Tag: Sign | Page 3

Tech brands sign on to HackerOne responsible security drive

March 10, 2022/in Computer Security

Technology brands including GitLab, Starling Bank, TikTok and Wix have signed on to support a new corporate security responsibility pledge drive initiated by penetration testing and bug bounty specialist HackerOne.

The aim of the pledge is to encourage an industry-wide call to action for more transparency and a positive culture around cyber security best practice, as well as ultimately to build a safer internet for all. It focuses on four key areas:

Encouraging transparency to share cyber intelligence and build trust.
Fostering a culture of collaboration that makes the tools needed to reduce risk in the hands of everybody.
Promoting innovation by inspiring developers to work with security in mind.
Holding pledges and their suppliers accountable to following best practice to develop security as a point of differentiation.

Starling Bank’s head of cyber security, Mark Rampton, said: “At Starling, we assume that everything has the potential to be vulnerable, and believe that hyper-vigilance is the best way to stay ahead of threats.

“Security isn’t something we can do in isolation. We work with every member of our staff – and the wider security community, including HackerOne – to ensure we continually fulfil our mission of keeping customer funds and data protected.”

TikTok’s global chief security officer, Roland Cloutier, added: “Transparency is core to TikTok’s business and brand. We deliver transparency on everything from content moderation to our bug bounty programme, so our users are free to innovate and fulfil our mission of inspiring creativity, and bringing joy.

“We know the best way to keep our global TikTok community safe and secure is by inviting the disclosure of potential vulnerabilities, so we can quickly eliminate them.”

HackerOne’s pledge drive comes off the back of a new research report, The corporate security trap: shifting security culture from secrecy to transparency, which found that 64% of organisations maintain a culture of “security through obscurity” and 38% are opaque about how they “do” security.

A majority of security professionals also tended to feel they struggled to build a positive security culture within…

Source…

Stolen Nvidia code signing certificates used to sign off malware

March 7, 2022/in Computer Security

A number of potentially dangerous malware strains have successfully snuck past antivirus software, thanks to highjacking signing certificates stolen from Nvidia.

The Lapsus$ cybercrime gang recently announced it had stolen a terabyte of data from the chip giant, and after failing to come to an agreement with the company on a ransom payment, decided to push the stolen intel live.

As researchers started to scour through the treasure trove of sensitive information, they discovered two code-signing certificates that Nvidia developers use to sign their drivers and executables. These security measures help Windows endpoints verify who built any specific app or program, as well as verifying nothing has been tampered with.

Malware passing off as legit software

Cross-referencing the stolen certificates with their database, the researchers were quick to find them being used to sign malware and other malicious tools.

As reported on the VirusTotal malware scanning service, the certificates were used to sign Cobalt Strike beacons, Mimikatz, as well as various backdoors, remote access trojans, and other malware.

According to security researchers Kevin Beaumont and Will Dormann, the stolen certificates can be found under these serial numbers:

43BB437D609866286DD839E1D00309F5

14781bc862e8dc503a559346f5dcc518

Both certificates have reportedly already expired, but that won’t stop Windows allowing a driver signed with these, to be loaded in the OS.

There are ways to configure Windows Defender Application Control policies to eliminate compromised Nvidia drivers, but as BleepingComputer says, it’s “not an easy task, especially for non-IT Windows users”, who need to wait for the certificates to be added to Microsoft’s certificate revocation list.

Lapsus$ is making a name for itself, rather quickly. Having targeted Impresa, Portugal’s biggest media conglomerate, late last year, taking down multiple websites, TV channels, AWS infrastructure, and Twitter accounts, it also struck the websites of Brazil’s Ministry of Health (MoH), suspending Covid-19 vaccination efforts across the country. It claimed to have stolen 50TB worth of data, before deleting them from the MoH’s servers.

In the Nvidia…

Source…

China’s Economy Is Slowing, a Worrying Sign for the World

January 17, 2022/in Internet Security

BEIJING — Construction and property sales have slumped. Small businesses have shut because of rising costs and weak sales. Debt-laden local governments are cutting the pay of civil servants.

China’s economy slowed markedly in the final months of last year as government measures to limit real estate speculation hurt other sectors as well. Lockdowns and travel restrictions to contain the coronavirus also dented consumer spending. Stringent regulations on everything from internet businesses to after-school tutoring companies have set off a wave of layoffs.

China’s National Bureau of Statistics said Monday that economic output from October through December was only 4 percent higher than during the same period a year earlier. That was a deceleration from the 4.9 percent growth in the third quarter, July through September.

The world’s demand for consumer electronics, furniture and other home comforts during the pandemic has produced record-setting exports for China, preventing its growth from stalling. Over all of last year, China’s economic output was 8.1 percent higher than in 2020, the government said. But much of the growth was in the first half of last year.

The snapshot of China’s economy, the main locomotive of global growth in the last few years, adds to expectations that the broader world economic outlook is beginning to dim. Making matters worse, the Omicron variant of the coronavirus is now starting to spread in China, leading to more restrictions around the country and raising fears of renewed disruption of supply chains.

The slowing economy poses a dilemma for China’s leaders. The measures they have imposed to address income inequality and rein in companies are part of a long-term plan to protect the economy and national security. But officials are wary of causing short-term economic instability, particularly in a year of unusual political importance.

Next month, Beijing hosts the Winter Olympics, which will focus an international spotlight on the country’s performance. In the fall, Xi Jinping, China’s leader, is expected to claim a third five-year term at a Communist Party congress.

Mr. Xi has sought to strike an optimistic note. “We have every confidence in…

Source…

Sign in with Apple: What it is and why you should use it

December 11, 2021/in Mobile Security

2019-06-03-17-10-02 — Sign In with Apple will appear on apps. You could also use an email address instead.

Érika García / CNET

Sign in with Apple is a privacy tool that gives iOS users more security when using third-party apps and websites with their Apple ID. You can choose the Sign in With Apple tool to verify your credentials instead of signing in with Facebook, Google or making a brand new account.

Sign in with Apple signaled the tech giant’s commitment to privacy that the company has long made a mantra. Since then, Apple has added more privacy controls to iOS, including the ability to stop apps from tracking you across websites, and “nutrition labels” that let you see what information apps collect before you download.

Here’s everything you need to know about how Sign in with Apple works and how to use it. Plus, here’s how to check your iPhone’s privacy settings in two easy steps and nine rules for strong passwords.

How to use Sign in with Apple

1. When you open an app or website — if it supports Sign in with Apple — simply tap Continue with Apple.

Brett Pearce/CNET

2. Accept or deny any permissions the app asks for.

3. Follow the onscreen prompts regarding your Apple ID. You can choose to edit your name, share or hide your email. Choose Continue.

4. Enter your passcode when prompted. You can also confirm with Face ID or Touch ID. If you don’t have any of the three, you can use your Apple ID password.

As long as you’re signed in on your device, you’ll be signed into the app. To sign out, just locate the settings in the app or website and choose Sign Out. You’ll need to repeat the process if you want to sign back in.

Source…

Tag Archive for: Sign

How to use Sign in with Apple