avanan, check point, fortinet, irs, jeremy fuchs, Latest Warnings, LinkedIn, Microsoft, Paypal, slinks, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 03 Feb 2022 18:49:38 +0000

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft).

ComputerWorld Independent

Second Israeli firm accused of undermining iPhones, like NSO Group

February 3, 2022 0 Comments Apple, iPhone, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Thu, 03 Feb 2022 09:08:00 -0800

As if recent revelations about NSO Group weren’t bad enough, yet another Israeli firm — QuaDream — has now been accused of using the same hack to undermine iPhone security.

QuaDream also used the hack, Reuters claims

A Reuters report has the details:

QuaDream made use of the same flaw to commit similar attacks against iPhones.
The company is smaller than NSO Group, but also sells smartphone hacking tools to governments.
Both companies used the same highly sophisticated “zero-click” ForcedEntry attack, which enabled them to remotely break into iPhones without an owner needing to click a malicious link.
Once deployed, attackers using the software could access messages, intercept calls, and use the device as a remote listening device. They also gained access to the camera and more.
Apple closed this vulnerability in September 2021.
It is believed NSO Group software was used to target the family of murdered Saudi journalist Jamal Khashoggi.

The news follows the revelation that the FBI also obtained NSO’s Pegasus spyware, but claims it did not use it. That also follows another recent claim that NSO Group offered “bags of cash” in exchange for access to US cellular networks via the SS7 network.

To read this article in full, please click here

ComputerWorld Independent

Start-up emerges with an ‘enterprise browser'

February 2, 2022 0 Comments Browsers, Google, Internet, Microsoft, Microsoft Edge, Security

Credit to Author: Lucas Mearian| Date: Wed, 02 Feb 2022 04:00:00 -0800

A start-up has emerged from stealth mode to announce what it describes as one of the world’s first enterprise-specific browsers, capable of governing how users interact with all SaaS and web applications.

The new Island web browser is based on the widely used Chromium open-source platform. Launched by a company with the same name, Island offers users a familiar online experience while governing what sites they can visit, the data they can view, and what files they can download or upload. Restrictions can be dialed up or down and can be specific to a user’s role in an organization.

For example, a user could be surfing the web with the standard Chrome, Edge, or Safari browsers, but if they try to access a site that’s off-limits based on the Island settings, they’d be blocked and told to use their secure browser. The Island browser can even stop an employee from taking screenshots of sensitive data, depending on the settings IT admins choose to implement.

To read this article in full, please click here

ComputerWorld Independent

Why Apple’s improved 2FA protection matters to business

February 2, 2022 0 Comments Apple, iOS, MacOS, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Tue, 01 Feb 2022 06:01:00 -0800

Apple has introduced a new layer of protection to its existing two-factor authentication (2FA) system, making it a little harder for phishing attacks to successfully steal valuable authentication credentials.

Given that Apple, PayPal, and Amazon were the top three brands used for successful phishing attacks last year, according to a recent Jamf report, this matters.

Phishing costs billions and is bad for business

Phishing is a huge problem. The scale of these attacks shot up during the pandemic. The FBI Internet Crime Report 2020 revealed that phishing attacks affected 241,342 victims in 2020, up from 114,702 in 2019, with adjusted losses of more than $54 billion. Verizon’s 2021 Data Breach Investigations Report confirmed that 36% of data breaches that year involved phishing.

To read this article in full, please click here