Joseph Steinberg

APRIL 21, 2022

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information. Data that must remain private simply cannot be readable by unauthorized parties – and that rule applies both when the relevant information is at rest on an internal server, in the cloud, or on some backup media, as well as when it is in transit over any form of network or other means of communicatio

Encryption 309

Encryption Cybersecurity Artificial Intelligence Backups 309

Schneier on Security

APRIL 21, 2022

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists.

Software 251

Software 251

Tech Republic Security

APRIL 21, 2022

Attackers are impersonating local credit unions to capture personal information and extract money, says Avanan. The post How phishing attacks are spoofing credit unions to steal money and account credentials appeared first on TechRepublic.

Phishing 171

Phishing Accountability 171

Bleeping Computer

APRIL 21, 2022

Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely. [.].

145

145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

APRIL 21, 2022

A release from the Cybersecurity Advisory outlines what organizations should be on the lookout for when it comes to a Russian cybersecurity attack. The post Cybersecurity Advisory warns of Russian-backed cyber threats to infrastructure appeared first on TechRepublic.

Cyber threats 134

Cyber threats Cybersecurity 134

Malwarebytes

APRIL 21, 2022

Twitter philanthropists are a controversial emergence on the social media platform. In essence, Twitter-based philanthropy is about incredibly rich people helping out those who need it. The help is random, and often focused around performing a task like listening to a podcast or simply retweeting something. Of course, not everyone can “win” and many, many people miss out.

Accountability 142

Accountability Scams Media Social Engineering 142

Malwarebytes

APRIL 21, 2022

Web scraping—the automated extraction of data from websites—has been around for a long time. Simultaneously cursed and praised, with nobody being able to quite land the decisive blow about whether it should be allowed, one way or another. This may have changed, thanks to a recent US appeals court ruling. A tangled web of scraped content. LinkedIn (and, by extension, Microsoft ) is not impressed with people or organisations scraping publicly available data from its site.

Phishing 136

Phishing Internet Internet Malware 136

Tech Republic Security

APRIL 21, 2022

An infamous North Korean state-sponsored threat actor is hitting several organizations in the blockchain and cryptocurrencies industries. Learn how to protect yourself. The post North Korea targeting blockchain, cryptocurrency companies appeared first on TechRepublic.

Cryptocurrency 119

Cryptocurrency 119

Dark Reading

APRIL 21, 2022

Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.

Ransomware 140

Ransomware 140

Bleeping Computer

APRIL 21, 2022

Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21. [.].

130

130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

APRIL 21, 2022

The skeptic in my head has been saying for years, “How can I measure security efficacy in the real world?” Here’s how. First, it is important to know that efficacy is measured by calculating the “proportionate reduction in risk.” In the case of COVID-19 vaccines , for example, that occurs when assessing the outcome of applying treatment to one population as compared to an untreated population.

Risk 130

Risk 130

CyberSecurity Insiders

APRIL 21, 2022

by Grace Lau – Director of Growth Content, Dialpad. As we write this, large companies are investing heavily in Metaverse real estate – and for very good reason. However, some are also concerned that the Metaverse is developing in a dangerously uncontrolled way. As such, Metaverse cybersecurity is a big topic at the moment. Here, we’ll take you through the situation as it stands for businesses, and predict some of the most important measures you can take to protect your business in the Metaverse.

Internet 124

Internet Internet Cybersecurity Scams 124

The State of Security

APRIL 21, 2022

Researchers have spotted that the TOR address used by the notorious REvil ransomware gang is now redirecting to a new website, with information about seemingly new attacks. Read more in my article on the Tripwire State of Security blog.

Ransomware 123

Ransomware Data breaches Malware 123

Security Boulevard

APRIL 21, 2022

The survey findings show the impact bot attacks have on businesses, the difficulty in detecting modern, intelligent bots and the impact it has on their customers. How prepared are you to fight the intelligent bot revolution? Owing to their evolving capabilities and growing digital presence, bots are becoming a headache for businesses. Proliferation in the […].

123

123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

APRIL 21, 2022

All the countries that are against Russia’s war on Ukraine, mainly the UK, US, Australia, Canada and New Zealand and collectively called as Five Eyes- have been warned about a major possible cyber attack from Russian Federation. So, all the national leaders from the above stated five countries are being urged to bolster the security of the IT infrastructure in their respective nations.

Cyber threats 122

Cyber threats Cyber Attacks Hacking Cybersecurity 122

CSO Magazine

APRIL 21, 2022

CISOs throughout the telecommunications industry are preparing their data protection programs for a 5G future that will fully arrive in three to five years. Today, consumers have noticed their cellular devices begin to market and show the 5G label. But the not-too-distant future brings 5G in a wide range of areas such as artificial/augmented reality, production monitoring and delivery via 5G drones, on-demand private 5G networks, and a wide variety of use cases.

Telecommunications 121

Telecommunications CISO Marketing Risk 121

CyberSecurity Insiders

APRIL 21, 2022

Vulnerability in Microsoft Exchange Servers is allowing hackers to deploy hive ransomware and other backdoors, including Cobalt Strike Beacon, having capabilities of stealing cryptocurrency from wallets and deploy crypto mining software. It is all happening because of ProxyShell Security issues where threat actors perform network reconnaissance to download payloads.

Ransomware 118

Ransomware Cryptocurrency Encryption Software 118

Security Boulevard

APRIL 21, 2022

When it comes to cybersecurity, more is not always better. As new solutions have emerged in response to rapidly evolving technology and increasingly sophisticated cyber attacks, SOCs have added tool after tool to their arsenals. The post Too Many Cooks in the Kitchen: Why You Need to Consolidate Your Cybersecurity Approach appeared first on Security Boulevard.

Cybersecurity 117

Cybersecurity Cyber Attacks Technology Cyber threats 117

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

APRIL 21, 2022

The Federal Bureau of Investigation (FBI) says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide, between November 2021 and March 2022. [.].

Ransomware 117

Ransomware 117

Security Affairs

APRIL 21, 2022

CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective against malicious traffic. Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) which is currently developed by Cisco. The software performs real-time traffic analysis and packet logging on Internet Protocol (IP) networks, protocol analysis, content searching and matching.

Engineering 116

Engineering Software Internet Internet 116

Bleeping Computer

APRIL 21, 2022

Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet. [.].

Hacking 130

Hacking Malware 130

Security Affairs

APRIL 21, 2022

A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets.

Hacking 113

Hacking Media Malware Cybersecurity 113

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

APRIL 21, 2022

If you go to the National Credit Union Administration (NCUA) website, the main page headline reads: “Current Geopolitical Events Increase Likelihood of Imminent Cyberattacks on Financial Institutions.” If you click through, they explain that the NCUA, CISA, the FBI, and…. The post How to Strengthen Your Credit Union Cybersecurity Program appeared first on LogRhythm.

Cybersecurity 113

Cybersecurity Network Security 113

CSO Magazine

APRIL 21, 2022

Enterprise choices for virtual private networks (VPNs) used to be so simple. You had to choose between two protocols and a small number of suppliers. Those days are gone. Thanks to the pandemic, we have more remote workers than ever, and they need more sophisticated protection. And as the war in Ukraine continues, more people are turning to VPNs to get around blocks imposed by Russia and other authoritarian governments, such as that shown by Cloudflare’s data on VPN usage.

VPN 112

VPN Government 112

CyberSecurity Insiders

APRIL 21, 2022

FBI has issued a ransomware attack alert to the agriculture sector in the United States as the current time seems to be the busiest for the said sector. Hackers are planning to hit a big blow to the agriculture sector to create production and supply shortages across the United States. As the law enforcement alerted the critical infrastructures like power, water and transit from malware attacks, the hackers might have shifted their focus towards the agriculture sector.

Ransomware 112

Ransomware Cyber threats Cyber Attacks Encryption 112

CSO Magazine

APRIL 21, 2022

Container and cloud security provider Sysdig has launched Risk Spotlight, a vulnerability prioritization tool based on runtime intelligence, designed to enable security teams to prioritize remediation — particularly regarding vulnerabiities related to container technology — without affecting development speed. While working with open-source packages, developers often bring associated vulnerabilities into their software environment that may not warrant immediate attention if they do not affect p

Technology 112

Technology Software Risk 112

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

APRIL 21, 2022

A Hive ransomware affiliate has been deploying multiple backdoors, including the Cobalt Strike beacon, on Microsoft Exchange servers that are vulnerable to ProxyShell security issues. As explained by my colleague, Cobalt Strike is a threat emulation software released in 2012 which can be used to deploy beacons on systems to simulate cyberattacks and test network […].

Ransomware 111

Ransomware Software Cybersecurity 111

Security Boulevard

APRIL 21, 2022

A recently released report from Mandiant is showing a decrease in dwell time but fears over cyber espionage efforts persist First the good news: Enterprises are learning about the security breaches that affect them sooner. The bad news? That earlier detection is partially due to a function of the nature of the attacks, including an. The post Mandiant Report: Intrusion Dwell Time Sees Decline appeared first on Security Boulevard.

Ransomware 109

Ransomware Malware Cybersecurity 109

CSO Magazine

APRIL 21, 2022

In a move demonstrative of international cooperation and partnership, the Five Eyes (United States, Australia, Canada, New Zealand, and United Kingdom) issued an alert giving a “comprehensive overview of Russian state-sponsored and cybercriminal threats to critical infrastructure.” The alert also includes remediation guidance, which CISOs will find of particular import.

CISO 109

CISO Cyber threats 109

Graham Cluley

APRIL 21, 2022

Security researchers at Kaspersky have released a free decryption tool that promises to recover files for organisations hit by the Yanlouwang ransomware, meaning they don't have to pay the ransom.

Ransomware 108

Ransomware Malware 108

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.