Schneier on Security

APRIL 19, 2021

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called “the Mozart of exploit design,” had found one in open-source code from Mozilla that Apple used to permit accessories to be

Software 280

Software Hacking 280

Tech Republic Security

APRIL 19, 2021

Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law.

Data privacy 162

Data privacy 162

Trend Micro

APRIL 19, 2021

What happens in Carbanak and FIN7 attacks? Here are some techniques used by these financially motivated threat groups that target banks, retail stores, and other establishments.

Retail 145

Retail Banking 145

Security Boulevard

APRIL 19, 2021

Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as […]… Read More.

Cybersecurity 145

Cybersecurity Security Awareness 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Hot for Security

APRIL 19, 2021

Notorious FIN7 gang stole payment card details from retailers around the world Cybercrime gang posed as penetration testing firm to recruit hackers. A key member of the FIN7 cybercrime gang – which is said to have caused over one billion dollars worth of damage around the world – has been sentenced to 10 years in jail. 35-year-old Ukrainian national Fedir Hladyr worked as the sysadmin for the FIN7 gang (also sometimes known as Carbanak, Navigator Group, or Anunak) which made its fort

Penetration Testing 144

Penetration Testing Retail Social Engineering Cybersecurity 144

Security Boulevard

APRIL 19, 2021

Many types of malware silently persist on the network, move laterally, communicate with their C2, or obfuscate their behaviors to prevent detection. In contrast to this, traditional ransomware was all about coming in with a big splash and causing immediate damage. The post Ransomware Decoded: Preventing Modern Ransomware Attacks appeared first on Security Boulevard.

Ransomware 144

Ransomware Malware Antivirus InfoSec 144

Security Affairs

APRIL 19, 2021

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. While the value of major cryptocurrencies continues to increase, cybercriminals and malware authors focus their efforts on cryptocurrency miners and malicious code that could empty the wallets of the victims. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurr

Cryptocurrency 143

Cryptocurrency Malware Hacking Banking 143

Tech Republic Security

APRIL 19, 2021

A new study finds that 84% of IT admins think allowing users to set up groups and set governance rules will save time and money.

Government 149

Government 149

We Live Security

APRIL 19, 2021

The 30-day grace period is designed to speed up the rollout and adoption of patches. The post Google’s Project Zero to wait longer before disclosing bug details appeared first on WeLiveSecurity.

139

139

Hot for Security

APRIL 19, 2021

A recent study analyzing the most effective social media phishing scams shows that LinkedIn-related emails were among the most successful entry points in the first quarter of 2021. According to KnowBe4’s simulated phishing tests report, 42% of employees will click on email subjects posing as authentic LinkedIn correspondence. “LinkedIn phishing messages have dominated the social media category for the last three years,” the report said.

Scams 134

Scams Media Phishing Passwords 134

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

APRIL 19, 2021

Security experts said the recent upheaval in the job market makes it imperative to bolster separation protocols further.

Marketing 151

Marketing 151

CyberSecurity Insiders

APRIL 19, 2021

By the time you read this article, most of you might have come across a link via text or email claiming to turn your WhatsApp web and mobile interface into PINK color. But cyber experts claim the link will lead victims to a malware that will help hackers to hack the device and the victim might lose access to their WhatsApp account on a respective note.

Malware 128

Malware Mobile Cryptocurrency Banking 128

Tech Republic Security

APRIL 19, 2021

The Center for Internet Security recently launched a free tool for private U.S. hospitals to block malicious activity.

Ransomware 147

Ransomware Internet Internet 147

Security Boulevard

APRIL 19, 2021

Schools became a major hotspot for cyberattacks as students moved to online learning. In the last 30 days, education was the most targeted sector, receiving more than 60% of all malware encounters, or more than 5 million incidents, according to Microsoft Security Intelligence. The Government Accounting Office wants to know what the U.S. Department of.

Education 123

Education Security Intelligence Government Malware 123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

APRIL 19, 2021

A new ransomware dubbed ‘NitroRansomware’ has appeared in the threat landscape, it demands a Discord Nitro gift code to decrypt files. Researchers from BleepingComputer reported infections of a new singular ransomware dubbed NitroRansomware which demands a Discord Nitro gift code to the victims to decrypt their files. Discord is a free VoIP, instant messaging and digital distribution platform designed for creating communities.

Ransomware 123

Ransomware Encryption Malware Hacking 123

Bleeping Computer

APRIL 19, 2021

Microsoft has disabled Google's controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser. [.].

Software 143

Software 143

SecureList

APRIL 19, 2021

On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo , Senior Security Researchers from our Global Research & Analysis Team (GReAT), who gave live workshops on practical disassembling, decrypting and deobfuscating authentic malware cases, moderated by GReAT’s own Dan Demeter. Ivan demonstrated how to strip the obfuscation from the recently discovered Cycldek-related tool , while Denis presented an exercise on reversing the MontysThree’s malware stegano

Engineering 122

Engineering Malware InfoSec Education 122

Veracode Security

APRIL 19, 2021

You???ve heard of DevOps. And by now, you???ve probably also heard of DevSecOps , which extends DevOps principles into the realm of security. In DevSecOps, security breaks out of its ???silo??? and becomes a core part of the DevOps lifecycle. That, at least, is the theory behind DevSecOps. What???s often more challenging for developers to figure out is how to apply DevSecOps in practice.

Engineering 121

Engineering Software Technology 121

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

APRIL 19, 2021

Pentagon has issued a cyber threat warning to all satellites operating for United States that China and Russia are planning to take down their space stations through cyber attacks and not missiles. Derek Tournear, the director of Space Development Agency (SDA) said that in the next two years, both the adversaries of North America are planning to take down the space crafts of United States used for communication and critical infrastructure management.

Cyber threats 120

Cyber threats Cyber Attacks Encryption Malware 120

CSO Magazine

APRIL 19, 2021

Organizations adopt DevSecOps for a variety of reasons: to enable digital transformation projects, deliver value faster, gain a competitive advantage, lower the cost of security remediations, and more. Despite the rush to adoption, organizations sometimes fail with their DevSecOps initiatives, and the reasons for those failures are avoidable. Here are the most common causes for DevSecOps efforts to fail.

Digital transformation 119

Digital transformation 119

Security Affairs

APRIL 19, 2021

Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased.

Hacking 116

Hacking Phishing Accountability Internet 116

Security Boulevard

APRIL 19, 2021

It didn’t take threat actors long to jump on a vulnerability affecting Microsoft Exchange mail server software. While exploits involving an array of malware from ransomware to webshells are well-documented, Sophos researchers report that other payloads have been aimed at Exchange servers. “It stood to reason that the Microsoft Exchange server vulnerabilities would be leveraged.

Ransomware 113

Ransomware Malware Software Cybersecurity 113

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SC Magazine

APRIL 19, 2021

AIG is one of the top cyber insurance companies in the U.S. Today’s columnist, Erin Kennealy of Guidewire Software, offers ways for security pros, the insurance industry and government regulators to come together so insurance companies can continue to offer insurance for ransomware. eflon CreativeCommons CC BY 2.0. We are all well aware that ransomware exposures and impacts have grown rapidly as professionals have shifted to working from home because of the pandemic, resulting in expanded threat

Insurance 113

Insurance Cyber Insurance Ransomware InfoSec 113

The Hacker News

APRIL 19, 2021

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload.

Malware 112

Malware Cryptocurrency 112

Bleeping Computer

APRIL 19, 2021

Car insurance provider Geico has suffered a data breach where threat actors stole the driver's licenses for policyholders for over a month. [.].

Data breaches 125

Data breaches Insurance 125

The Hacker News

APRIL 19, 2021

A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information.

Malware 111

Malware Phishing 111

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips. The new variant also implements new features for data-stealing focused on cryptocurrency apps.

Malware 119

Malware Cryptocurrency Architecture Engineering 119

Security Boulevard

APRIL 19, 2021

Last week, software testing firm Codecov disclosed a noteworthy security incident that gained the attention of the U.S. federal government investigators. The post What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetected for 2 Months appeared first on Security Boulevard.

Government 108

Government Software 108

Threatpost

APRIL 19, 2021

Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses climate change and the cyber-resilience lessons companies should take away from dealing with the pandemic.

Cybersecurity 110

Cybersecurity IoT InfoSec 110

The Hacker News

APRIL 19, 2021

The concept of "passwordless" authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn't want an easier way?

Media 107

Media Authentication Passwords Accountability 107

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.