Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. In addition to having cancelled finals, the district, which ranks in many surveys as being among the top 50 school districts in the country, has been forced to revert for its final days of instruction for the 201-2022 academic year to using paper, pencils, and pre-computer-era overhead projectors instead of its usual

Ransomware 350

Ransomware Artificial Intelligence Education Cybercrime 350

Krebs on Security

JUNE 7, 2022

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of “ swatting ” — wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

Cybercrime 280

Cybercrime Internet Internet Web Fraud 280

Troy Hunt

JUNE 4, 2022

I somehow ended up blasting through an hour and a quarter in this week's video with loads of discussion on the CTARS / NDIS data breach then a real time "let's see what the fuss is about" with news that one of our state's digital driver's licenses (DDL) may be easily forgeable. I think the whole discussion is actually really interesting when looked at through the lens of how on balance, a digitised license compares to a physical one.

Data breaches 265

Data breaches Encryption 265

The Last Watchdog

JUNE 9, 2022

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing.

Identity Theft 274

Identity Theft Scams Insurance Internet 274

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 7, 2022

Businesses now compete as ecosystems and the veracity of information must be protected, officials tell the audience at the RSA Conference Monday. The post Humans and identity are constants in the ever-changing world of cybersecurity appeared first on TechRepublic.

Cybersecurity 208

Cybersecurity 208

Krebs on Security

JUNE 10, 2022

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email. In October 2018, prosecutors in the Southern District of California named four Adconion employees — Jacob Bychak , Mark Manoogian , Petr Pacas , and Mohammed Abdul Qayyum

Government 256

Government Marketing Internet Internet 256

The Last Watchdog

JUNE 6, 2022

Reducing the attack surface of a company’s network should, by now, be a top priority for all organizations. Related: Why security teams ought to embrace complexity. As RSA Conference 2022 gets underway today in San Francisco, advanced systems to help companies comprehensively inventory their cyber assets for enhanced visibility to improve asset and cloud configurations and close security gaps will be in the spotlight.

Network Security 262

Network Security Cloud Migration Digital transformation Technology 262

Tech Republic Security

JUNE 5, 2022

A new report from ISACA finds that 53% of respondents believe supply chain issues will stay the same or worsen over the next six months. The post Tech pros have low confidence in supply chain security appeared first on TechRepublic.

201

201

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with the infected systems.

Malware 145

Malware DNS Antivirus Passwords 145

Digital Shadows

JUNE 8, 2022

Since the beginning of the Russia-Ukraine war, hacktivism has experienced a substantial resurgence, with many hacktivist groups being created in. The post Killnet: The Hactivist Group That Started A Global Cyber War first appeared on Digital Shadows.

DDOS 145

DDOS Government 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 8, 2022

Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program. [.].

Malware 145

Malware Passwords 145

Tech Republic Security

JUNE 6, 2022

The internet-facing instances are currently being accessed by attackers who remove the vulnerable databases and leave a ransom note instead. The post Thousands of unprotected Elasticsearch databases are being ransomed appeared first on TechRepublic.

Internet 195

Internet Internet 195

Security Boulevard

JUNE 7, 2022

While malicious email attachments are nothing new, there’s reason to be particularly cautious when it comes to the new zero-day vulnerability, dubbed Follina, found in Microsoft Word, for which the tech giant almost immediately issued a workaround. The reason this vulnerability is so serious is that all a user needs to do is open the. The post Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day appeared first on Security Boulevard.

Social Engineering 144

Social Engineering Security Awareness Engineering Malware 144

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

Ransomware 144

Ransomware Backups Malware Firewall 144

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JUNE 6, 2022

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [.].

Phishing 144

Phishing Government 144

Tech Republic Security

JUNE 9, 2022

A large-scale phishing attack was uncovered by PIXM, as well as the person who had been carrying out the attacks. The post A cybercriminal stole 1 million Facebook account credentials over 4 months appeared first on TechRepublic.

Accountability 184

Accountability Phishing 184

CSO Magazine

JUNE 6, 2022

Every year, global security vendors use the RSA Conference (RSAC) to exhibit new products and capabilities. This year, the show returns as an in-person event (with a virtual component) in San Francisco after going all-virtual in 2021 due to the pandemic. At RSAC 2022, starting June 6, new product showcases are dominated by identity and access security, SaaS services and security operations center ( SOC ) enhancements.

Cybersecurity 144

Cybersecurity 144

Security Affairs

JUNE 4, 2022

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account. The vulnerability impacts all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. R

Accountability 143

Accountability Hacking Cybersecurity Information Security 143

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JUNE 7, 2022

Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites. [.].

Data breaches 144

Data breaches Hacking 144

Tech Republic Security

JUNE 6, 2022

Learn about the new features available with iOS 16, and how to download and install the latest version of Apple’s mobile operating system. The post iOS 16 cheat sheet: Complete guide for 2022 appeared first on TechRepublic.

Mobile 182

Mobile 182

The Hacker News

JUNE 8, 2022

U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020.

Cybersecurity 143

Cybersecurity 143

Security Affairs

JUNE 8, 2022

Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers.

Encryption 142

Encryption Ransomware Malware Hacking 142

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JUNE 10, 2022

A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. [.].

Authentication 145

Authentication 145

Tech Republic Security

JUNE 7, 2022

A recent survey reveals many organizations close either temporarily or permanently after a ransomware attack. Learn more about how you can protect your business ransomware attacks. The post A third of organizations hit by ransomware were forced to close temporarily or permanently appeared first on TechRepublic.

Ransomware 171

Ransomware 171

Dark Reading

JUNE 10, 2022

Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.

Artificial Intelligence 145

Artificial Intelligence 145

Security Affairs

JUNE 6, 2022

Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups, they’re leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Following the attacks of the Killnet Collective, the group responsible for the attacks against major government resources and law enforcement, a new group has been ident

Government 143

Government DDOS Cyber Attacks Hacking 143

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

JUNE 4, 2022

Apple said this week that it blocked more than 343,000 iOS apps were blocked by the App Store App Review team for privacy violations last year, while another 157,000 were rejected for attempting to mislead or spamming iOS users. [.].

142

142

Tech Republic Security

JUNE 6, 2022

Check out these features from Authy and Google Authenticator before deciding which authentication tool is best for you. The post Authy vs Google Authenticator: Two-factor authenticator comparison appeared first on TechRepublic.

Authentication 160

Authentication Software 160

Security Boulevard

JUNE 10, 2022

Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time. The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Boulevard.

Software 141

Software Social Engineering Security Awareness Engineering 141

Security Affairs

JUNE 5, 2022

Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold NFTs, making away with 142 ETH, equivalent to over $250,000. The hacker conducted a phishing attack, they set up a phishing site that impersonated the official BAYC site claiming that BAYC, MAYC and OthersideMeta holders were able to claim a free NFT fo

Phishing 138

Phishing Hacking Accountability Scams 138

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk