Lohrman on Security
JUNE 13, 2021
After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?
Hot for Security
JUNE 15, 2021
Our mobile devices are not just a means to communicate with others. They’ve evolved into a data storage device, a video and sound recorder, as well as an easy way to access our bank accounts. Mobile security is often overlooked by many technology users, who dismiss the reality of security risks brought by careless interactions with the digital world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
JUNE 15, 2021
Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan. Moynihan made the comment on CNBC’s Squawk Box show yesterday (June 14), noting that “I became CEO 11 and a half years ago, and we probably spent $300 million to $400 million (per year) and we’re up over a billion now… The institutions around us, other institutions and my peers, spend like amounts, and our contra
Troy Hunt
JUNE 14, 2021
Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on the Finnish government. Finland is now the 5th Nordic country and 21st national CERT to be onboarded with many more from around the globe to be announced shortly.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JUNE 17, 2021
General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.” GEA-1 was d
Krebs on Security
JUNE 16, 2021
Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School , the University of California , and University of Maryland. A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Hot for Security
JUNE 17, 2021
In December last year, we reported how the email and mailing addresses of some 270,000 Ledger customers had been published on a hacking forum following a data breach. At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal users’ credentials. What we hadn’t predicted was that cybercriminals would use a rather more elaborate way to steal users’ credentials.
Schneier on Security
JUNE 16, 2021
TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies. Express VPN is incorporated in the British Virgin Islands. NordVPN is incorporated in Panama.
Krebs on Security
JUNE 15, 2021
The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her
Tech Republic Security
JUNE 16, 2021
Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Hot for Security
JUNE 18, 2021
According to a report by Catalin Cimpanu at The Record , authorities in South Korea have filed charges against employees at a computer repair store. What are the nine charged employees of the unnamed company based in Seoul alleged to have done? Created and installed ransomware onto the computers of their customers, netting more than 360 million won (approximately US $320,000.).
Schneier on Security
JUNE 14, 2021
This is a current list of where and when I am scheduled to speak: I’ll be part of a European Internet Forum virtual debate on June 17, 2021. The topic is “Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?” I’m speaking at the all-online Society for Philosophy and Technology Conference 2021 , June 28-30, 2021.
Krebs on Security
JUNE 18, 2021
In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [ NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.
Tech Republic Security
JUNE 15, 2021
56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
We Live Security
JUNE 18, 2021
By failing to prepare you are preparing to fail – here’s what you can do today to minimize the impact of a potential ransomware attack in the future. The post 5 essential things to do before ransomware strikes appeared first on WeLiveSecurity.
Schneier on Security
JUNE 15, 2021
Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of optical-scan voting machines (possibly over several years of use) can cause paper-fold lines in absentee ballots to be interpreted as votes… New Hampshire (and other states) may need to maintain the accu
Google Security
JUNE 16, 2021
Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacks—unauthorized modifications to software packages—have been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software. The software development and deployment supply chain is quite complicated, with numerous threats along the source ?
Tech Republic Security
JUNE 17, 2021
With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
JUNE 14, 2021
US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang, which claims to be auctioning data stolen during the attack. [.].
Security Boulevard
JUNE 14, 2021
$4.4 million. That’s how much ransom Colonial Pipeline paid recently after a ransomware attack crippled the company’s computers, forcing it to shut down 5,500 miles of its gas pipeline, sending the Southeast into an almost overnight gas shortage. The post Ransomware Attacks Increasing: Tips to Keep Your Organization Safe | Apptega appeared first on Security Boulevard.
Google Security
JUNE 18, 2021
Posted by Kristoffer Janke, Information Security Engineer Are you ready for no sleep, no chill and a lot of hacking? Our annual Google CTF is back! The competition kicks off on Saturday July 17 00:00:01 AM UTC and runs through Sunday July 18 23:59:59 UTC. Teams can register at [link]. Just like last year, the top 16 teams will qualify for our Hackceler8 speed run and the chance to take home a total of $30,301.70 in prize money.
Tech Republic Security
JUNE 14, 2021
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JUNE 12, 2021
Financial software company Intuit has notified TurboTax customers that some of their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. [.].
Security Boulevard
JUNE 12, 2021
This week we have good news and bad news. On the one hand, a COO was caught and charged with potentially attacking a rival medical institution. A stolen data marketplace was shut down and bugs were found (all around). However, there has also been an increase in high-profile cyber-attacks. Keep reading to get this week’s top cybernews. The post Security News In Review: REvil Attacks Nuclear Contractor Sol Oriens appeared first on Security Boulevard.
We Live Security
JUNE 14, 2021
How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business? The post Vishing: What is it and how do I avoid getting scammed? appeared first on WeLiveSecurity.
Tech Republic Security
JUNE 16, 2021
A new IBM global report examining consumer behaviors finds an average of 15 new online accounts were created and 82% are reusing the same credentials some of the time.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CSO Magazine
JUNE 15, 2021
With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ].
Security Boulevard
JUNE 14, 2021
A nasty vulnerability in most Linux distributions is raising eyebrows among the penguinistas. The post Who, Us? Linux Root Bug Quietly Added 7 Years Ago appeared first on Security Boulevard.
Bleeping Computer
JUNE 15, 2021
An alleged preview build for Windows 11 has been leaked, confirming the new name for Microsoft's next generation of Windows and providing a glimpse of the new features. [.].
CyberSecurity Insiders
JUNE 18, 2021
This is the third of three blogs in a series to help the energy and utility industries. You can read the first blog on Ransomware and Energy and Utilities and the second blog on Threat Intelligence and Energy and Utilities as well. Convergence of IT/OT is now a reality: Whether intentional or accidental, IT and operational technology (OT) are converging to support business outcomes of reducing costs and taking advantage of efficiencies.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
284 
Let's personalize your content