Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Banking 357

Banking Phishing Scams Accountability 357

Lohrman on Security

NOVEMBER 7, 2021

Not only is ransomware the top cybersecurity story in 2021, but new twists, turns and countermeasures keep coming. Here are the latest headlines and what news you need.

Ransomware 335

Ransomware Cybersecurity 335

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Hacking 303

Hacking Firmware Engineering Software 303

The Last Watchdog

NOVEMBER 8, 2021

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers. However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, sto

Healthcare 349

Healthcare Technology Architecture IoT 349

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

NOVEMBER 8, 2021

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

Ransomware 294

Ransomware Cybercrime System Administration Passwords 294

Tech Republic Security

NOVEMBER 10, 2021

After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top.

Ransomware 200

Ransomware 200

Bleeping Computer

NOVEMBER 12, 2021

Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores. [.].

Data breaches 145

Data breaches 145

Security Boulevard

NOVEMBER 12, 2021

Recent ransomware attacks have dominated the headlines this year. Predictions estimate that the financial impact caused by ransomware could reach $265 billion globally by 2031. That means cyberattacks targeting enterprises and individuals are happening at a rate of about one attack every few seconds. The average ransom payment made by a business to.

Cyber Insurance 145

Cyber Insurance Insurance Ransomware Cybersecurity 145

Tech Republic Security

NOVEMBER 9, 2021

The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti.

Ransomware 216

Ransomware 216

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” It’s pretty good.

Risk 300

Risk Cybersecurity 300

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

IT Security Guru

NOVEMBER 11, 2021

What keeps OT security specialists up at night? It’s mostly problems from the IT world, says Andy Norton, European Cyber Risk Officer at Armis. Operational technology (OT) used to be the specialist networks nobody in IT bothered with, or perhaps thought they didn’t need to. For a while, that seemed reasonable; OT networks were usually isolated from IT operations, sat behind air gaps, and ran on obscure operating systems.

Cybersecurity 145

Cybersecurity Wireless Cyber Risk Risk 145

Bleeping Computer

NOVEMBER 12, 2021

A free and unofficial patch is now available for a zero-day local privilege escalation vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions. [.].

145

145

Tech Republic Security

NOVEMBER 12, 2021

With an estimated 14% of PPC costs being lost to fraud, all it takes is a look at the advertising budgets of top tech firms to see how much money they're wasting, says PPC Shield.

Advertising 170

Advertising 170

Schneier on Security

NOVEMBER 8, 2021

We’ve now had an (unsuccessful) assassination attempt by explosive-laden drones.

266

266

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

NOVEMBER 11, 2021

It’s often said that data breaches are no longer a matter of ‘if’, but ‘when’ – here’s what your organization should do, and avoid doing, in the case of a security breach. The post When the alarms go off: 10 key steps to take after a data breach appeared first on WeLiveSecurity.

Data breaches 145

Data breaches Cybersecurity 145

Bleeping Computer

NOVEMBER 8, 2021

Stock trading platform Robinhood has disclosed a data breach after their systems were hacked and a threat actor gained access to the personal information of approximately 7 million customers. [.].

Data breaches 145

Data breaches Hacking 145

Tech Republic Security

NOVEMBER 9, 2021

Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. He also shows you how.

215

215

Security Boulevard

NOVEMBER 9, 2021

Red Teams are a necessary part of a good cybersecurity program. The Red Team is offensive security, explained Richard Tychansky, a security researcher speaking at (ISC)2 Security Congress. During the Red Team process, Tychansky said there are several stages to follow: • The organization and the Red Team (whether in-house or externally contracted) will agree.

Cybersecurity 145

Cybersecurity Social Engineering Engineering Malware 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

NOVEMBER 12, 2021

This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif (perhaps in reference to Moscow’s emergency hospital ) created a GitHub account and uploaded the first part of the attack on November 8.

Energy and Utilities 144

Energy and Utilities Encryption Accountability 144

Bleeping Computer

NOVEMBER 8, 2021

Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates, allegedly responsible for infecting thousands of victims. [.].

Ransomware 145

Ransomware 145

Tech Republic Security

NOVEMBER 9, 2021

One person fingered for the July 2021 attack against Kaseya is in custody, while the other individual is still at large.

Ransomware 201

Ransomware 201

Security Boulevard

NOVEMBER 10, 2021

The specter of ransomware is currently looming large. Barely a day goes by without headlines announcing the latest big name whose data’s been ‘kidnapped’ by cybercriminals—and imagine the number of victims that we don’t hear about! Recently, the well-known camera maker Olympus was allegedly hit by a ransomware attack which is still under investigation; other.

Ransomware 144

Ransomware Mobile Malware Cybersecurity 144

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

NOVEMBER 10, 2021

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South Korean victims.

Spyware 144

Spyware Mobile Social Engineering Surveillance 144

Bleeping Computer

NOVEMBER 8, 2021

Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. [.].

Ransomware 145

Ransomware Retail 145

Tech Republic Security

NOVEMBER 12, 2021

Americans lost $29.8 billion in phone fraud over the past year. Can AI fraud detection change this?

217

217

Security Boulevard

NOVEMBER 10, 2021

New EMA Research Highlights the Rise of Active Directory Exploits Active Directory is getting a lot of buzz in business and tech news outlets lately—but not in a good way. AD continues to be a prime target for cybercriminals: Just a few recent examples include AD-related attacks on Sinclair Broadcast Group, camera manufacturer Olympus, The post Why 86% of Organizations Are Increasing Their Investment in Active Directory Security appeared first on Semperis.

Manufacturing 143

Manufacturing Ransomware 143

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

The Hacker News

NOVEMBER 12, 2021

Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads.

Phishing 142

Phishing Malware Banking Ransomware 142

Bleeping Computer

NOVEMBER 7, 2021

A thirty-month international law enforcement operation codenamed 'Operation Cyclone' targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine. [.].

Ransomware 143

Ransomware 143

Tech Republic Security

NOVEMBER 8, 2021

Europol announced new arrests during its "Operation GoldDust." The suspects may have been heavily involved in the Sodinokibi/REvil and GandCrab ransomware activities.

Ransomware 156

Ransomware 156

Security Boulevard

NOVEMBER 9, 2021

The domain name system (DNS) is known as the phone book of the internet, quickly connecting users from their devices to their desired content. But what appears to most users as seamless and instantaneous actually offers multiple opportunities for bad actors to slip through the cracks. In April 2021, a troubling report indicated that an. The post DNSSEC: The Secret Weapon Against DNS Attacks appeared first on Security Boulevard.

DNS 141

DNS Internet Internet IoT 141

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk