Schneier on Security

FEBRUARY 18, 2021

The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers.

Information Security 258

Information Security 258

Tech Republic Security

FEBRUARY 18, 2021

In a webinar Wednesday, former US Homeland Security director Christopher Krebs also suggested organizations have COVID workforce coordinators and that cloud mail providers activate MFA by default.

Cybersecurity 194

Cybersecurity 194

Schneier on Security

FEBRUARY 18, 2021

Virginia is about to get a data privacy law , modeled on California’s law.

Data privacy 194

Data privacy 194

Bleeping Computer

FEBRUARY 18, 2021

Attackers are abusing Google's Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online. [.].

143

143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

FEBRUARY 18, 2021

Oracle Corp. stands accused of selling analytics to Chinese police forces that’s being used to hunt down political dissidents and lock up Uyghur Muslims. The post Oracle is Said to Help China Find Dissidents and Jail Minorities appeared first on Security Boulevard.

Social Engineering 142

Social Engineering Surveillance Engineering Risk 142

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, its name comes from the name of a Linux daemon called watchdogd.

Cryptocurrency 139

Cryptocurrency Hacking Accountability Software 139

We Live Security

FEBRUARY 18, 2021

The first instance of malicious code native to Apple Silicon M1 Macs emerged a month after the release of devices equipped with the company’s in-house CPUs. The post Malware authors already taking aim at Apple M1 Macs appeared first on WeLiveSecurity.

Malware 133

Malware 133

Bleeping Computer

FEBRUARY 18, 2021

Microsoft announced today that the SolarWinds hackers could gain access to source code for a limited amount of components used by Azure, Intune, and Exchange. [.].

141

141

The Hacker News

FEBRUARY 18, 2021

One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors.

Malware 127

Malware Software 127

CyberSecurity Insiders

FEBRUARY 18, 2021

Kia Motors America is experiencing a nationwide outage because of a ransomware attack and confirmed sources say that the car maker was targeted by DoppelPaymer gang that is demanding $20 million to decrypt the database. In a media update released early this morning, the South Korean company stated that the nationwide IT outage resulted in disruption of services related to payment systems, UVO Link app, phone services, owner portal, internal sites and dealership link.

Ransomware 128

Ransomware Media Encryption Authentication 128

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

FEBRUARY 18, 2021

While there are undoubtedly many major challenges within the world of cybersecurity, one of the principal roadblocks to the implementation of effective data security is the lack of skilled cybersecurity practitioners. In a November 2019 report, the International Information System Security Certification Consortium, (ISC)² suggested that the cybersecurity workforce needs to increase by 62 percent […].

Cybersecurity 127

Cybersecurity 127

Quick Heal Antivirus

FEBRUARY 18, 2021

Cyberpunk 2077 has been one of the most anticipated releases in gaming history. In development since 2012 and. The post Ransomware attacks erupt via Cyberpunk 2077 appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Ransomware 127

Ransomware 127

Security Boulevard

FEBRUARY 18, 2021

Jamaica just experienced a massive data breach that exposed the immigration and COVID-19 records of hundreds of thousands of people who visited the island over the past year. Much of the information found on the exposed server was from Americans. … Read more. The post Hundreds of Thousands Immigration and COVID Records Exposed in Jamaica appeared first on DivvyCloud.

Data breaches 125

Data breaches 125

The State of Security

FEBRUARY 18, 2021

The United States Department of Justice has charged three North Korean computer programmers with a range of cyber attacks that made headlines around the world. The men – 31-year-old Jon Chang Hyok, Kim Il, 27, and 36-year-old Park Jin Hyok – are alleged to have been part of North Korea’s Reconnaissance General Bureau (RGB), known […]… Read More.

Cyber Attacks 123

Cyber Attacks 123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

FEBRUARY 18, 2021

The injection of sophisticated malware into SolarWinds software was attributed to Russian Intelligence. An unrelated attack, made possible by exploiting a vulnerability in SolarWinds software, is being attributed to Chinese hackers. Periodically, other breaches are attributed to North Korean and Iranian hackers. However, nations do not often admit to being behind hacking activities.

Cybercrime 123

Cybercrime Software Hacking Malware 123

Identity IQ

FEBRUARY 18, 2021

With the digital world now deeply rooted in the fabric of society, we are increasingly living double lives. There is our immediate, physical existence – and there is our digital identity. Most people are more familiar with the first. But as our information and behavior go digital, a more complete picture of who we are emerges. In a nutshell, your digital identity encompasses all the information that exists about you in digital form.

Identity Theft 119

Identity Theft Passwords Data breaches Scams 119

Hot for Security

FEBRUARY 18, 2021

In tax-related fraud, a criminal files a tax return in your name, using your stolen personal information, including your Social Security number. Here we reveal some of the most common tactics and fake documents fraudsters use to trick people. Here are some of the signs you might be a victim of financial theft: You get a letter from the IRS inquiring about a suspicious tax return you did not file.

Identity Theft 119

Identity Theft Accountability 119

The Hacker News

FEBRUARY 18, 2021

The U.S. Department of Justice (DoJ) on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses.

Cryptocurrency 117

Cryptocurrency 117

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

FEBRUARY 18, 2021

As 2020 wound to a close, the year’s end marked a major milestone in strengthening the security of Internet of Things (IoT) devices and systems. In December, the IoT Cybersecurity Improvement Act was signed into law, raising the priority of cybersecurity across a variety of industries and use cases. The new law is designed to. The post New IoT Legislation Means Advance Planning is Key appeared first on Security Boulevard.

IoT 113

IoT Internet Internet Cybersecurity 113

SC Magazine

FEBRUARY 18, 2021

A graph representing the NIST Phish Scale scoring methodology. (NIST). Officials from the National Institute of Standards and Technology (NIST) this week teased future improvements to the agency’s recently introduced “Phish Scale” measurement system, which helps companies determine whether phishing emails are hard or easy for their employees to detect.

Phishing 114

Phishing Mobile Security Awareness Media 114

CSO Magazine

FEBRUARY 18, 2021

As the threat landscape continues to evolve, security environments grow in complexity, and the skills gap widens, security teams need to come up with new ways to increase efficiency and productivity in order to keep up. One such way is through security automation, which empowers security teams to focus on high-impact initiatives by eliminating excess noise, reducing low-brain high-time tasks, and increasing alert fidelity.

113

113

Threatpost

FEBRUARY 18, 2021

A malicious adware-distributing application specifically targets Apple's new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.

Adware 118

Adware Malware Mobile 118

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

PCI perspectives

FEBRUARY 18, 2021

Today, the PCI Security Standards Council (PCI SSC) published version 1.1 of the PCI Secure Software Lifecycle (SLC) Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software Security Framework (SSF). It provides security requirements and assessment procedures for software vendors to integrate into their software development lifecycles and to validate that secure lifecycle management practices are in place.

Software 111

Software 111

Bleeping Computer

FEBRUARY 18, 2021

The Federal Bureau of Investigation (FBI) has warned of the harsh consequences of telephony denial-of-service (TDoS) attacks and has also provided the steps needed to mitigate their impact. [.].

109

109

Graham Cluley

FEBRUARY 18, 2021

Facebook - angry that the Australian government wants it and other tech giants to pay for content reposted from media outlets - has blocked users in Australia from sharing or viewing news content on the platform. And in characteristic style, they've made a right pig's ear of it. The drongos.

Media 111

Media Government 111

SC Magazine

FEBRUARY 18, 2021

Along with the Pirrit Mac adware identified earlier this week, researchers from Red Canary identified Thursday a different malware strain (Jon Rawlinson/CC BY 2.0)). In just three months, hackers have debuted at least two strains of malware designed to attack Apple’s new M1 chip. Noted Mac security researcher Patrick Wardle published a blog Feb. 14 noting that a Safari adware extension that was originally written to run on Intel x86 chips was revamped to run on the new M1 chips.

Malware 109

Malware Adware VPN Architecture 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

FEBRUARY 18, 2021

NVIDIA is purposely crippling the Ethereum mining power of their upcoming GeForce RTX 3060 GPU by 50% to increase inventory for gamers. [.].

121

121

SC Magazine

FEBRUARY 18, 2021

Law enforcement officials from Ukraine, France and the U.S. this month cracked down on the Egregor ransomware gang, shutting down its leak website, seizing computers and arresting individuals who are allegedly linked to ransomware attacks that netted $80 million in illicit profits from more than 150 victimized companies. Early reports indicated that the apprehended suspects are affiliates who allegedly purchased access to the Egregor ransomware-as-a-service (RaaS) on the dark web, agreeing to sh

Ransomware 108

Ransomware Cybercrime Media Cyber threats 108

Security Boulevard

FEBRUARY 18, 2021

New Capital Positions Company for Accelerated Growth in Access Control Management for On-Prem and Cloud Environments; Increases Functionality Across IAM and Expands Managed Service Capabilities Hoboken, New Jersey – February 18, 2021 – SPHERE, a woman-owned cybersecurity business focused on providing best-of-breed software and services for access governance across data, platforms and applications, today.

Government 104

Government Software Cybersecurity 104

SC Magazine

FEBRUARY 18, 2021

The Apple M1 chip. (Apple). Apple released substantial updates Thursday to its Platform Security Guide – the first revision since April, and the first in the era of Apple’s self-designed M1 chips. The guide is traditionally a critical resource to anyone researching or wrangling security on Apple products, with the most thorough official explanation of product security capabilities.

Computers and Electronics 105

Computers and Electronics Adware Passwords Media 105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.