Schneier on Security
JANUARY 24, 2022
Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times more Mozi malware samples were observed in 2021 compared to 2020.
The Last Watchdog
JANUARY 24, 2022
Artificial intelligence (AI) is woven into the fabric of today’s business world. However, business model integration of AI is in its infancy and smaller companies often lack the resources to leverage AI. Related: Deploying human security sensors. Even so, AI is useful across a wide spectrum of industries. There already are many human work models augmented by AI.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 24, 2022
Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.
CSO Magazine
JANUARY 24, 2022
The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 24, 2022
Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.
Javvad Malik
JANUARY 24, 2022
Back in the olden times (in 2005) a website was setup called the Million Dollar Homepage. A brainchild of student Alex Tew who wanted to raise some money for university. The concept was simple, get a webpage composed of a million pixels and sell them all for $1 each. They were sold in 10 x 10 pixel blocks. Whoever bought the block could provide an image, logo, text, link etc.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JANUARY 24, 2022
A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts. [.].
Security Boulevard
JANUARY 24, 2022
A popular maker of WordPress plugins and themes was hacked—93 of AccessPress’s offerings were modified to give the hackers “full access” to users’ sites. The post WordPress Supply Chain Attack—93 Add-Ons Infected for Months appeared first on Security Boulevard.
Bleeping Computer
JANUARY 24, 2022
Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. [.].
Thales Cloud Protection & Licensing
JANUARY 24, 2022
Data Privacy and Security: It Takes Two to Tango. madhav. Tue, 01/25/2022 - 05:15. The National Cybersecurity Alliance (NCA) announced earlier this year that they have expanded the Data Privacy Day campaign into Data Privacy Week , a full week-long initiative. Data Privacy Day began in the United States and Canada in January 2008 as an extension of Data Protection Day in Europe.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JANUARY 24, 2022
Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, l
Security Boulevard
JANUARY 24, 2022
Companies are looking for ways to reduce the risks from cyberattacks and 2022 looks to be the year organizations accept that security must become an adaptable, changeable system within the business and overhaul their legacy static approaches accordingly. As the public grows more aware of the impacts of cyberattacks and demand action, organizations must take.
CSO Magazine
JANUARY 24, 2022
Education and research were the top targets for cyberattackers in 2021, with an average of 1605 attacks per organization per week, a 75% increase from 2020, according to research by Check Point Software Technologies. Pandemic’s push for digital invites threats . The COVID-19 pandemic has pushed staff in businesses and education to work from home. The resulting need for digital skills and online courses has boosted the digital education market, creating opportunities for study but also for cybert
Malwarebytes
JANUARY 24, 2022
In the early 2000’s, the Segway company released a personal transporter that would become iconic. The Segway Human Transporter was quickly sold on Amazon and featured in a number of movies. Since 2015, Segway has been a subsidiary of Chinese-based company Ninebot and sells electric scooters under the Ninebot brand. By 2020, a number of changes in personal transportation forced the company to halt the production of its famous Segway PT.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JANUARY 24, 2022
Two security vulnerabilities that impact the Control Web Panel (CWP) software can be chained by unauthenticated attackers to gain remote code execution (RCE) as root on vulnerable Linux servers. [.].
InfoWorld on Security
JANUARY 24, 2022
Outside the insurance industry, few people likely noticed that Lloyd’s of London “will no longer cover the fallout of cyberattacks exchanged between nation-states.” It would be easy to overlook, except that Lloyd’s is a major global insurer; its actions will have a ripple effect. It’s already the case that ransomware attacks across the globe have prompted Lloyd’s syndicate members to charge higher premiums while pulling back coverage for rank-and-file enterprises by nearly 50%.
Security Boulevard
JANUARY 24, 2022
By Steve Hanna, Co-chair of TCG’s Industrial Work Group and IoT Work Group Many sectors now utilize Internet of Things (IoT) equipment to drive digital transformation, and ultimately increase automation and efficiency. In particular, the energy sector is seeing wide implementation, from the equipment used in oil and gas extraction, to the tools monitoring an … Continue reading "Protecting the energy sector’s industrial IoT".
We Live Security
JANUARY 24, 2022
Somebody could easily take control of your PayPal account and steal money from you if you’re not careful – here's how to stay safe from a simple but effective attack. The post How I hacked my friend’s PayPal account appeared first on WeLiveSecurity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CyberSecurity Insiders
JANUARY 24, 2022
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers. Executive summary. One of the primary ways that adversaries gain access to environments is through valid credentials. Because of this, maintenance and auditing of user accounts is an integral part of maintaining a good security posture.
Security Boulevard
JANUARY 24, 2022
Phoenix TS Is proud to be a trusted and verified partner of CompTIA! CompTIA (The Computing Technology Industry Association) is globally recognized for providing vendor neutral training and certifications that help drive the market of information technology. Phoenix has collaborated with CompTIA to provide training that allows professionals to pursue the most sought-after certifications […].
Security Affairs
JANUARY 24, 2022
Russian authorities arrested four alleged members of the international cyber theft ring tracked as ‘Infraud Organization.’ In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved in stealing and selling credit card and personal identity data. The Justice Department announced indictments for 36 people charged with being part of a crime ring.
Bleeping Computer
JANUARY 24, 2022
The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
JANUARY 24, 2022
via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic. Permalink. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 365’ appeared first on Security Boulevard.
Bleeping Computer
JANUARY 24, 2022
A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks. [.].
Security Boulevard
JANUARY 24, 2022
Posted under: Research and Analysis. It’s brutal running a security operations center (SOC) today. The attack surface continues to expand, in a lot of cases exponentially, as data moves to SaaS, applications move to containers, and the infrastructure moves to the cloud. The tools used by the SOC analysts are improving, but not fast enough. It seems adversaries remain one (or more) steps ahead.
PCI perspectives
JANUARY 24, 2022
From 24 January to 22 February 2022, Mobile Task Force members and PCI-Recognized Laboratories are invited to review and provide feedback on the new Mobile Payments on COTS (MPoC) Standard during a 30-day request for comments (RFC) period.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
JANUARY 24, 2022
A group of hackers (known as Belarusian Cyber-Partisans) claim they breached and encrypted servers belonging to the Belarusian Railway, Belarus's national state-owned railway company. [.].
SecureBlitz
JANUARY 24, 2022
This post will show you the top 5 top Apple Mail alternatives for iPhone and Mac… Unlike other apps such as Safari and Notes, Apple Mail for macOS hasn’t been improved for a long time. The mail app is missing not only an intuitive interface but also some of the most important features such as. The post 5 Top Apple Mail Alternatives For iPhone And Mac appeared first on SecureBlitz Cybersecurity.
Security Boulevard
JANUARY 24, 2022
. Dear blog readers, I've decided to share with everyone an in-depth historical OSINT analysis on some of the primary pay per install rogue fraudulent and malicious affiliate network based rogue and fraudulent revenue sharing scheme operating malicious software gangs that are known to have been active back in 2008 with the idea to assist everyone in their cyber campaign attribution efforts.
CSO Magazine
JANUARY 24, 2022
The crackdown on members of the REvil randsomware gang by agents of the Kremlin's domestic security force January 14 is sending a wave of distress and dread through the Russian hacker underground, according to researchers at Trustwave's SpiderLabs. "What our researchers found was a great deal of anxiety and consternation from those who participate in these Dark Web forums regarding the FSB arrests and how those actions will impact them in the future," Trustwave noted Friday in a company blog pos
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
291 
Let's personalize your content