Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Internet 363

Internet Internet Hacking Accountability 363

Joseph Steinberg

NOVEMBER 17, 2021

Rockville, MD – November 17, 2021 – Sepio Systems , the leader in Zero Trust Hardware Access (ZTHA), announced today that cybersecurity expert Joseph Steinberg has joined its advisory board. Steinberg has led organizations within the cybersecurity industry for nearly 25 years and is a top industry influencer worldwide. He has written books ranging from Cybersecurity for Dummies to the advanced Official (ISC)2® Guide to the CISSP®-ISSMP® CBK®.

Cybersecurity 346

Cybersecurity Artificial Intelligence Government Information Security 346

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 338

Passwords 338

Lohrman on Security

NOVEMBER 14, 2021

The newly approved federal infrastructure deal brings with it a great holiday present for state and local governments: dedicated cyber funding. Here’s the history, and the future, of cyber grants.

Government 319

Government 319

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

NOVEMBER 19, 2021

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it. I've just watched this back and other than mucking around with the gain in the first part of the video, I reckon it's great.

Wireless 280

Wireless Mobile 280

The Last Watchdog

NOVEMBER 15, 2021

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Cyber Risk 268

Cyber Risk Risk Artificial Intelligence Cyber threats 268

Tech Republic Security

NOVEMBER 19, 2021

Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing us to predict what threats might lead the future.

218

218

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

Encryption 143

Encryption Data privacy Technology Marketing 143

We Live Security

NOVEMBER 19, 2021

Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks. The post CYBERWARCON – Foreign influence operations grow up appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Schneier on Security

NOVEMBER 15, 2021

This is part 3 of Sean Gallagher’s advice for “securing your digital life.

Phishing 281

Phishing Risk Cybersecurity 281

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

NOVEMBER 18, 2021

Midsize companies often lack the staff, expertise and expensive tools needed to defend themselves against attack, says security provider Coro.

Data breaches 213

Data breaches 213

Bleeping Computer

NOVEMBER 18, 2021

Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites. [.].

Malware 145

Malware 145

The Hacker News

NOVEMBER 19, 2021

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks.

Passwords 144

Passwords Cybersecurity 144

We Live Security

NOVEMBER 16, 2021

ESET researchers have discovered strategic web compromise (aka watering hole) attacks against high‑profile websites in the Middle East. The post Strategic web compromises in the Middle East with a pinch of Candiru appeared first on WeLiveSecurity.

Malware 145

Malware 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

NOVEMBER 15, 2021

Most organizations surveyed by Hitachi ID are moving partly to software-as-a-service. Less than half have adopted a Zero Trust strategy.

Cybersecurity 214

Cybersecurity Ransomware Software 214

Bleeping Computer

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen. [.].

Hacking 145

Hacking 145

Security Affairs

NOVEMBER 16, 2021

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization.

Authentication 143

Authentication Architecture Hacking Accountability 143

The Hacker News

NOVEMBER 15, 2021

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets.

Cybersecurity 143

Cybersecurity Engineering Software 143

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

NOVEMBER 19, 2021

The new product, Cisco Secure Cloud Insights, offers cloud inventory tracking and relationship mapping to navigate public clouds as well as access rights management and security compliance reporting.

185

185

Bleeping Computer

NOVEMBER 15, 2021

Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server. [.].

Authentication 145

Authentication 145

Security Affairs

NOVEMBER 13, 2021

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data. “Our intelligence monitoring indicates exfiltration of se

Hacking 143

Hacking Technology Information Security 143

CSO Magazine

NOVEMBER 18, 2021

Over the past year, a string of high-profile cyberattacks coming from Russia and China has galvanized the United States and its western allies into taking swift action to counter the escalating incidents. Consequently, the SolarWinds spyware infiltration , the Microsoft Exchange hack , and ransomware attacks launched by criminal gangs harbored by the Kremlin dominate headlines and drive nation-state cybersecurity responses.

Spyware 142

Spyware Ransomware Hacking Cybersecurity 142

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

NOVEMBER 17, 2021

Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.

Passwords 218

Passwords 218

Bleeping Computer

NOVEMBER 18, 2021

?The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions. [.].

Banking 142

Banking Malware Mobile 142

Security Affairs

NOVEMBER 17, 2021

Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand for exploits is fueling a millionaire market where these malicious codes are incredibly expensive. Researchers from Digital Shadows published an interesting research titled “ Vulnerability Intelligence: Do you know where your flaws are?

Marketing 141

Marketing Cybercrime Hacking Advertising 141

Security Boulevard

NOVEMBER 17, 2021

It’s fitting that the industry formally recognizes October as Cybersecurity Awareness Month, but awareness is just where security starts—and the other 11 months of the year are just as important for cybersecurity awareness. While I regard an informed perspective as an essential framework for cloud computing, successful SMBs need to ensure that security is more.

Cybersecurity 140

Cybersecurity Data breaches Security Awareness Phishing 140

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

NOVEMBER 17, 2021

This is the year business leaders will learn just how innovative online criminals have become, and it'll take rethinking how we perceive account security to fight it, says PerimeterX CTO Ido Safruti.

Account Security 181

Account Security Accountability 181

Bleeping Computer

NOVEMBER 17, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans (known as playbooks) for federal civilian executive branch (FCEB) agencies. [.].

Cybersecurity 143

Cybersecurity 143

Graham Cluley

NOVEMBER 15, 2021

With so many in the educational sector under attack, it's never been more important to ensure schools are properly defended against ransomware - and not relying on advice that is 11 years old. Read more in my article on the Tripwire State of Security blog.

Ransomware 139

Ransomware Government Education Malware 139

Malwarebytes

NOVEMBER 17, 2021

If your kids play Roblox, you may wish to warn them of ransomware perils snapping at their heels. A very smart, and determined attack has been taking place for a little while now. Although initially dismissed as a form of prank , the developers under fire now disagree. Whether prank or malicious campaign, the end results are still bad for everyone involved.

Ransomware 138

Ransomware Scams Malware Phishing 138

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk