Re-Focusing Cyber Insurance with Security Validation

Re-Focusing Cyber Insurance with Security Validation,

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases.
Some Akin Gump Strauss Hauer & Feld LLP’s law firm clients, for example, reported a three-fold increase in insurance

,

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases.
Some Akin Gump Strauss Hauer & Feld LLP’s law firm clients, for example, reported a three-fold increase in insurance

, ,
https://thehackernews.com/2022/11/re-focusing-cyber-insurance-with.html

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models,

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices.
« The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS, » Slovak cybersecurity firm ESET explained in a series of tweets.
UEFI

,

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices.
« The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS, » Slovak cybersecurity firm ESET explained in a series of tweets.
UEFI

, ,
https://thehackernews.com/2022/11/new-uefi-firmware-flaws-reported-in.html

Attention, cette extension de navigateur est un vrai paradis pour les pirates

Attention, cette extension de navigateur est un vrai paradis pour les pirates,

logiciel malveillant pirate

Une nouvelle extension malveillante qui permet aux pirates de contrôler votre navigateur web à distance a été identifiée. Largement répandue sur le web, elle représente une vraie aubaine pour les hackers.

,

logiciel malveillant pirate

Une nouvelle extension malveillante qui permet aux pirates de contrôler votre navigateur web à distance a été identifiée. Largement répandue sur le web, elle représente une vraie aubaine pour les hackers.

, ,
https://www.01net.com/actualites/attention-cette-extension-de-navigateur-est-un-vrai-paradis-pour-les-pirates.html

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network,

The Russia-linked APT29 nation-state actor has been found leveraging a « lesser-known » Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity.
« The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting, » Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.

,

The Russia-linked APT29 nation-state actor has been found leveraging a « lesser-known » Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity.
« The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting, » Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.

, ,
https://thehackernews.com/2022/11/apt29-exploited-windows-feature-to.html

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network,

A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks.
« Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks, » Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News.

,

A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks.
« Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks, » Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News.

, ,
https://thehackernews.com/2022/11/several-cyber-attacks-observed.html

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network,

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet.
Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject

,

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet.
Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject

, ,
https://thehackernews.com/2022/11/experts-warn-of-browser-extensions.html

Top 5 API Security Myths That Are Crushing Your Business

Top 5 API Security Myths That Are Crushing Your Business,

There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. 
Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bear financial losses. But there are other consequences too: 

Reputational damage 
Customer attrition

,

There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. 
Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bear financial losses. But there are other consequences too: 

Reputational damage 
Customer attrition

, ,
https://thehackernews.com/2022/11/top-5-api-security-myths-that-are.html

New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide

New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide,

An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world.
IceXLoader is a commodity malware that’s sold for $118 on underground forums for a lifetime license. It’s chiefly employed to download and execute additional malware on breached hosts.
This past June, Fortinet FortiGuard Labs said

,

An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world.
IceXLoader is a commodity malware that’s sold for $118 on underground forums for a lifetime license. It’s chiefly employed to download and execute additional malware on breached hosts.
This past June, Fortinet FortiGuard Labs said

, ,
https://thehackernews.com/2022/11/new-icexloader-malware-loader-variant.html

Le scandale des logiciels espions atteint l’Union européenne

Le scandale des logiciels espions atteint l’Union européenne,

Un rapport préliminaire dénonce le manque de réactivité de l’Union européenne pour surveiller et réglementer l’utilisation de logiciels espions tels que Pegasus par des organisations contrôlées par certains États membres.

,

Un rapport préliminaire dénonce le manque de réactivité de l’Union européenne pour surveiller et réglementer l’utilisation de logiciels espions tels que Pegasus par des organisations contrôlées par certains États membres.

, ,
https://www.01net.com/actualites/le-scandale-des-logiciels-espions-atteint-lunion-europeenne.html

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software,

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions.
Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system.
CVE-2022-31685 is an

,

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions.
Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system.
CVE-2022-31685 is an

, ,
https://thehackernews.com/2022/11/vmware-warns-of-3-new-critical-flaws.html