Security Boulevard
MARCH 22, 2021
The cybersecurity landscape changed drastically on two fronts in 2020: volume and supply chain complexities. Attack surfaces expanded and softened as employees migrated off well-protected corporate networks and logged on from home. As a result, the number of incidents and the money cybercriminals made from exploits like ransomware skyrocketed, growing 311% to $350M.
InfoWorld on Security
MARCH 23, 2021
Oh, what a cloud year 2020 was. Cloud spending grew by 37% in the first quarter of 2020 alone as many quickly understood that COVID-19 would leave them vulnerable if they were still using traditional data centers. Seeing a hockey stick in revenue and enjoying the urgency to drive processes remotely and securely, cloud service providers had an unexpectedly successful year.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Daniel Miessler
MARCH 24, 2021
This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? People like moving up rankings, so let’s use that! How to use this model. The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene.
Schneier on Security
MARCH 26, 2021
Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger problem in the near future.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
MARCH 23, 2021
A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.
Tech Republic Security
MARCH 25, 2021
As attackers increasingly target less traditional users, accounts and assets, organizations should consider such a process to tighten security, says CyberArk.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
MARCH 22, 2021
This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. There’s a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, and then that they’ve mistyped a dollar amount and have received a large refund that they didn’t deserve.
Tech Republic Security
MARCH 23, 2021
With most of the world still not vaccinated against COVID-19, criminals are hawking fake vaccine documents, says Check Point Research.
Bleeping Computer
MARCH 26, 2021
New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
MARCH 24, 2021
It’s not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used. Listen to Your Key: Towards Acoustics-based Physical Key Inference. Abstract: Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raise
Malwarebytes
MARCH 24, 2021
We’ve been tracking a fraudulent scheme involving renewal notifications for several months now. It came to our attention because the Malwarebytes brand as well as other popular names were being used to send fake invoices via email. The concept is simple but effective. You receive an invoice for a product you may or may not have used in the past for an usually high amount.
Tech Republic Security
MARCH 23, 2021
The 8 top trends cited will enable rapid reinvention, including the skills gap, cybersecurity mesh and identity-first security.
Bleeping Computer
MARCH 24, 2021
A former IT consultant hacked a company in Carlsbad, California, and deleted almost all its Microsoft Office 365 accounts in an act of revenge that has brought him two years of prison time. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Hot for Security
MARCH 24, 2021
Clop ransomware gang exploited Accellion flaws to steal data Customers angry that their details were breached, even after closing their accounts long ago. Things don’t get much worse than having to admit to your employees that a gang of cybercriminals have broken into your infrastructure, stolen the private details (social security numbers, names and home addresses) of your staff, and are demanding that your company pays a ransom before further sensitive data is leaked.
Security Boulevard
MARCH 26, 2021
The new 50 Pound note honors Alan Turing. Breaker of Nazi encryption and father of computing. The post Alan Turing, WWII Cryptanalyst and Computer Pioneer, on New £50 Note appeared first on Security Boulevard.
Tech Republic Security
MARCH 25, 2021
Crypto scams are on the rise due to the growing popularity of cryptocurrencies and the number of people in need of financial assistance during COVID-19, says Bolster.
Quick Heal Antivirus
MARCH 23, 2021
Zloader aka Terdot – a variant of the infamous Zeus banking malware is well known for aggressively using. The post Zloader: Entailing Different Office Files appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MARCH 23, 2021
An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs). [.].
Security Boulevard
MARCH 21, 2021
The Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. The declaration, according to the FCC, is in.
Tech Republic Security
MARCH 23, 2021
A year after the transition to remote working, many organizations continue to grapple with security issues and weaknesses, says PC Matic.
CyberSecurity Insiders
MARCH 21, 2021
Just because you are running a small business doesn’t mean you are out of the reach of cybercriminals and hackers. In fact, small businesses are more susceptible to security breaches and cyberattacks because most often they dont expect the attack, thus are unprepared to handle the situation. Back in 2018, almost two-thirds of the small businesses suffered from cyber security attacks. .
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MARCH 23, 2021
Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks. [.].
Security Affairs
MARCH 26, 2021
The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives.
Tech Republic Security
MARCH 22, 2021
In a bid to replace MPLS circuits and SD-WAN appliances, Cloudflare has introduced Magic WAN and Magic Firewall and partnerships with VMware, Aruba, Digital Realty, CoreSite and EdgeConneX.
We Live Security
MARCH 22, 2021
Why do many organizations have a hard time keeping up with the evolving threat landscape and effectively managing their cyber-risks? The post 5 reasons why (not only) financial companies struggle with cybersecurity appeared first on WeLiveSecurity.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
MARCH 22, 2021
Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA). [.].
Security Boulevard
MARCH 21, 2021
SCADA systems have been around since the early 1970s, way back when networks were all closed systems and hacking them was the stuff of spy movies. The post SCADA Security </br> in a Cellular World appeared first on FirstPoint. The post SCADA Security in a Cellular World appeared first on Security Boulevard.
Tech Republic Security
MARCH 22, 2021
HR and recruiting experts offer unique ways to find and hire cybersecurity talent.
Graham Cluley
MARCH 21, 2021
What do phone scammers who prey on the vulnerable deserve? Fart spray and glitterbombs, of course! A fun video makes some serious points, and could be a valuable lesson for your family and friends.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
141 
Let's personalize your content