• CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks
    by Pierluigi Paganini on August 14, 2022 at 6:52 am

    The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 The post CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks appeared first on Security Affairs.

  • Killnet claims to have breached Lockheed Martin
    by Pierluigi Paganini on August 13, 2022 at 4:51 pm

    Russian hacker group Killnet claims to have launched a DDoS attack on the aerospace and defense giant Lockheed Martin.  The Moscow Times first reported that the Pro-Russia hacker group Killnet is claiming responsibility for a recent DDoS attack that hit the aerospace and defense giant Lockheed Martin. The Killnet group also claims to have stolen The post Killnet claims to have breached Lockheed Martin appeared first on Security Affairs.

  • Three flaws allow attackers to bypass UEFI Secure Boot feature
    by Pierluigi Paganini on August 13, 2022 at 9:39 am

    Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that can be exploited to bypass the UEFI Secure Boot feature. Secure Boot is The post Three flaws allow attackers to bypass UEFI Secure Boot feature appeared first on Security Affairs.

  • New exploits can bypass Secure Boot and modern UEFI security protections
    by Lucian Constantin on August 12, 2022 at 8:00 pm

    Two teams of researchers have revealed vulnerabilities this week in Unified Extensible Firmware Interface (UEFI) implementations and bootloaders that could allow attackers to defeat the secure boot defenses of modern PCs and deploy highly persistent rootkits. Researchers from firmware and hardware security firm Eclypsium published a report on vulnerabilities they found in three third-party bootloaders that are digitally signed by Microsoft's root of trust. They can be deployed on PCs as a replacement for the OS bootloader to support pre-boot capabilities for specialized enterprise software such as PC hardware diagnostics, disk rollback, or full disk encryption. To read this article in full, please click here

  • Agencies Are Still Wrangling Over Death Data
    by Natalie Alms on August 12, 2022 at 5:59 pm

    Information about deaths is a key part of administering programs like Social Security, but how data is collected and shared comes with questions.

  • The US offers a $10M rewards for info on the Conti ransomware gang’s members
    by Pierluigi Paganini on August 12, 2022 at 5:58 pm

    The U.S. State Department announced a $10 million reward for information related to five individuals associated with the Conti ransomware gang. The U.S. State Department announced a $10 million reward for information on five prominent members of the Conti ransomware gang. The government will also reward people that will provide details about Conti and its affiliated groups TrickBot and Wizard The post The US offers a $10M rewards for info on the Conti ransomware gang’s members appeared first on Security Affairs.

  • Meta Tests Encrypted Backups and End-to-End Encryption in Facebook Messenger
    on August 12, 2022 at 3:45 pm

    Meta is also introducing an encrypted backup feature called Secure Storage

  • Xiaomi Smartphone Vulnerabilities Could Lead to Forged Payments
    on August 12, 2022 at 3:00 pm

    The devices were powered by MediaTek chips and susceptible to two kinds of attacks

  • SolidBit Ransomware Group Recruiting New Affiliates on Dark Web
    on August 12, 2022 at 2:00 pm

    20% of the earned profit from the distribution of the ransomware will be paid to the affiliates

  • #BHUSA: Bug Bounty Botox – Why You Need a Security Process First
    on August 12, 2022 at 12:00 pm

    Katie Moussouris explains why simply having a bug bounty program isn't enough to fix security problems