CSO Magazine
MAY 18, 2021
CISOs have an array of ever-improving tools to help spot and stop malicious activity: network monitoring tools, virus scanners, software composition analysis (SCA) tools, digital forensics and incident response (DFIR) solutions, and more. But of course, cybersecurity is an ongoing battle between attack and defense, and the attackers continue to pose novel challenges. [ Keep up with 8 hot cyber security trends (and 4 going cold).
Malwarebytes
MAY 20, 2021
“It’s cracking, the whole thing.” The words were delivered quickly, but in a thoughtful and measured way. As if the person saying them was used to delivering difficult news. Little surprise, given they belonged to a doctor. But this doctor wasn’t describing a medical condition—this was their assessment of the situation on the ground in the hospital where they’re working today, in Ireland.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MAY 21, 2021
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants , an environmental engi
Troy Hunt
MAY 18, 2021
Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden. The Swedish National Computer Security Incident Response Team CERT-SE now has full and free access to query all government domains via HIBP's API and gain insights into the impact of data breaches on their government departments. Sweden is now the 4th Scandinavian country I've welcomed onto HIBP and I hope to see many more from other parts of the world join in the future.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
MAY 21, 2021
This seems to be a new tactic : Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B.
Adam Shostack
MAY 15, 2021
The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it. I did want to talk about one small aspect, which is the way responders talk about Darkside. Blog posts from Sophos and Mandiant seem really useful! Information sharing is working, and what the heck does a Cyber Review Board have left to do?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MAY 19, 2021
Commentary: It's progress that President Biden's executive order recognizes the need to secure open source software. What it doesn't do is address the best way to accomplish it.
Schneier on Security
MAY 18, 2021
A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed. Brian Krebs wonders if this could be a useful defense: In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim.
Bleeping Computer
MAY 21, 2021
The Federal Bureau of Investigation (FBI) says the Conti ransomware gang has attempted to breach the networks of over a dozen US healthcare and first responder organizations. [.].
CyberSecurity Insiders
MAY 21, 2021
A data breach can potentially cripple your organization, so it’s crucial to set up firewalls and prop up valuable cyber defenses to protect sensitive data. However, not all cyber attacks occur digitally. For the most part, data leaks can still happen, even if you have the latest antivirus programs installed. Apart from malicious software, it’s also important to be mindful of how you and your employees are handling the physical devices that store sensitive information.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MAY 19, 2021
CISOs from Twitter, United Airlines and a Bain Capital partner discuss how to integrate security into all aspects of an organization at Rubrik's FORWARD conference Tuesday.
Schneier on Security
MAY 20, 2021
Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will install a sophisticated backdoor that “contains more than 100 commands and allows the attackers to steal online banking account credentials,”
Hot for Security
MAY 19, 2021
I hope you’re being cautious if you’re installing extensions from the Chrome Web Store for your browser and care about your online security. Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it.
We Live Security
MAY 17, 2021
Why FluBot is a major threat for Android users, how to avoid falling victim, and how to get rid of the malware if your device has already been compromised. The post Take action now – FluBot malware may be on its way appeared first on WeLiveSecurity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MAY 17, 2021
Penetration testing in and of itself is a good way to test cybersecurity, but only if every nook and cranny of the digital environment is tested; if not, there is no need to test.
Schneier on Security
MAY 17, 2021
Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio — up against the Russian cybercommand, which isn’t a fair fight. When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in private hands.
Hot for Security
MAY 18, 2021
Apple is talking up the efforts it makes to police the iOS App Store, revealing that during 2020 it rejected more than 215,000 iPhone apps for violating its privacy policies. In a news release published on its website, Apple detailed an array of statistics of how it protected App Store users from being defrauded. As Apple describes, a common reason why iOS apps are rejected from entering the store is because “they simply ask for more user data than they need, or mishandle the data they do
Bleeping Computer
MAY 16, 2021
Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen over 3 TB of sensitive data from AXA's Asian operations. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MAY 17, 2021
The 12% bump in spending will be driven by ongoing demand for remote workers and cloud security, says Gartner.
Graham Cluley
MAY 17, 2021
One week after the French branch of cyberinsurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company's operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit. by a ransomware attack.
Security Boulevard
MAY 20, 2021
With remote care, connected devices , and more efficient use of data digitizing healthcare delivery, cybersecurity has never been more vital for providers. Despite the benefits to patient care, however, there are some major weak spots that still remain for providers. With healthcare under continuous attack from threat actors , not only will new vulnerabilities emerge, but existing cybersecurity weaknesses are also set to become more critical as providers leverage digital technology more frequent
eSecurity Planet
MAY 17, 2021
PowerShell was the source of more than a third of critical threats detected on endpoints in the second half of 2020, according to a Cisco research study released at the RSA Conference today. The top category of threats detected across endpoints by Cisco Secure Endpoint was dual-use tools leveraged for exploitation and post-exploitation tasks. PowerShell Empire, Cobalt Strike, PowerSploit, Metasploit and other such tools have legitimate uses, Cisco notes, but they’ve become part of the atta
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MAY 20, 2021
App developers are failing to properly set up and secure access to third-party services, putting user data at risk, says Check Point Research.
Malwarebytes
MAY 20, 2021
Anyone following the court case between Epic and Apple is undoubtedly already aware of the “bombshell” dropped by Apple’s Craig Federighi yesterday. For those not in the know, Federighi, as part of his testimony relating to the security of Apple’s mobile device operating system, iOS, stated that “we have a level of malware on the Mac that we don’t find acceptable.” This, of course, broke the internet.
Security Boulevard
MAY 20, 2021
Like the Kubler-Ross stages of grief, there are multiple stages of data breach. Anger, denial, blame, investigation, litigation, regulation and, ultimately, resignation. This includes possible class action litigation by consumers, banks, vendors, suppliers or others impacted by the failure to adequately protect data, shareholder derivative lawsuits by investors for failure to protect critical corporate assets, The post High Court Deals Blow to Data Privacy Regulations appeared first on Security
Bleeping Computer
MAY 20, 2021
Comcast, one of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. Left unchecked, a BGP route hijack or leak can cause a drastic surge in internet traffic that now gets misdirected or stuck, leading to global congestion and a Denial of Service (DoS). [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MAY 19, 2021
SSH keys can be used in Linux or operating systems that support OpenSSH to facilitate access to other hosts without having to enter a password. Here's how to do it.
We Live Security
MAY 19, 2021
The attack is a reminder of growing cyberthreats to critical infrastructure while also showing why providers of essential services are ripe targets for cybercriminals. The post Colonial Pipeline attack: Hacking the physical world appeared first on WeLiveSecurity.
Security Boulevard
MAY 20, 2021
The idea that data has value certainly isn’t new. It’s been called the new oil, the new gold – in fact, insert any rare commodity, and someone has probably created an analogy! Ironically, though, now that there’s almost universal recognition that this value exists, unlike any of these other commodities, it has become infinitely harder. The post Synthetic Data Removes Data Privacy Risks appeared first on Security Boulevard.
Bleeping Computer
MAY 21, 2021
QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices. [.].
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
140 
Let's personalize your content