Schneier on Security

NOVEMBER 24, 2020

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers for negligent homicide, but the details were more complicated: After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim’s medi

Ransomware 349

Ransomware Cybercrime Hacking 349

Tech Republic Security

NOVEMBER 24, 2020

If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.

214

214

Security Affairs

NOVEMBER 24, 2020

Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the time it infected around half a million computers worldwide.

Adware 134

Adware Malware Hacking Software 134

Tech Republic Security

NOVEMBER 24, 2020

Capturing the phone's IMSI number and MAC address, the leaked data could have made users trackable, potentially over their lifetimes, says Palo Alto Networks.

150

150

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

NOVEMBER 24, 2020

As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.

Backups 145

Backups Ransomware 145

Tech Republic Security

NOVEMBER 24, 2020

If you're looking for the best Android VPN, Jack Wallen thinks Google's take on the service might be the perfect fit for those wanting both performance and security.

VPN 143

VPN 143

SecureWorld News

NOVEMBER 24, 2020

Do two wrongs make a right? Newly revealed court documents show us the math on that idea still does not add up. This case involves three players. Two of them are charged with being dirty cops who demanded bribes in certain situations. The other person is Thomas Moyer, Apple's Global Head of Security and former Chief Compliance Officer. He is accused of going along with bribery demands made by the officers to get what he needed.

130

130

Security Affairs

NOVEMBER 24, 2020

Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An out-of-band optional update is now available on the Microsoft Update Catalog to address a known issue affecting Kerberos authentication.

Authentication 122

Authentication Hacking Information Security Malware 122

Tech Republic Security

NOVEMBER 24, 2020

Graylog makes it easy to send syslog information from clients to the hosting server. Jack Wallen shows you how.

121

121

Security Affairs

NOVEMBER 24, 2020

Two Baidu Android apps have been removed from the Google Play Store in October after they’ve been caught collecting sensitive user details. Two apps belonging to Chinese tech giant Baidu, Baidu Maps and Baidu Search Box, have been removed from the Google Play Store at the end of October after they’ve been caught collecting sensitive user details.

Data collection 106

Data collection Mobile Spyware Surveillance 106

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

NOVEMBER 24, 2020

Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.

Hacking 118

Hacking Wireless 118

We Live Security

NOVEMBER 24, 2020

This won't be music to your ears – researchers spot an unsecured database replete with records used for an account hijacking spree. The post Up to 350,000 Spotify accounts hacked in credential stuffing attacks appeared first on WeLiveSecurity.

Accountability 101

Accountability Hacking Passwords 101

Security Affairs

NOVEMBER 24, 2020

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings by tricking GoDaddy employees into handing over the control of the targeted domains with social engineering attacks.

Social Engineering 99

Social Engineering Engineering DNS Data breaches 99

Digital Shadows

NOVEMBER 24, 2020

INTRODUCING EGREGOR RANSOMWARE GROUP First observed on September 25th, 2020, the Egregor ransomware variant has been making considerable strides in. The post Egregor: The New Ransomware Variant to Watch first appeared on Digital Shadows.

Ransomware 98

Ransomware Cybercrime 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

NOVEMBER 24, 2020

Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Security experts from vpnMentor have uncovered a possible credential stuffing operation that affected some Spotify accounts. Threat actors behind the campaign are using a database containing over 380 million records, including login credentials and other data for Spotify accounts, likely amassed from various sources.

Identity Theft 98

Identity Theft Accountability Passwords Phishing 98

IT Security Central

NOVEMBER 24, 2020

Ransomware has been the scourge of cybersecurity and may have led to a recent death. Now it soon may get way more dangerous The threats to cybersecurity are constantly evolving. As security teams develop solutions to the threats, malicious actors change their tactics to keep chasing their ill gotten gains. After all, the Game is […].

Ransomware 104

Ransomware Cybersecurity Threat Detection Data breaches 104

Approachable Cyber Threats

NOVEMBER 24, 2020

Category Awareness Risk Level. As a former retail worker, I used to dread the holidays. The crowds at the mall were suffocating, parking was a nightmare, and you could see the panic in people’s eyes as they sought the perfect gift. In 2020 though, Black Friday will be a little different for those who choose to visit stores, but for the rest of us, we have online shopping to the rescue.

Retail 97

Retail Passwords Banking Accountability 97

USD on Cyber Security

NOVEMBER 24, 2020

How secure is your business or organization’s technology? What areas need to be strengthened? What risks are you facing every day? These are extremely important questions, and ones that security consultants strive to answer as they fight on the front lines against all types of security threats. In this blog post, we’ll cover everything related […].

Technology 95

Technology Risk 95

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Trend Micro

NOVEMBER 24, 2020

Cybercriminals have recently been focusing their efforts on the retail industry, launching ransomware-based attacks that could prove disastrous for businesses if it disrupts their operations during important shopping seasons.

Retail 93

Retail Ransomware 93

Threatpost

NOVEMBER 24, 2020

Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.

Ransomware 128

Ransomware Malware 128

Dark Reading

NOVEMBER 24, 2020

The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.

109

109

Threatpost

NOVEMBER 24, 2020

Fake Minecraft Modpacks on Google Play deliver millions of abusive ads and make normal phone use impossible.

Advertising 111

Advertising Mobile Malware 111

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

NOVEMBER 24, 2020

Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.

Ransomware 130

Ransomware 130

Threatpost

NOVEMBER 24, 2020

Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay.

Encryption 89

Encryption Passwords IoT Malware 89

Dark Reading

NOVEMBER 24, 2020

The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.

Malware 130

Malware 130

Security Affairs

NOVEMBER 24, 2020

Following the recent takedown, the TrickBot operators have implemented various improvements to make it more resilient. In October, Microsoft’s Defender team, FS-ISAC , ESET , Lumen’s Black Lotus Labs , NTT , and Broadcom’s cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet.

Malware 80

Malware Backups Ransomware Hacking 80

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

NOVEMBER 24, 2020

Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.

Internet 113

Internet Internet 113

Threatpost

NOVEMBER 24, 2020

Events application Peatix this week disclosed a data breach, after user account information reportedly began circulating on Instagram and Telegram.

Data breaches 89

Data breaches Accountability Passwords Phishing 89

eSecurity Planet

NOVEMBER 24, 2020

Secure access service edge (SASE) is a combination of technologies that increase security at the edge of the network. Here's what you need to know.

Technology 94

Technology 94

Dark Reading

NOVEMBER 24, 2020

Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.

Hacking 104

Hacking 104

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.