Schneier on Security

AUGUST 25, 2021

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.

Internet 358

Internet Internet Surveillance VPN 358

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

Cryptocurrency 333

Cryptocurrency Malware Mobile Accountability 333

Troy Hunt

AUGUST 26, 2021

A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style). Lots of little things this week, hoping next week will be the big "hey, Pwned Passwords just passed 1 billion", stay tuned for that one 😊 References You probably should have an OnlyFans account (no, not in the way it sounds like you should.

Password Management 283

Password Management Passwords Accountability 283

Lohrman on Security

AUGUST 22, 2021

The desperate images coming out of Afghanistan following the Taliban’s takeover last weekend underline the importance of technology and the real-life impacts when planning goes well — or not so well.

Technology 258

Technology 258

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

AUGUST 26, 2021

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer.

Software 326

Software 326

Tech Republic Security

AUGUST 23, 2021

It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.

211

211

We Live Security

AUGUST 27, 2021

It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity.

Data breaches 145

Data breaches Cybersecurity 145

Schneier on Security

AUGUST 27, 2021

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked.

Mobile 339

Mobile Hacking Data breaches 339

Tech Republic Security

AUGUST 26, 2021

Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.

Cybersecurity 214

Cybersecurity Technology 214

Bleeping Computer

AUGUST 26, 2021

American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). [.].

Software 145

Software 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

AUGUST 26, 2021

The man was after sexually explicit photos and videos that he would then share online or store in his own collection. The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity.

Accountability 145

Accountability Cybercrime 145

Graham Cluley

AUGUST 26, 2021

The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking US companies since November 2020. Read more in my article on the Tripwire State of Security blog.

Ransomware 145

Ransomware Malware 145

Tech Republic Security

AUGUST 27, 2021

According to a ransomware report, the average ransom payment in the first half of 2021 jumped to $570,000. Learn more in TechRepublic's Karen Roby interview with writer Lance Whitney.

Ransomware 180

Ransomware 180

Bleeping Computer

AUGUST 24, 2021

Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. [.].

Spyware 145

Spyware 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

AUGUST 23, 2021

Information manipulation has been around since Chinese general Sun Tzu wrote “The Art of War” in 550 BC. The Russians routinely use disinformation tactics to destabilize democracies. Events like the 2020 U.S. elections or COVID-19 vaccinations highlight how political opponents and rogue nations actively practice disinformation campaigns to undermine confidence in governments and science, sowing.

Cybercrime 145

Cybercrime Government Social Engineering Engineering 145

Heimadal Security

AUGUST 24, 2021

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments. What motivates the ransomware actors to become even more […].

Ransomware 145

Ransomware Healthcare Encryption Government 145

Tech Republic Security

AUGUST 27, 2021

Five malicious Docker container images were recently detected on Docker Hub, totaling more than 120,000 pulls.

217

217

Bleeping Computer

AUGUST 25, 2021

BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. [.].

145

145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

AUGUST 26, 2021

Cloud observability and security are quickly becoming mainstays necessary to manage and secure cloud-based applications and infrastructure. At Black Hat 2021, Datadog announced their new Cloud Workload Security offering, providing real-time eBPF-powered threat detection across containers and hosts. Datadog’s Nick Davis, senior product manager for cloud workload security, and Mitch Ashley discuss how the solution.

Threat Detection 145

Threat Detection Cybersecurity 145

Graham Cluley

AUGUST 21, 2021

T-Mobile has confirmed media reports from earlier this week that it had suffered a serious data breach. And it's not just existing T-Mobile users who should be alarmed, but former and prosepective customers as well.

Data breaches 145

Data breaches Mobile Media 145

Tech Republic Security

AUGUST 26, 2021

Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.

Mobile 178

Mobile 178

CyberSecurity Insiders

AUGUST 22, 2021

The US Department of Defense Cyber Command has disclosed in a tweet that the US State Department was hit by a cyber attack, just a couple of weeks ago, hinting at a serious data breach. However, for security reasons, the source did not reveal the nature of the attack and its impact on the operations taken up by the state department. Cybersecurity Insiders has learnt that the attack could have taken place in the first week of August and a state funded hacking gang seems to be behind the incident.

Cyber Attacks 144

Cyber Attacks Data breaches Cybersecurity Government 144

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

AUGUST 23, 2021

Those who manage insider threat programs just got a healthy reminder from researchers at Abnormal Security who detailed how their deployed tools detected a new insider recruitment tactic—this time involving ransomware. Insider recruitment, be it sponsored by a nation-state, competitor or criminal enterprise, is not new. The means by which the adversary approaches the target.

Malware 145

Malware Ransomware Social Engineering Security Awareness 145

CSO Magazine

AUGUST 23, 2021

Telecommunications giant T-Mobile has warned that information including names, dates of birth, US Social Security numbers (SSNs), and driver’s license/ID of almost 50 million individuals comprising current, former, or prospective customers has been exposed via a data breach. While many details of the incident (including its root cause) remain unclear as of August 19, immediate fallout suggests this incident might be one of the most significant of recent times, not least due to the number of reco

Data breaches 144

Data breaches Mobile CSO Telecommunications 144

Tech Republic Security

AUGUST 24, 2021

Survey by EY finds that board members are interested in spending more money on technology and data analytics for risk management.

Risk 182

Risk Technology 182

Bleeping Computer

AUGUST 21, 2021

A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. [.].

Hacking 145

Hacking Ransomware Encryption 145

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

eSecurity Planet

AUGUST 26, 2021

There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And as even a casual reader would know from the headlines, not all of that code is flawless. In fact, there are more than a few flaws present, as well as the occasional gaping security hole.

Software 143

Software Mobile Penetration Testing Engineering 143

CSO Magazine

AUGUST 24, 2021

New research from Palo Alto Networks’ Unit 42 has identified four emerging ransomware groups that have the potential to become bigger problems in the future. These are AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0. [ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the latest from CSO by signing up for our newsletters.

Ransomware 144

Ransomware CSO Malware 144

Tech Republic Security

AUGUST 23, 2021

Simon Bisson tried out the new Microsoft 365 tool, which allows you to create virtual machines for your staff working from home. Here's what he learned.

160

160

CyberSecurity Insiders

AUGUST 25, 2021

Japan-based Cryptocurrency Exchange Company named ‘Liquid’ was reportedly hit by a cyber attack after which the cyber crooks managed to pull $97 million directly from the e-wallets of several customers. Highly placed sources suspect a well known cyber criminal gang behind the attack and have launched a separate investigation that also includes security veterans from the law enforcement.

Cyber Attacks 143

Cyber Attacks Cryptocurrency Cybersecurity 143

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk