Schneier on Security

MARCH 1, 2021

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

Risk 357

Risk Government Marketing Software 357

Troy Hunt

MARCH 1, 2021

I'm pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT , now has full and free access to query their government domains across the entire scope of data in HIBP. This is now the 12th government onboarded to HIBP and I'm very happy to see the Portuguese join their counterparts in other corners of the world.

Government 338

Government 338

Anton on Security

MARCH 1, 2021

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… This is about the Security Operations Center (SOC). And automation. And of course SOC automation. Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today. Or, as my esteemed colleague said, “Stop Trying To Take Humans Out Of Security Operations.

Information Security 246

Information Security Malware Cybersecurity 246

Tech Republic Security

MARCH 1, 2021

Remote employees have engaged in certain risky behaviors, such as storing sensitive data, using inappropriate admin access and failing to update software, says Tanium.

Software 210

Software 210

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

MARCH 1, 2021

Data Beyond Borders: The Schrems II Aftermath. divya. Tue, 03/02/2021 - 07:06. On July 16, 2020 the Court of Justice of the European Union issued the Schrems II decision in the case Data Protection Commission v. Facebook Ireland. That decision invalidates the European Commission’s adequacy decision for the EU-U.S. Privacy Shield Framework, on which more than 5,000 U.S. companies rely to conduct trans-Atlantic trade in compliance with EU data protection rules.

Government 142

Government Marketing Encryption Accountability 142

Tech Republic Security

MARCH 1, 2021

Resist the lure of catching up with award nominees by trolling for free views. Free, when offered by bad actors, could end up costing you much more than it would for a one-time rental.

151

151

Hot for Security

MARCH 1, 2021

Gab, the Twitter-like social networking service known for its far-right userbase, has reportedly been hacked - putting more than 40 million public and private posts, messages, as well as user profiles and hashed passwords, at risk of exposure. Read more in my article on the Hot for Security blog.

Passwords 145

Passwords Risk Hacking Data breaches 145

Bleeping Computer

MARCH 1, 2021

Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. [.].

145

145

CyberSecurity Insiders

MARCH 1, 2021

As per the document ‘Mobile Malware Evolution 2020’ document released by Kaspersky, the online banking services have become prime targets to those spreading Mobile Adware. And the threat report says that hackers are now focusing on improving the quality of adware, rather than raising their victimizing scope with mass attacks. Among the most popular adware witnessed in 2020, Ewind followed by FakeAdBlocker remained as the leading malware families in the past year, followed by HiddenAd malware.

Adware 141

Adware Banking Mobile Firmware 141

Bleeping Computer

MARCH 1, 2021

Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. [.].

Passwords 142

Passwords 142

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MARCH 1, 2021

A man in the middle attack (MITM attack) is executed when a hacker secretly intercepts an online communication. The attacker can silently eavesdrop on the conversation, steal information, or alter the content of. The post What is a Man-in-the-Middle Attack? Detection and Prevention Tips appeared first on Indusface. The post What is a Man-in-the-Middle Attack?

Data breaches 141

Data breaches 141

CSO Magazine

MARCH 1, 2021

Mobile security is at the top of every company's worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, a trend that's grown even more prominent thanks to the ongoing global pandemic. The vast majority of devices interacting with corporate data are now mobile, in fact — some 60%, according to Zimperium — and that number is only bound to keep climbing as the world acclimates to our new remote-work reality. [ Learn how SandBlast Mobile

Mobile 137

Mobile CSO 137

Security Boulevard

MARCH 1, 2021

In celebration of this year’s International Women’s Day, we look at ways to challenge today’s workforce to build a more gender-equal world. The post Take the #ChooseToChallenge pledge for International Women’s Day appeared first on Software Integrity Blog. The post Take the #ChooseToChallenge pledge for International Women’s Day appeared first on Security Boulevard.

Software 136

Software 136

SecureList

MARCH 1, 2021

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. The year in figures. In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. Trends of the year.

Mobile 134

Mobile Malware Adware Banking 134

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MARCH 1, 2021

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…. This is about the Security Operations Center (SOC). And automation. And of course SOC automation. Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today. Or, as my esteemed colleague said, “Stop Trying To Take Humans Out Of Security Operations.”.

Information Security 134

Information Security Malware Cybersecurity Risk 134

Digital Shadows

MARCH 1, 2021

Note: This piece is a follow-up on our previous blog, Emotet Disruption: What it Means for the Cyber Threat Landscape, The post Cybercriminal Law Enforcement Crackdowns in 2021 first appeared on Digital Shadows.

Cyber threats 133

Cyber threats Cybercrime 133

Security Boulevard

MARCH 1, 2021

Europe displaced Asia to emerge as the overall top attacking region of 2020. Plunging economies and financial hardships in Europe forced a large number of desperate people towards fraud in order to make ends meet The coronavirus pandemic has damaged the global economy and caused financial hardships to millions of people around the globe. People […].

129

129

SC Magazine

MARCH 1, 2021

Pictured: a computer lab running on a network. (ProjectManhattan, CC BY-SA 3.0 [link] , via Wikimedia Commons). Virtual private networks have been around for decades, but the past year forced many organizations to expand their use to keep up with growing telework trends. In response, criminal and state-backed hacking groups stepped up their own exploitation of the technology as well.

VPN 128

VPN Technology Marketing Architecture 128

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MARCH 1, 2021

As more medical devices connect to the Internet, the role of cybersecurity in the health care sector has never been more critical. Unfortunately, a survey of 50 senior executives at U.S. Fortune 1000 companies found only 18% of respondents believed the security capabilities embedded within medical devices was strong. In the survey, published by Irdeto, The post Survey Finds Low Confidence in Medical Device Security appeared first on Security Boulevard.

Internet 129

Internet Internet Cybersecurity Healthcare 129

Dark Reading

MARCH 1, 2021

How's your 'Probiv'? How about customer service? Here's how Dark Web forums connect cybercriminals looking for talent with those looking for work -- and which skills are hot right now.

Cybercrime 125

Cybercrime 125

Bleeping Computer

MARCH 1, 2021

Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million. [.].

Ransomware 136

Ransomware 136

We Live Security

MARCH 1, 2021

While the trackers in LastPass’ Android app don’t collect any personal data, the news may not sit well with some privacy-minded users. The post Popular password manager in the spotlight over web trackers appeared first on WeLiveSecurity.

Password Management 123

Password Management Passwords 123

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

MARCH 1, 2021

The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. [.].

Ransomware 122

Ransomware Malware Hacking 122

Heimadal Security

MARCH 1, 2021

You might have heard of the social network Gab after the dramatic incidents that took place on the 6th of January in the USA. DDoSecrets stated that JaXpArO and My Little Anonymous Revival Project, a hacktivist, has siphoned over 70 GB of data out of Gab’s backend databases to expose the platform’s largely rightwing users. […]. The post Gab Platform Hacked by Activist Group DDoSecrets appeared first on Heimdal Security Blog.

Hacking 118

Hacking Data breaches Cybersecurity 118

Bleeping Computer

MARCH 1, 2021

A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server. [.].

Data breaches 119

Data breaches 119

Security Boulevard

MARCH 1, 2021

Even if you haven’t used any Governance, Risk and Compliance (GRC) software yourself, you’re likely familiar with this. Read More. The post Many Businesses Have GRC Software, Yet Most Still Struggle to Manage IT Risks Consistently appeared first on Hyperproof. The post Many Businesses Have GRC Software, Yet Most Still Struggle to Manage IT Risks Consistently appeared first on Security Boulevard.

Risk 118

Risk Software Government CISO 118

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

MARCH 1, 2021

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech. In January, the New York Times exposed a public harassment campaign likely waged by one woman against the family of her former employer.

Internet 115

Internet Internet Government Malware 115

Security Affairs

MARCH 1, 2021

The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. Experts from Sophos documented the evolution of the “Gootloader,” the framework used for delivering the Gootkit RAT banking Trojan. The framework was improved to deploy a wider range of malware, including ransomware payloads. “In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware it

Malware 114

Malware Ransomware Engineering Data breaches 114

SC Magazine

MARCH 1, 2021

Developers often don’t properly in secure coding, leading to incorrect fixes for flaws. Here, a group of developers observe a presentation. (Michael Kappel/ CC BY-NC 2.0 ). Broken access control and broken object level authorizations vulnerabilities have proven the most difficult to fix, while fixes for command injection and SQL injection flaws are most often incorrect.

Education 113

Education Media Marketing Software 113

Security Affairs

MARCH 1, 2021

ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection. ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users. The settlement has yet to be approved by a federal judge. The Chinese firm was accused to have failed to get the users’ consent to collect data in compliance with the Illinois biometric privacy law.

Data collection 112

Data collection Hacking Information Security Malware 112

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.