Troy Hunt

JULY 21, 2021

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in the breach which really shouldn't have been there; let me list off some headlines to illustrate the point: Ashley Madison Hack: 10,000 Gov’t Officials’ Email Addresses on Leaked Ashley

Accountability 363

Accountability Data breaches Government InfoSec 363

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there. Amnesty International has a report.

Hacking 363

Hacking Spyware Manufacturing Software 363

Lohrman on Security

JULY 11, 2021

With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career. Here’s my perspective.

Cybersecurity 363

Cybersecurity Marketing 363

Tech Republic Security

JULY 20, 2021

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.

Phishing 217

Phishing Mobile 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Digital Shadows

JULY 19, 2021

With the closing of another quarter, it’s once again time to have a look back at the cyber threat landscape. The post Q2 Ransomware Roll Up first appeared on Digital Shadows.

Ransomware 145

Ransomware Cyber threats Cybercrime Malware 145

Bleeping Computer

JULY 25, 2021

Microsoft has reminded customers that Microsoft 365 apps and services will drop support for the legacy Internet Explorer 11 (IE11) web browser next month, on August 17, 2021. [.].

Internet 145

Internet Internet 145

Schneier on Security

JULY 27, 2021

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models” Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and have a good generalization ability.

Malware 362

Malware Artificial Intelligence Antivirus Engineering 362

Lohrman on Security

JULY 18, 2021

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?

Government 363

Government Cyber Attacks Ransomware 363

Tech Republic Security

JULY 8, 2021

Phishing, malicious files and other forms of fraud have followed the highly awaited movie since it was first delayed due to COVID-19. On the eve of its actual release, the scams have begun anew.

Scams 218

Scams Malware Phishing 218

Security Affairs

JULY 31, 2021

Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data. The stolen data include the source code of the games, the source code of the FrostBite game engine and debug tools, FIFA 21 matchmaking server code, proprietary EA games frameworks, debug tools, SDK,

Data breaches 145

Data breaches Cybercrime Hacking Engineering 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JULY 27, 2021

UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts. [.].

Data breaches 145

Data breaches Phishing Accountability 145

Security Boulevard

JULY 26, 2021

With all of the focus on ransomware attacks, it’s easy to forget about the damage done by email phishing. Yet, new research from Vade shows that phishing has seen a meteoric rise in the first half of 2021, including a 281% increase in May and a 284% increase in June. And what they want is. The post Phishing Used to Get PII, not Just Ransomware appeared first on Security Boulevard.

Phishing 145

Phishing Ransomware Social Engineering Engineering 145

Schneier on Security

JULY 30, 2021

The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporate or personal home if that’s the only option available.

Education 361

Education 361

CSO Magazine

JULY 29, 2021

Cyberattacks are so sophisticated these days that even with the best education and training, employees inadvertently click links or download documents that look all too real. Furthermore, systems are often configured to allow downloads or macros that contain malicious files because employees use these applications and documents to do their everyday work, from wherever they may be working.

Education 145

Education Ransomware 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JULY 15, 2021

IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture's 2021 Cyber Threat Intelligence report.

Cyber threats 216

Cyber threats Cybercrime Ransomware 216

We Live Security

JULY 20, 2021

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity.

Banking 145

Banking Malware Mobile 145

Bleeping Computer

JULY 14, 2021

Security researchers caught a new phishing campaign that tried to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file. [.].

Phishing 145

Phishing Malware 145

Security Boulevard

JULY 25, 2021

By 2022, API abuses will become the most frequent attack vector, predicts Gartner. We’re already witnessing new API exploits reach the headlines on a near-daily basis. Most infamous was the Equifax breach, an attack that exposed 147 million accounts in 2017. Since then, many more API breaches and major vulnerabilities have been detected at Experian, The post For Hackers, APIs are Low-Hanging Fruit appeared first on Security Boulevard.

Accountability 145

Accountability Malware Cybersecurity 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Schneier on Security

JULY 2, 2021

Two reports this week. The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.

Hacking 361

Hacking Passwords Malware Accountability 361

CSO Magazine

JULY 16, 2021

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21 st Century indicates, they have already reached enormous magnitudes. [ Learn the The 5 types of

Data breaches 145

Data breaches Digital transformation CSO 145

Tech Republic Security

JULY 30, 2021

It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security.

Cybercrime 216

Cybercrime 216

We Live Security

JULY 21, 2021

Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money. The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity.

DDOS 145

DDOS Phishing Ransomware Cybersecurity 145

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

JULY 31, 2021

A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver. [.].

145

145

Security Boulevard

JULY 21, 2021

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year. This data reflects something every forward-looking business leader already knows–digital transformation (DX) is the key to remaining competitive in 2021 and beyond. However, to fully reap the benefits of digital transformation, organizations must.

Digital transformation 145

Digital transformation CISO Security Awareness InfoSec 145

Schneier on Security

JULY 12, 2021

Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting.

Encryption 358

Encryption 358

The Hacker News

JULY 15, 2021

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.

Engineering 145

Engineering Internet Internet Government 145

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Tech Republic Security

JULY 9, 2021

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.

Phishing 214

Phishing Scams Cybersecurity 214

We Live Security

JULY 15, 2021

If you'll be watching Sports Streaming events on your SmartTV, laptop, tablet or cell phone, learn the tips to keep you and your personal data safe. The post Sports events and online streaming: prepare your cybersecurity appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Bleeping Computer

JULY 31, 2021

?A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations. [.].

Ransomware 145

Ransomware 145

Security Boulevard

JULY 19, 2021

Best practices for securing the software supply chain. Photo by Andy Li on Unsplash. In the wake of several highly publicized supply chain attacks, regulatory and media focus is shifting to address third-party software risk. The Department of Defense’s Cybersecurity Maturity Model Certification, established on January 31st, 2020, was the first attempt at creating a supply chain security compliance mandate.

Software 145

Software Risk Data breaches Small Business 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity