Tag: Puts | Page 3

The US Puts a $10M Bounty on DarkSide Ransomware Hackers

November 7, 2021/in Computer Security

On Friday, the radical transparency group DDoSecrets released hundreds of hours of police helicopter surveillance footage. It’s unclear who originally obtained the data, or what that person’s motivations were, but the trove shows how extensive law enforcement’s eye-in-the-sky has become, and how high-fidelity its cameras are. Privacy advocates also say the incident underscores that authorities don’t do nearly enough to protect sensitive data, and have retention policies that are far too lax.

In other aerial news: For the first time, intelligence officials say, a consumer drone likely attempted to disrupt the US power grid. The July 2020 incident took place at a power substation in Pennsylvania; a DJI Mavic 2 quadcopter outfitted with nylon ropes and copper wire seemed determined to cause a short circuit, but crash-landed on a nearby roof before it reached its apparent target. Security experts have warned about this possibility for years, and say that regulatory bodies haven’t moved quickly enough to mitigate the threat.

This week saw China’s new data privacy law go into effect, and the ramifications have already begun to play out. Yahoo! exited the country, citing an “increasingly challenging business and legal environment.” And while the regulations are some of the strictest in the world, the fact that the Chinese has tied them to national security interests—and continues to give itself extraordinary access to its citizens’ data—may inspire other countries to take a similarly aggressive posture.

Cryptocurrency scammers used the popularity of the Netflix hit Squid Game to gin up interest, then pulled the rug on investors to the tune of over $3 million. The White House Market dark web bazaar shuttered earlier this month, but raised the bar for security measures during its brief reign. And if you’ve got iCloud+, here’s how to take advantage of all of the new security measures you can now access.

Finally, make sure you set aside a few minutes this weekend to dive into this tale of how a group of fed up parents built their own open source version of their school system’s app—only to have the city call the cops on them.

And there’s more! Each week we round up all the security…

Source…

Microsoft’s Failure to Prioritize Security Puts Everyone at Risk

October 14, 2021/in Computer Security

It has been a very busy year when it comes to Microsoft zero-day attacks. According to KrebsOnSecurity, May is the only month in 2021 that Microsoft didn’t release a patch to defend against at least one zero-day exploit. And Microsoft vulnerabilities are playing a bigger role in the spate of ransomware infections organizations are grappling with than most probably are aware of (more on that below).

Artboard 1-2 The issue is not the mere presence of vulnerabilities in Microsoft code – that’s something that unfortunately is almost unavoidable when you’re dealing with billions of lines of code, and most developer shops make a serious effort to weed them out before the code goes into production.

Until we find a way to reliably automate vulnerability remediation at scale, there are going to be exploitable bugs now and again.

The issue here is Microsoft’s lackluster track record in assuring fewer vulnerabilities make it to market so their customers can be more secure – and it’s security that is the real rub here.

Over the last few years, Microsoft has been making huge investments in security, but those investments are not focused on making their products more secure, they are directed at developing new product offerings in the security space.

To be clear here, Microsoft as an organization has made a conscious decision to forgo improving their product security in favor of going after new revenue streams as a security vendor.

So essentially, Microsoft – arguably the most prolific and ubiquitous IT products and services providers on the planet, and thus the biggest target for attackers – is looking to cash-in by offering to protect everyone from the vulnerabilities they introduce into the market.

Enlarge the infographic here…

This is akin to a fast food chain deciding not to make their food healthier but instead choosing to invest in fitness centers, or Big Tobacco funding cancer research instead of just ceasing to sell cancer-causing agents. And, after they have successfully conditioned us to accept the fact that their products are perpetually vulnerable with the monthly Patch Tuesday fire drills, they now want organizations to trust that they are the best choice to…

Source…

A zero-day iOS attack puts SolarWinds hackers at risk for a fully updated iPhone

August 1, 2021/in Internet Security

According to Google and Microsoft, a Russian national hacker who organized a SolarWinds supply chain attack last year was part of another malicious email campaign aimed at stealing web credentials from the Western European government. Exploited a zero-day attack on iOS.

so Position Google announced Wednesday, and researchers Maddy Stone and Clement Lesigne said at the time that “actors who may be backed by the Russian government” sent a message to government officials via LinkedIn. He said he exploited an unknown vulnerability.

Moscow, Western Europe, USAID

An attack targeting CVE-2021-1879 redirected the user to a domain that had a malicious payload installed on a fully updated iPhone due to zero-day tracking. According to researchers, the attack was consistent with a campaign by the same hacker who delivered malware to Windows users.

Campaigns are closely tracked to one Microsoft disclosed in May.. In that case, Microsoft has an account under USAID, the name Nobelium used by the company to identify the hackers behind SolarWinds supply chain attacks, which is the U.S. government agency that manages private foreign and development assistance. He said he had infringed first. By managing the account of the agency of the online marketing company Constant Contact, hackers can send emails that appear to be using an address that is known to belong to a US agency.

The federal government attributed last year’s supply chain attack to hackers working at Russia’s Foreign Intelligence Service (SVR for short).for 10 years or more, SVR has conducted malware campaigns targeting governments, political think tanks, and other organizations in countries such as Germany, Uzbekistan, South Korea, and the United States.target It contains 2014 US State Department and White House. Other names used to identify the group include APT29, Dukes, and Cozy Bear.

In an email, Shane Huntley, head of Google’s threat analysis group, confirmed the link between USAID-related attacks and iOS zero-day attacks on the WebKit browser engine.

“These are two different campaigns, but based on our visibility, we believe that the actors behind WebKit’s zero-day and USAID campaigns are the same group of…

Source…

Colonial Pipeline Hack Puts Cybersecurity Back In Focus. Which Stocks Should You Pick?

May 19, 2021/in Internet Security

BRAZIL – 2019/07/17: In this photo illustration the Fortinet logo is seen displayed on a smartphone. … [+] (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)

SOPA Images/LightRocket via Getty Images

Our theme of Cyber Security Stocks has declined by about -6% year-to-date, significantly underperforming the S&P 500 which has gained about 11% over the same period. However, the sector is likely to come back into focus for a couple of reasons. Firstly, there was a major cyber attack on the computer systems of the Colonial Pipeline forcing a shutdown of a pipeline that controls roughly half the gasoline, jet fuel, and diesel flowing along the U.S. East Coast. This marks the second major attack on core U.S. infrastructure in six months, coming on the heels of the Solar Winds hack which was reported last December. Secondly, last week, President Joe Biden signed an executive order aimed at bolstering the federal government’s cybersecurity defenses, with a host of plans to implement stronger cybersecurity standards. The recent events are likely to cause companies and the U.S. government re-assess threats and potentially increase cybersecurity-related budgets. This should bode well for companies that provide software, hardware, and services that help protect computer systems and networks.

Within our theme, Fortinet, a company that provides cybersecurity-related hardware and software, has been the strongest performer, rising by about 37% year-to-date driven by stronger than expected earnings in recent quarters. On the other side, the stock price for Qualys a company that provides cloud security, compliance, and related services, remains down by about 18% this year, as its outlook for this fiscal year was lighter than analysts expected.

[4/14/2021] How’s Our Cybersecurity Theme Faring?

Our indicative portfolio of Cyber Security Stocks has declined by about -1% year-to-date, underperforming the S&P 500 which has gained about 10% over the same period. However, the theme remains up by over 130% since the end of 2019, significantly outperforming the broader markets. The recent sell-off comes as investors book profits on remote working and SaaS…

Source…

Tag Archive for: Puts