Dangerous evolution of Ransomware - Started as ransom for encryption our files, changed to data/pictures exposure black mail and now it could wipe important evidence and let dangerous people walk free.

https://nakedsecurity.sophos.com/2020/02/28/ransomware-wipes-evidence-lets-suspected-drug-dealers-walk-free/

Another reminder for "Prevention is better than cure" - Once you are infected by Malware, you will be at the mercy of its author who will determine what they want to get out of you.

https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/

Security folks love NIST CSF but have difficulty adapting it. Now, if you are an AWS customer then it has become easier. download the Aligning to the NIST CSF in the AWS Cloud" whitepaper for more details.

https://pages.awscloud.com/aligning-to-the-NIST-CSF-in-the-AWS-Cloud.html

I did not know that there are vacuum cleaners with video cameras (that also allows hackers to view the video). Makes total sense, It will CLEAN your house and may also help (robbers) to CLEAN-UP your house.

https://threatpost.com/unpatched-security-flaws-open-connected-vacuum-to-takeover/153142/

Outsourcing important IT Services is not a bad idea but with what's going on recently, shouldn't we also consider a scenario of vendor being taken down by Malware, Ransomware, Breach, etc

. I am excluding big guns like Microsoft, Amazon and Google.


https://threatpost.com/iss-world-hit-with-malware-attack-that-shuts-down-global-computer-network/153109/

What happens when a (dumb) vendor cannot separate test and production environment - Nothing much , just a bunch of freaked-out customers

Many owners of Samsung smartphones have received an odd notification but the message  simply disappeared when they clicked on it. Samsung explains "This notification was confirmed as a message sent unintentionally during internal testing and there is no effect on your device"

https://www.grahamcluley.com/samsung-find-my-mobile-notification/

Are you sure the stranger in the street is taking a selfie,not your picture?

 - If it is your picture then he/she may also be able to gather your personal information, thanks to "Clearview AI"

https://www.nowtheendbegins.com/clearview-ai-app-allows-strangers-access-your-name-address-phone-number/

Reminder - Hackers don't care , Anyone can be a victim

 so, stop burying your head in the sand thinking my account/business is not important enough to be hacked.


https://hotforsecurity.bitdefender.com/blog/data-breach-hits-san-diego-low-income-preschool-provider-22261.html?utm_source=dlvr.it&utm_medium=twitter

Free guide for SYSMON ,an excellent security tool from Microsoft

Remember "Prevention is Ideal but Detection is a MUST."

Sysmon is designed to extend the current logging capabilities in Windows to aid in understanding and detecting attackers by behavior.

Download Link:
https://lnkd.in/gupkbqK

hxxps://github.com/trustedsec/SysmonCommunityGuide/releases

WhatsApp users, here's something to remember - A vulnerability (in desktop app) could allow the spread of malware

. It could also  impact WhatsApp for iPhone, if we don’t update our desktop and mobile apps, and if we don’t use newer versions of the Chrome browser.

https://threatpost.com/whatsapp-bug-malicious-code-injection-rce/152578/

This could happen to any organization - Ransomware => Blackmail => Data Breach

 The gang places the company name on a website. If a payment is not forthcoming immediately it then places a small amount of the stolen data on the site as proof. If payment is received the name is removed. The important question is "how can we be sure?" after all what's stopping them from blackmailing again.

https://www.scmagazine.com/home/security-news/ransomware/maze-ransomware-publicly-shaming-victims-into-paying/

How to drive cars with autopilot crazy? - Project fake images from drones on the road or on surrounding billboards, as rea

l.  Researchers  were able to create “phantom” images; use a projector to transmit them within the autopilots’ range of detection; and trick systems into believing that they are legitimate.

https://threatpost.com/tesla-autopilot-duped-by-phantom-images/152491/