Thu.Jul 28, 2022

article thumbnail

New UFEI Rootkit

Schneier on Security

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.

Firmware 291
article thumbnail

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by sec

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google delays removal of third-party cookies in Chrome through 2024

Tech Republic Security

The search giant explained that it pushed back its timeline once again because it needs more time for testing to ensure users’ online privacy is protected. The post Google delays removal of third-party cookies in Chrome through 2024 appeared first on TechRepublic.

Software 167
article thumbnail

Google ‘Delays Making Less Money’ — Third-Party Cookie Ban on Hold

Security Boulevard

Google’s plan to kill third party cookies is delayed—yet again. And it’s probably not surprising. The post Google ‘Delays Making Less Money’ — Third-Party Cookie Ban on Hold appeared first on Security Boulevard.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How attackers are adapting to a post-macro world

Tech Republic Security

Since Microsoft’s shutdown of macros in Office apps, attackers are using container file types to deliver malware in one of the largest threat landscape shifts in recent history. The post How attackers are adapting to a post-macro world appeared first on TechRepublic.

Malware 156
article thumbnail

Holy Ghost’s Bargain Basement Approach to Ransomware

Digital Shadows

Recent reporting from Microsoft has shone light on the “HolyGhost” ransomware group, a cybercriminal outfit originating from North Korea. While. The post Holy Ghost’s Bargain Basement Approach to Ransomware first appeared on Digital Shadows.

More Trending

article thumbnail

Kansas MSP shuts down cloud services to fend off cyberattack

Bleeping Computer

A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. [.].

141
141
article thumbnail

Protect your business from cybercrime with this dark web monitoring service

Tech Republic Security

Save money and save your information from falling into the wrong hands with the InsecureWeb Dark Web Monitoring platform. The post Protect your business from cybercrime with this dark web monitoring service appeared first on TechRepublic.

article thumbnail

$10 million reward offered for information on North Korean hackers

The State of Security

A $10 million reward is being offered for information leading to the identification or location of hackers working with North Korea to launch cyber attacks on US critical infrastructure. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Auto-launching HiddAd on Google Play Store found in more than 6 million downloads

Quick Heal Antivirus

HiddenAd or HiddAd are icon-hiding adware applications. The prime motive of HiddAd is to generate revenue through aggressive. The post Auto-launching HiddAd on Google Play Store found in more than 6 million downloads appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Adware 124
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How Are Hackers Targeting Your Devices Through Bluetooth?

Identity IQ

How Are Hackers Targeting Your Devices Through Bluetooth? IdentityIQ. Bluetooth is a widely used, convenient technology included on just about every smartphone, tablet, and laptop computer these days. You can use it to share files, play media and more with only a wireless connection. But just like with unsecured Wi-Fi networks , hackers can target your Bluetooth-enabled devices to steal personal data , install malware or spam you with messages.

article thumbnail

Citibank, Bank of America, Capital One, and others Targeted by ‘Robin Banks’ PhaaS

Heimadal Security

A brand-new Phishing-as-a-Service (PhaaS) platform known as “Robin Banks” has been developed, providing ready-made phishing tools intended to trick customers of reputable financial institutions and online services. Among the targeted organizations are: Citibank Bank of America Capital One Wells Fargo PNC S. Bank Lloyds Bank the Commonwealth Bank in Australia Santander Moreover, the recently launched […].

Banking 108
article thumbnail

Akamai blocked the largest DDoS attack ever on its European customers

Security Affairs

This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai customer in Eastern Europe that was targeted 75 times in the past 30 days with multiple types of DDoS attacks, including UDP, UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood

DDOS 111
article thumbnail

Twitter user data sold for $30k on dark selling forum

CyberSecurity Insiders

A Twitter user named ‘Devil’ has announced the sale of information related to over 5.4 million twitter users siphoned from the social media firm’s database in January this year. In one tweet, the hacker said that the data was stolen after exploiting a vulnerability on the company’s systems. Microblogging website reacted to the news and released a press statement that it is busy investigating the incident and assured to release more details about the incident as soon as the investigation gets ove

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Ransom payments fall as fewer victims choose to pay hackers

Bleeping Computer

Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. [.].

article thumbnail

FIN7 now enters ransomware as a service business

CyberSecurity Insiders

FIN7, a noted group of cyber criminals, has slowly taken up ransomware-as-a-service because it is proving profitable to most. The organization that has the reputation of making around $1.3 billion by cyber attacking over 100 companies across the world has also emerged as a threat group in recent times. Cybersecurity researchers from Mandiant revealed that FIN7 used to fund operations related to REvil, Darkside, BlackMatter and BlackCat till date.

article thumbnail

TSA Issues Directive to Prevent Another Colonial Pipeline Attack

Security Boulevard

Following months of pushback from private industry, the Transportation Security Administration (TSA) reissued a revised version of its cybersecurity directive for oil and natural gas pipeline owners and operators. The directive follows the May 2021 ransomware attack on Colonial Pipeline. That attack impacted fuel transformation and caused widespread disruption to fuel availability.

article thumbnail

Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default

The Hacker News

With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The Hacker News.

103
103
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Malicious npm packages steal Discord users’ payment card info

Bleeping Computer

Multiple npm packages are being used in an ongoing malicious campaign dubbed LofyLife to infect Discord users with malware that steals their payment card information. [.].

Malware 115
article thumbnail

Radioactivity monitoring and warning system hacked, disabled by attackers

Malwarebytes

The Spanish police arrested two people under the accusation of tampering with the Red de Alerta a la Radiactividad (RAR). The RAR is part of the Spanish national security systems and in use to monitor gamma radiation levels across the country. The network is managed, operated and maintained by the General Directorate of Civil Protection and Emergencies (DGPCE) of the Ministry of internal affairs.

Hacking 96
article thumbnail

Malware on IBM Power Systems: What You Need to Know

The State of Security

Malware – what are the threats? Malware can come from and in a variety of attack vectors. Besides using ‘traditional’ methods of spreading malware, adversaries can leverage more sophisticated methods to turn your Power System into a ‘malware host’. The key target is your data. Data is valuable, and organisations have paid at least $602 […]… Read More.

Malware 101
article thumbnail

“Orwellian in the extreme” food store installs facial recognition cameras to stop crime, faces backlash

Malwarebytes

A convenience shop chain is under fire and facing legal charges for installing cameras with facial recognition software in 35 of its branches across the UK. The cameras analyze and convert video face captures into biometric data. The data is compared with a database of people who have committed crimes in the shop, such as theft or violent behavior. Southern told the BBC that it only placed cameras in shops where there is a history of crime.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

What is Cyber-Essential Patch Compliance?

Heimadal Security

Whilst the need for patching is irrefutable, more than often sysadmins are being confronted with the notion of ‘compliance’ and the chicken-or-the-egg dilemma that goes along with it – what comes first? Patching or compliance? Since patch compliance is a hot topic these days, in this article we’re going to go over the topic and […]. The post What is Cyber-Essential Patch Compliance?

96
article thumbnail

Patch Now: Atlassian Confluence Bug Under Active Exploit

Dark Reading

Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.

99
article thumbnail

Not-So-Secret Service: Text Retention and Deletion Policies

Security Boulevard

Recent news reports indicate that the United States Secret Service, as part of a hardware replacement policy for agents’ phones, allowed individual agents to wipe all of the data from their devices, and failed to preserve text messages as required both by federal law and pursuant to demands from both Congress and the USSS’s oversight. The post Not-So-Secret Service: Text Retention and Deletion Policies appeared first on Security Boulevard.

Mobile 98
article thumbnail

In a Post-Macro World, Container Files Emerge as Malware-Delivery Replacement

Dark Reading

With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections.

Malware 99
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

The SMB Guide to Cyber Resilience | Avast

Security Boulevard

Cybersecurity is a subject on the minds of many business owners these days. Stories of serious customer data breaches are becoming almost routine. The post The SMB Guide to Cyber Resilience | Avast appeared first on Security Boulevard.

article thumbnail

As Microsoft blocks Office macros, hackers find new attack vectors

Bleeping Computer

Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments. [.].

article thumbnail

ESG Technical Review of the Gurucul Security Analytics and Operations Platform

Security Boulevard

ESG Technical Review of the Gurucul Platform Enterprise Strategy Group (ESG) evaluated the Gurucul Security. The post ESG Technical Review of the Gurucul Security Analytics and Operations Platform appeared first on Gurucul. The post ESG Technical Review of the Gurucul Security Analytics and Operations Platform appeared first on Security Boulevard.

Risk 98
article thumbnail

Akamai blocked largest DDoS in Europe against one of its customers

Bleeping Computer

The largest distributed denial-of-service (DDoS) attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe. [.].

DDOS 111
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.