Fri.Mar 11, 2022

article thumbnail

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians. John Todd is general manager of Quad9 , a free “anycast” DNS platform.

DNS 253
article thumbnail

Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps

Tech Republic Security

Developers are exploring new tools and methodologies to ensure the next log4j doesn’t happen. Will it work? The post Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps appeared first on TechRepublic.

Software 213
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ubisoft confirms 'cyber security incident', resets staff passwords

Bleeping Computer

Video game developer Ubisoft has confirmed that it suffered a 'cyber security incident' that caused disruption to some of its services. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, also appears to be behind Ubisoft incident. [.].

Passwords 145
article thumbnail

Sophos vs. Kaspersky: Choosing the best antivirus program for your security needs

Tech Republic Security

Weigh the pros and cons of top antivirus options Kaspersky and Sophos to determine which one offers the features and safeguards your organization requires. The post Sophos vs. Kaspersky: Choosing the best antivirus program for your security needs appeared first on TechRepublic.

Antivirus 142
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Nearly 70% of ServiceNow instances leaking data

CSO Magazine

An error in the SaaS platform of an S&P 500 company is leaking data on the internet. News of the misconfiguration mistake found in nearly 70% of ServiceNow instances was reported Wednesday by AppOmni, a SaaS security provider. According to AppOmni, the misconfiguration resulted from a combination of customer-managed configurations and over-provisioning of permissions to guest users.

Internet 137
article thumbnail

Trend Micro Endpoint Encryption vs. Broadcom Symantec Endpoint Encryption

Tech Republic Security

Find out which endpoint protection product is right for your business. The post Trend Micro Endpoint Encryption vs. Broadcom Symantec Endpoint Encryption appeared first on TechRepublic.

More Trending

article thumbnail

Dell Data Protection vs. McAfee Complete Data Protection

Tech Republic Security

McAfee Complete Data Protection and Dell Data Protection both encrypt data to protect against loss, but the scope and complexity of the two products differ widely. The post Dell Data Protection vs. McAfee Complete Data Protection appeared first on TechRepublic.

article thumbnail

Operationalizing a “think like the enemy” strategy

CSO Magazine

Security professionals have always been told to “think like the enemy.” This philosophy could start with a series of questions like: How could an adversary gain a foothold in one of our systems? How would they circumvent our security controls? How would they find and exfiltrate our sensitive data? Armed with knowledge about what an adversary would do, security teams could then design countermeasures to impede or even stop the bad guys in the tracks.

article thumbnail

Crowdstrike Falcon vs. Avast: Endpoint security software

Tech Republic Security

If you're trying to decide on endpoint protection software for your business, these two options are good choices. Which one should you choose? Here is a comparison of the two. The post Crowdstrike Falcon vs. Avast: Endpoint security software appeared first on TechRepublic.

Software 125
article thumbnail

Kali Linux adds VM-like snapshot feature to bare-metal installs

Bleeping Computer

Offensive Security has announced its implementation of a file system snapshot in Kali Linux, a feature designed to add VM-like snapshotting to bare-metal installs. [.].

136
136
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

NordLocker vs. VeraCrypt

Tech Republic Security

Securing your data with encryption software is a key step in protecting yourself from cybercrime. The post NordLocker vs. VeraCrypt appeared first on TechRepublic.

article thumbnail

CISO Thoughts with David Lindner

Security Boulevard

Insight #1. The number one thing an organization can do today to help prevent the next major breach is to implement multi-factor authentication (MFA) on all things. According to research by Microsoft, MFA can block over 99.9 percent of account compromise attacks. The post CISO Thoughts with David Lindner appeared first on Security Boulevard.

CISO 126
article thumbnail

SaaS Security: How to Protect Your Enterprise in the Cloud

Heimadal Security

The SaaS architecture allows companies to focus on their core business while the third-party provider focuses on managing the security. Find out more about what software as a service model means and how you can efficiently protect your SaaS applications and implement cloud SaaS security. What Is Software as a Service? Software as a service […].

article thumbnail

Major Government Attack Highlights How Log4j is Still Unresolved

Security Boulevard

News of a major exploit using the Log4j vulnerability four months after its disclosure has been a painful reminder that the issue is still a serious problem. Reports are now linking China’s APT41 hacking group with breaching at least 6 U.S. state government networks and the situation may go from bad to worse. As reported by Venturebeat : The post Major Government Attack Highlights How Log4j is Still Unresolved appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

After striking Samsung and Nvidia, Lapsus$ Ransomware Group has this time targeted British Telecom firm Vodafone and Buenos Aires online marketplace MercadoLibre. Sources state that the hackers accessed a portion of the data from the company servers, respectively, and are demanding a large amount as ransom for the decryption key. Both the companies revealed the same in SEC filing and apologized for the incident and assured that such data breaches will never get repeated.

article thumbnail

Combat against smishing: Top 5

Tech Republic Security

Smishing isn’t a new teen craze you aren’t aware of, or something on Urban Dictionary you might regret looking up. Here's what you need to know about smishing. The post Combat against smishing: Top 5 appeared first on TechRepublic.

102
102
article thumbnail

Russia Force-Feeds new, ‘Trusted’ CA—Yeah, RIGHT

Security Boulevard

Websites in Russia can’t renew their TLS/HTTPS certs. Moscow’s solution is to create a new certificate authority. But the man-in-the-middle threat should be obvious. The post Russia Force-Feeds new, ‘Trusted’ CA—Yeah, RIGHT appeared first on Security Boulevard.

article thumbnail

Bringing Kenna Security into SecureX Orchestration

Cisco Security

For the past year, we’ve been working to develop and publish use cases for SecureX orchestration. To date, we’ve published 64 workflows that address a wide variety of use cases including automated investigation, automated response, incident promotion, and more. One of our newer use cases, number 53 , brings Kenna Security into the orchestration ecosystem.

Risk 111
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Funding and the Russia-Ukraine War: KYC for Crypto Transactions Proving Difficult

Security Boulevard

Click here for Flashpoint’s coverage of the role of intelligence in Russia’s war on Ukraine. Flashpoint analysts have uncovered 262 cryptocurrency addresses used in advertisements for donations to either Ukrainian or Russian causes related to the war since February 21, 2022. As the Russian invasion of Ukraine draws more need for financial contributions to fund military and […].

article thumbnail

Are Ukraine’s drone capabilities being throttled in Russia-Ukraine conflict?

CSO Magazine

Chinese drone producer DJI Global has been accused of limiting the capabilities of its AeroScope technology for the Ukrainian army, giving a significant air reconnaissance edge to Russian invaders amid the Russia-Ukraine conflict. The unconfirmed claims were made by a Twitter user on March 10. Volodymyr Shymanskyy, co-founder of Blynk IoT Platform, made the claims on Twitter.

IoT 109
article thumbnail

Anonymous hacked Roskomnadzor agency revealing Russian disinformation

Security Affairs

The Anonymous collective continues to launch attacks against Russian entities, this is a summary of recent offensives. Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. The agency is responsible for monitoring, controlling and censoring Russian mass media and according to Anonymous, it is controlling the disinformation campaign about the ongoing invasion of Ukraine.

Hacking 108
article thumbnail

Linux “Dirty Pipe” vulnerability gives unprivileged users root access

Malwarebytes

A vulnerability in the Linux kernel, nicknamed “Dirty Pipe”, allows an unprivileged user to overwrite data in read-only files. This can lead to privilege escalation as a result of unprivileged processes being able to inject code into root processes. If you’re not sure what that means but you think it sounds bad—you are correct! The vulnerability was found and explained in detail by Max Kellerman of CM4all.

Software 103
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Alleged Kaseya ransomware attacker arrives in Texas for trial

Naked Security

The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded.

article thumbnail

Spoofing: What It Is and How Can You Prevent It?

Heimadal Security

What Is Spoofing? Spoofing is a type of cyberattack that involves assuming a false identity and manipulating a victim into disclosing sensitive information or granting access to their device. Cybercriminals win a victim’s trust by claiming to be a trustworthy individual or company in order to steal their data or obtain access to their equipment. […].

article thumbnail

Russian defense firm Rostec shuts down website after DDoS attack

Bleeping Computer

Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "cyberattack." [.].

DDOS 115
article thumbnail

Proxy vs VPN – Differences and Advantages

Heimadal Security

VPNs and proxy servers are both technologies that allow you to keep your online activities private while browsing, sending emails, reading online messages, streaming video, or downloading files. However, each of these instruments operates in a unique manner. What Is a Proxy Server? Proxy servers function as a bridge between the website you’re accessing and […].

VPN 105
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

Security Affairs

Lapsus$ Ransomware gang is looking for insiders willing to sell remote access to major technology corporations and ISPs. Thursday, March 10, Lapsus$ ransomware gang announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM. Their scope of interests include – major telecommunications companies such as Claro, Telefonica and AT&T.

article thumbnail

Exchange Online Protection (EOP): What It Does, How It Works, Key Features and Limitations

Security Boulevard

Exchange Online Protection (EOP) helps protect against spam, malware and other email-based threats. Learn more about its features and limitations. The post Exchange Online Protection (EOP): What It Does, How It Works, Key Features and Limitations appeared first on Security Boulevard.

Malware 105
article thumbnail

HBO sued for sharing subscriber data with Facebook

Malwarebytes

HBO Max subscribers Angel McDaniel and Constance Simon filed a class-action lawsuit against HBO on Tuesday, alleging that the company has violated their privacy by sharing subscriber viewing data with Facebook. Bursor & Fisher filed the case on behalf of McDaniel and Simon. According to case documents , the suit asserts that HBO hands over customer lists to Facebook, which the social media company then uses to match customers’ viewing habits with their Facebook profiles.

IoT 96
article thumbnail

BazarBackdoor Malware Distributed via Corporate Website Contact Forms

Heimadal Security

Threat actors are employing a new technique and leveraging website contact forms instead of common phishing emails to deliver BazarBackdoor. This helps them bypass security software detection. What Is BazarBackdoor? BazarBackdoor is malware that lets hackers achieve remote access to an internal device. If successfully exploited, it will serve them as a way to move […].

Malware 100
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.