CyberSecurity Insiders

JULY 26, 2021

United States is interested in seeking an international strategy to tackle AI based cyber attacks that are leading to hybrid warfare. However, Antony Blinken, the State Secretary said that it is not an easy task to deal and warned Russia to mend its ways when it comes to cyber warfare that is being backed by artificial intelligence. Mr. Blinken’s remarks came amid raising concerns about ransomware attacks on critical infrastructure such as the recent Colonial Pipeline Cyber Attack and JBS Meat A

Cyber Attacks 141

Cyber Attacks Artificial Intelligence Government Ransomware 141

CSO Magazine

JULY 27, 2021

There’s no shortage of definitions of zero trust floating around. You’ll hear terms such as principles, pillars, fundamentals, and tenets. While there is no single definition of zero trust, it helps to have a shared understanding of a concept. For that reason, the National Institute of Standards and Technology (NIST) published NIST SP 800-207 Zero Trust Architecture , which describes the following seven tenets of zero trust.

Architecture 144

Architecture Technology 144

Schneier on Security

JULY 30, 2021

The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporate or personal home if that’s the only option available.

Education 361

Education 361

Krebs on Security

JULY 26, 2021

Joseph “PlugwalkJoe” O’Connor, in a photo from a paid press release on Sept. 02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor. One day after last summer’s mass-hack of Twitter , KrebsOnSecurity wrote that 22-year-old British citizen Joseph “PlugwalkJoe” O’Connor appeared to have been involved in the incident.

Media 315

Media Hacking Accountability Scams 315

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Lohrman on Security

JULY 25, 2021

Vincent Hoang became the CISO in Hawaii in 2016. In this interview, Vince shares his journey and cyber priorities in protecting the Aloha State, particularly among the challenges presented by COVID-19.

CISO 275

CISO Government Cybersecurity 275

Tech Republic Security

JULY 30, 2021

It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security.

Cybercrime 216

Cybercrime 216

Bleeping Computer

JULY 27, 2021

UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts. [.].

Data breaches 144

Data breaches Phishing Accountability 144

CSO Magazine

JULY 29, 2021

Cyberattacks are so sophisticated these days that even with the best education and training, employees inadvertently click links or download documents that look all too real. Furthermore, systems are often configured to allow downloads or macros that contain malicious files because employees use these applications and documents to do their everyday work, from wherever they may be working.

Education 145

Education Ransomware 145

Tech Republic Security

JULY 26, 2021

If you want people to trust the photos and videos your business puts out, it might be time to start learning how to prove they haven't been tampered with.

Authentication 215

Authentication 215

Schneier on Security

JULY 29, 2021

A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched. The teen was not allowed to reboard. I can’t find any information about whether he was charged with any of those vague “terrorist threat” crimes.

315

315

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JULY 25, 2021

Microsoft has reminded customers that Microsoft 365 apps and services will drop support for the legacy Internet Explorer 11 (IE11) web browser next month, on August 17, 2021. [.].

Internet 145

Internet Internet 145

Security Boulevard

JULY 26, 2021

With all of the focus on ransomware attacks, it’s easy to forget about the damage done by email phishing. Yet, new research from Vade shows that phishing has seen a meteoric rise in the first half of 2021, including a 281% increase in May and a 284% increase in June. And what they want is. The post Phishing Used to Get PII, not Just Ransomware appeared first on Security Boulevard.

Phishing 145

Phishing Ransomware Social Engineering Engineering 145

Tech Republic Security

JULY 27, 2021

You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game.

Cybersecurity 207

Cybersecurity 207

The State of Security

JULY 29, 2021

A new ransomware gang that calls itself BlackMatter has launched itself on the dark web, and is actively attempting to recruit criminal partners and affiliates to attack large organisations in the United States, UK, Canada, and Australia. As experts at Recorded Future describe, the BlackMatter gang is advertising for “initial access brokers” – individuals who […]… Read More.

Cybercrime 145

Cybercrime Ransomware Advertising 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JULY 29, 2021

The US National Security Agency (NSA) today published guidance on how to properly secure wireless devices against potential attacks targeting them when traveling or working remotely. [.].

Wireless 145

Wireless 145

Security Boulevard

JULY 25, 2021

By 2022, API abuses will become the most frequent attack vector, predicts Gartner. We’re already witnessing new API exploits reach the headlines on a near-daily basis. Most infamous was the Equifax breach, an attack that exposed 147 million accounts in 2017. Since then, many more API breaches and major vulnerabilities have been detected at Experian, The post For Hackers, APIs are Low-Hanging Fruit appeared first on Security Boulevard.

Accountability 145

Accountability Malware Cybersecurity 145

Tech Republic Security

JULY 27, 2021

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller.

Authentication 218

Authentication 218

CSO Magazine

JULY 27, 2021

A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET applications to deploy fileless malware. Dubbed Praying Mantis, or TG1021, by researchers from incident response firm Sygnia, the hacker group puts a strong focus on detection evasion by using a volatile and custom malware toolset built specifically for Internet Information Services (IIS) web servers

Malware 145

Malware CSO Internet Internet 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JULY 30, 2021

A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines. [.].

145

145

Security Affairs

JULY 29, 2021

A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

Encryption 145

Encryption Ransomware Malware Hacking 145

Tech Republic Security

JULY 28, 2021

The average cost of a data breach among companies surveyed for IBM Security reached $4.24 million per incident, the highest in 17 years.

Data breaches 213

Data breaches 213

We Live Security

JULY 30, 2021

Most people are fans of the convenience Amazon brings to online shopping, and that’s precisely what cybercriminals are betting on. The post Watch out for these scams, targeting Amazon’s customers appeared first on WeLiveSecurity.

Scams 145

Scams 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JULY 28, 2021

Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment. [.].

145

145

CSO Magazine

JULY 30, 2021

Both the Biden administration and the Congress continued their frenetic pace this week to beef up the country's digital infrastructure protections through two highly consequential and unprecedented initiatives. Both efforts aim to prepare the nation for the next significant cybersecurity incidents, making up for lost time due to the previous administration's relative inattention to the topic. [ Learn what you need to know about defending critical infrastructure. | Get the latest from CSO by sign

Cybersecurity 144

Cybersecurity CSO Technology 144

Tech Republic Security

JULY 30, 2021

It's all quiet on the DDoS front, but don't get complacent: The lull is expected, said Kaskersky, and new attack vectors could spell a coming resurgence.

DDOS 194

DDOS 194

SecurityTrails

JULY 29, 2021

A while back, SecurityTrails announced that they would be running a contest dubbed "Recon Master". The aim of the game is to find hostnames that resolve to an IPv4 address that are not already found by SecurityTrails.

145

145

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

JULY 26, 2021

Signal has fixed a serious bug in its Android app that, in some cases, sent random unintended pictures to contacts without an obvious explanation. Although the issue was reported in December 2020, given the difficulty of reproducing the bug, it isn't until this month that a fix was pushed out. [.].

145

145

eSecurity Planet

JULY 27, 2021

The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new areas of cyber attacks, targeting both Linux and Microsoft systems and expanding its geographical reach, according to security researchers with Microsoft. At the same time, there now are two distinct operating structures that both use the LemonDuck malware but are possibly being operated by two different organizations

Malware 144

Malware Risk Cryptocurrency Ransomware 144

Tech Republic Security

JULY 29, 2021

DEF CON 29 sold out of virtual passes, so tuning in on Twitch and Discord are the best options for attending online this year.

205

205

CyberSecurity Insiders

JULY 30, 2021

Cyber Security firm DarkTrace that uses the technology of Artificial Intelligence to track down cyber threats is nowadays busy protecting the computer network of British Fashion retailer Ted Baker. Britain-based luxury clothing designer & lifestyle service offering company says that DarkTrace has thwarted most of the weekly cyber attacks that include 200 targeted hacks such as spear phishing emails targeting high-level executives and cyber campaigns that help steal critical data from compani

Retail 144

Retail Artificial Intelligence Cyber Attacks Cyber threats 144

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk