Ctrl-Alt-Risk

@ControlAltRisk
1 Followers
3 Following
8 Posts
Ctrl-Alt-RiskSep 2, 2025
BrianKrebsSep 2, 2025

This is an unwelcome development: New research shows Android-based malware droppers aren't just delivering banking trojans anymore: They're also being loaded with SMS stealers and spyware.

Dutch mobile security firm ThreatFabric finds the shift comes amid changes Google is piloting in certain markets like Thailand, Singapore, Brazil and India to block sideloading of suspicious apps requesting dangerous permissions.

The report says the other factor driving this trend is that threat actors want to future-proof their operations. "By encapsulating even basic payloads inside a dropper, they gain a protective shell that can evade today’s checks while staying flexible enough to swap payloads and pivot campaigns tomorrow."

https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware

Android Droppers: The Silent Gatekeepers of Malware

In our latest research we describe how droppers on Android are the silent malware gate keepers.

Ctrl-Alt-RiskSep 2, 2025
Zeljka ZorzSep 2, 2025

@campuscodi

https://www.helpnetsecurity.com/2025/09/02/zscaler-palo-alto-networks-spycloud-among-the-affected-by-salesloft-breach/

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach - Help Net Security

Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud say their Salesforce instances were accessed following the Salesloft breach.

Help Net Security
Ctrl-Alt-RiskAug 25, 2025
Joseph WilliamsAug 23, 2025

AI browsers can’t tell legitimate websites from malicious ones — here’s why that’s putting you at risk
https://www.tomsguide.com/computing/online-security/ai-browsers-cant-tell-legitimate-websites-from-malicious-ones-heres-why-thats-putting-you-at-risk?utm_source=flipboard&utm_medium=activitypub

Posted into Cybersecurity Today @cybersecurity-today-rhudaur

AI browsers can’t tell legitimate websites from malicious ones — here’s why that’s putting you at risk

Popular AI browser entered sensitive personal and financial data without hesitation

Tom's Guide
Ctrl-Alt-RiskAug 25, 2025
Joseph WilliamsAug 23, 2025

How America’s AI boom is squeezing the rest of the economy
https://www.economist.com/finance-and-economics/2025/08/18/how-americas-ai-boom-is-squeezing-the-rest-of-the-economy?utm_source=flipboard&utm_medium=activitypub

Posted into The AI Hype @the-ai-hype-rhudaur

How America’s AI boom is squeezing the rest of the economy

Beware the data-centre takeover

The Economist
Ctrl-Alt-RiskAug 25, 2025
fthyAug 19, 2025

Microsoft openly admitting they have not(!) had MFA, network segmentation, least privilege, software lifecycle, jump-servers, asset- and software-inventory etc for Azure PROD for years and they are not there yet.

This whole report is just so scary. At the same time, good that they are finally working on it and making it transparent.

Source: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/sfi-april-2025-progress-report.pdf

#Microsoft #azure #infosec

Ctrl-Alt-RiskAug 20, 2025

53% of connected medical devices carry critical vulnerabilities. Segmentation helps, but it isn’t enough. True resilience comes from boundary controls and continuous monitoring.

While it’s a vendor article, this piece is a timely reminder of the layers of IoMT security that must be considered to protect healthcare systems.

https://www.ctg.com/blogs/when-patient-safety-and-cybersecurity-collide-the-medical-device-security-challenge

#HealthcareIT #Cybersecurity #IoMT

When Patient Safety and Cybersecurity Collide: The Medical Device Security Challenge

The medical device security challenge demands immediate attention, expertise, and an innovative approach beyond traditional IT security practices.

Ctrl-Alt-RiskAug 17, 2025

Do your passwords follow these patterns?

Capital letter first
Numbers at the end
Year of birth or "123"
Exclamation point for the symbol

Hackers know these tricks too.

NIST says length beats complexity — a long passphrase (like four random words) is far stronger than a short “complex” string.

Best practice:

Unique for each site
At least 16 characters
Stored in a password manager

What’s the strangest password rule you’ve ever seen?

#Passwords #Infosec #CyberSecurity #NIST

Show threadCtrl-Alt-RiskAug 17, 2025
@rhudaur @gen-ai-news-rhudaur Claude’s new Pro query limits left me with two choices: pay more to the company that cut me off without warning, or switch providers. Harder to justify staying when the answers also seemed to get dumber.