Joseph Steinberg

JULY 8, 2021

Recent crippling ransomware attacks have highlighted the tremendous financial price that businesses often pay after suffering a cyber breach; hacker-inflicted damages such as multi-million-dollar ransoms and even larger recovery costs, harmed reputations, and significant downtimes, which, not that many years ago, were topics of only fictional novels and films, have now become part our collective reality.

Insurance 363

Insurance Cyber Insurance Cybersecurity Small Business 363

Threatpost

JULY 5, 2021

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware. InfoSec Insider Malware

Ransomware 136

Ransomware InfoSec Malware 136

The State of Security

JULY 7, 2021

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing, on its own, cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis, and are required by standards such as PCI, […]… Read More.

Penetration Testing 106

Penetration Testing Cyber Risk Risk 106

Troy Hunt

JULY 5, 2021

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other

Government 362

Government Data breaches 362

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JULY 7, 2021

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.

Backups 328

Backups Software Engineering 328

Schneier on Security

JULY 5, 2021

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught.

311

311

Troy Hunt

JULY 6, 2021

A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn't understand, namely devoting a bunch of my time to creating things for the community. Not for money, not for glory, but for the love of technology and for the joy of seeing it make a difference to people.

Media 285

Media Technology 285

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Software 282

Software Ransomware System Administration Authentication 282

Bleeping Computer

JULY 9, 2021

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. [.].

Insurance 145

Insurance Data breaches Ransomware 145

Tech Republic Security

JULY 9, 2021

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.

Phishing 214

Phishing Scams Cybersecurity 214

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

JULY 8, 2021

Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here’s what might change the calculus. The post Ransomware: To pay or not to pay? Legal or illegal? These are the questions … appeared first on WeLiveSecurity.

Ransomware 145

Ransomware 145

Graham Cluley

JULY 8, 2021

Security researchers report that a notorious North Korean hacking group has been targeting engineers working in the defence industry. Read more in my article on the Tripwire State of Security blog.

Engineering 145

Engineering Hacking Malware 145

Bleeping Computer

JULY 8, 2021

Microsoft has released an emergency fix for printing issues affecting Zebra and Dymo receipt or label printers caused by changes in the recently released KB5003690, KB5004760, and KB5004945 updates. [.].

145

145

Tech Republic Security

JULY 8, 2021

Ransomware attacks are getting bigger and harder to defend against. Tom Merritt lists the top five more things about ransomware you need to know.

Ransomware 216

Ransomware 216

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

JULY 7, 2021

ESET Research uncovers an active malicious campaign that uses new versions of old malware, Bandook, to spy on its victims. The post Bandidos at large: A spying campaign in Latin America appeared first on WeLiveSecurity.

Malware 145

Malware 145

Security Boulevard

JULY 9, 2021

Do you deploy security products to protect your organization against data breaches as part of your infrastructure cybersecurity strategy? If so, it’s important to ensure there are no critical gaps in your security stack. If you consider the category of breach protection critical, you should shift from a product-oriented to a protection-oriented mindset.

Data breaches 145

Data breaches Cybersecurity Antivirus Software 145

Bleeping Computer

JULY 9, 2021

The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses. [.].

Cryptocurrency 145

Cryptocurrency 145

Tech Republic Security

JULY 8, 2021

Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.

210

210

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

We Live Security

JULY 3, 2021

As news breaks about the supply-chain ransomware attack against Kaseya's IT management software, here’s what we know so far. The post Kaseya supply‑chain attack: What we know so far appeared first on WeLiveSecurity.

Ransomware 145

Ransomware Software Cybersecurity 145

Security Boulevard

JULY 7, 2021

Cyberattacks on hospitals are rising, and patients are worried. Is my personal data at risk? Could ransomware or hackers effectively shut down the ER near me? Consider these findings from a March 2021 report by cybersecurity provider Morphisec: About one in five Americans said their health care was affected by cyberattacks last year. Nearly. The post How to Protect Medical Devices from Ransomware appeared first on Security Boulevard.

Ransomware 145

Ransomware Risk Cybersecurity IoT 145

Bleeping Computer

JULY 7, 2021

Researchers have bypassed Microsoft's emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed. [.].

145

145

Tech Republic Security

JULY 7, 2021

A new phishing campaign claims to offer a security update for Kaseya's VSA software but actually tries to install malware, says Malwarebytes.

Malware 215

Malware Phishing Ransomware Software 215

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

JULY 3, 2021

Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims.

Passwords 145

Passwords 145

Graham Cluley

JULY 7, 2021

While the world continues to wait for Kaseya to issue an update to patch VSA installations against a vulnerability exploited by the REvil ransomware gang, security researchers spotted a malware campaign which is taking advantage of the vacuum.

Malware 145

Malware Ransomware 145

Bleeping Computer

JULY 7, 2021

Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates. [.].

Ransomware 145

Ransomware 145

Tech Republic Security

JULY 6, 2021

Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.

184

184

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Boulevard

JULY 8, 2021

The recent rash of API security incidents (Peloton, Experian, Clubhouse, etc.) has no doubt forced many security and development teams to take a closer look at their API security posture to ensure they are not the next headline. Creating an inventory of all APIs exposed to external audiences is the most common starting point that […]. The post API Security Need to Know: Top 5 Authentication Pitfalls appeared first on Cequence.

Authentication 145

Authentication Risk 145

Security Affairs

JULY 9, 2021

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. The insurance firm paid a $40 ransom to restore access to its files following the ransomware attack. According to Bloomberg, CNA Financial opted to pay the ransom two weeks after the security breach because it was not able to restore its operations.

Data breaches 144

Data breaches Insurance Ransomware Identity Theft 144

Bleeping Computer

JULY 6, 2021

Microsoft has released the KB5004945 emergency security update to address the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. [.].

145

145

Tech Republic Security

JULY 7, 2021

An analysis by Sophos suggests that the latest attack is similar to one that Kaseya endured in 2018.

Software 218

Software Ransomware 218

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk