Mon.Jan 24, 2022

Linux-Targeted Malware Increased by 35%

Schneier on Security

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021.

GUEST ESSAY: A primer on why AI could be your company’s cybersecurity secret weapon in 2022

The Last Watchdog

Artificial intelligence (AI) is woven into the fabric of today’s business world. However, business model integration of AI is in its infancy and smaller companies often lack the resources to leverage AI. Related: Deploying human security sensors. Even so, AI is useful across a wide spectrum of industries. There already are many human work models augmented by AI. Understanding the established models before integrating AI is critical.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Emotet spam uses unconventional IP address formats to evade detection

Security Affairs

Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection.

Are You Prepared to Defend Against a USB Attack?

Dark Reading

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause

112
112

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Personal identifying information for 1.5 billion users was stolen in 2021, but from where?

Tech Republic Security

Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities

Predict 2022: Top Cybersecurity Threats for 2022

Security Boulevard

Two cybersecurity experts identified the top security threats for 2022 during an online Predict 2022 conference hosted by Techstrong Live, an arm of Techstrong Group, the parent company of Security Boulevard.

More Trending

WordPress Supply Chain Attack—93 Add-Ons Infected for Months

Security Boulevard

A popular maker of WordPress plugins and themes was hacked—93 of AccessPress’s offerings were modified to give the hackers “full access” to users’ sites. The post WordPress Supply Chain Attack—93 Add-Ons Infected for Months appeared first on Security Boulevard.

Stories from the SOC – Inactive Account Exploitation

CyberSecurity Insiders

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers. Executive summary.

Russian authorities arrested the kingpin of cybercrime Infraud Organization

Security Affairs

Russian authorities arrested four alleged members of the international cyber theft ring tracked as ‘Infraud Organization.’

A Level-Set on Russia-Borne Cyber Threats

Dark Reading

As hostilities mount between Russia and Ukraine, new and more dangerous cyberattacks are likely to develop. Pinpointing sources and motives will remain elusive, but enterprises should prepare for an escalation in cyberspace

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

API Security, Ransomware Top 2022 Threats

Security Boulevard

Companies are looking for ways to reduce the risks from cyberattacks and 2022 looks to be the year organizations accept that security must become an adaptable, changeable system within the business and overhaul their legacy static approaches accordingly.

How I hacked my friend’s PayPal account

We Live Security

Somebody could easily take control of your PayPal account and steal money from you if you’re not careful – here's how to stay safe from a simple but effective attack. The post How I hacked my friend’s PayPal account appeared first on WeLiveSecurity. How To

Protecting the energy sector’s industrial IoT

Security Boulevard

By Steve Hanna, Co-chair of TCG’s Industrial Work Group and IoT Work Group Many sectors now utilize Internet of Things (IoT) equipment to drive digital transformation, and ultimately increase automation and efficiency.

Alleged carder gang mastermind and three acolytes under arrest in Russia

Naked Security

The motto of the gang was "In Fraud We Trust", and they went by a dizzying range of online nicknames. Law & order bust Cybercrime Infraud

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

CompTIA and Continuing Education (CE’s)

Security Boulevard

Phoenix TS Is proud to be a trusted and verified partner of CompTIA! CompTIA (The Computing Technology Industry Association) is globally recognized for providing vendor neutral training and certifications that help drive the market of information technology.

Hackers Using New Malware Packer DTPacker to Avoid Analysis, Detection

The Hacker News

A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans (RATs) and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks.

Balancing Privacy for Good

Cisco CSR

“The processing of personal data should be designed to serve mankind.

What Logistics Leaders Need To Know About APIs in Supply Chain Cyber Security

Security Boulevard

. The post What Logistics Leaders Need To Know About APIs in Supply Chain Cyber Security appeared first on Security Boulevard. Security Bloggers Network

91

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

5 Top Apple Mail Alternatives For iPhone And Mac

SecureBlitz

This post will show you the top 5 top Apple Mail alternatives for iPhone and Mac… Unlike other apps such as Safari and Notes, Apple Mail for macOS hasn’t been improved for a long time. The mail app is missing not only an intuitive interface but also some of the most important features such as.

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 365’

Security Boulevard

via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic. Permalink. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 365’ appeared first on Security Boulevard.

The Value Of Software Product Risk Assessment

SecureBlitz

This post will show you the value of software product risk assessment.

SOC 2025: The Coming SOC Evolution

Security Boulevard

Posted under: Research and Analysis. It’s brutal running a security operations center (SOC) today. The attack surface continues to expand, in a lot of cases exponentially, as data moves to SaaS, applications move to containers, and the infrastructure moves to the cloud.

Request for Comments: New Mobile Payments on COTS (MPoC) Standard

PCI perspectives

From 24 January to 22 February 2022, Mobile Task Force members and PCI-Recognized Laboratories are invited to review and provide feedback on the new Mobile Payments on COTS (MPoC) Standard during a 30-day request for comments (RFC) period. Participation Mobile Request for Comments SPoC Contactless

Tales from the Dark Web, Part 2: Ransomware Stacked With Distribution Services Creates the Perfect Storm

Dark Reading

Security professionals need to understand the actors behind ransomware threats, how they operate and how they continuously find new victims to target

Exposing a Portfolio of Pay Per Install Rogue and Fraudulent and Malicious Affiliate Network Domains – An OSINT Analysis

Security Boulevard

REvil gang member arrests strike fear among cybercriminals on the Dark Web

Tech Republic Security

Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals

124
124

PyPI Flooded with 1,275 Dependency Confusion Packages

Security Boulevard

Sonatype’s automated malware detection platform Nexus Firewall has flagged multiple dependency confusion packages on the PyPI registry today, all uploaded by the same user.

Hackers Creating Fraudulent Crypto Tokens as Part of 'Rug Pull' Scams

The Hacker News

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users.

Exposing the Internet-Connected Infrastructure of the REvil Ransomware Gang – An In-Depth OSINT Analysis

Security Boulevard

The Case for Backing Up Source Code

Dark Reading

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories

83

Zero Trust Security – A Quick Guide

Security Boulevard

Zero Trust is a security framework that requires authentication, authorization, and validation from all users, whether inside or outside the organization's network. This is mandatory for security configuration and precedes granting privileged access to the organization's data or applications.

Trickbot Injections Get Harder to Detect & Analyze

Dark Reading

The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research

Dark Web Threat Intelligence Part 1: Deep Dive into the Criminal Underground Network on Telegram

Security Boulevard

On the surface Telegram may seem like just another instant messaging app, but when you dig deep, the reality couldn't be more different. The post Dark Web Threat Intelligence Part 1: Deep Dive into the Criminal Underground Network on Telegram appeared first on Security Boulevard.