Thu.Oct 20, 2022

article thumbnail

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.

article thumbnail

Incomplete ransomware strategies still dog organizations

Tech Republic Security

A new report from Zerto finds that only half of the companies surveyed focus on both recovery and prevention. The post Incomplete ransomware strategies still dog organizations appeared first on TechRepublic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US Savings Bonds Offer A Great Deal: But The Treasury’s Site To Purchase Them Offers Questionable Security

Joseph Steinberg

For the next few days, US Savings Bonds offer a tremendous deal for Americans seeking to park their cash for at least a year – people can lock in a rate of 9.62% interest for the next six months by purchasing inflation-adjusted type “I” bonds; a rate of nearly ten percent is several times higher than most competing ways to save money in a government-guaranteed account or instrument.

Passwords 130
article thumbnail

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) posing as a LinkedIn-based job application.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Internet connectivity worldwide impacted by severed fiber cables in France

Bleeping Computer

A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. [.].

Internet 143
article thumbnail

Domestic Kitten campaign spying on Iranian citizens with new FurBall malware

We Live Security

APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware masquerading as an Android translation app. The post Domestic Kitten campaign spying on Iranian citizens with new FurBall malware appeared first on WeLiveSecurity.

Malware 137

More Trending

article thumbnail

96% of companies report insufficient security for sensitive cloud data

CSO Magazine

The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA). The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations.

133
133
article thumbnail

Australian Population Counting Faces consistent Cyber Threats

CyberSecurity Insiders

Australian Bureau of Statistics has made an official confirmation that it has defended its IT infrastructure from over a billion cyber-attacks. Dr David Gruen, a senior statistician, confirmed the news and added that the digital abuse on ABS was being carried since 2016, when a massive distributed denial of service attack led to downtime of digital census board for well over 40 hours.

article thumbnail

Microsoft Data Breach Exposes Customers’ Sensitive Information

Heimadal Security

Microsoft confirms that they have been the victim of a data breach, which allowed threat actors to gain access to the personal information of some customers. The cause of the breach seems to be a misconfigured Microsoft server accessible over the Internet, security researchers claim. Details on the Breach In a statement released on October […].

article thumbnail

Businesses shift toward compliance as code

CyberSecurity Insiders

By Prashanth Nanjundappa, VP of Product Management, Progress. The Need for Compliance. The need for security is well understood by almost every business. If data and systems aren’t secure, they could be compromised and important information could end up in the hands of bad actors. The job of security teams is to put in place a secure architecture that defends against all different kinds of threats.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

BlueBleed: Microsoft confirmed data leak exposing customers’ info

Security Affairs

Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar which notified the IT giant on September 24, 2022. “On September 24, 2022, SOCRadar’s built-in Cloud Security Module detect

article thumbnail

Millions of.Git Folders from US, China and Germany, Exposed to the Public

Heimadal Security

1.9 million.git folders containing critical project data are open to the public, discovered the Cybernews research team. The exposed folders are located mainly in the US (31%), followed by China (8%) and Germany (6.5%). Git is a free and open-source distributed version control system (VCS) designed to coordinate work among programmers who create source […].

article thumbnail

Microsoft “BlueBleed” data breach: customer details and email content exposed

Graham Cluley

Microsoft says that it accidentally exposed sensitive customer data after failing to configure a server securely. But it's far from happy with the security researchers who told them about the problem.

article thumbnail

With Conti gone, LockBit takes lead of the ransomware threat landscape

CSO Magazine

The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source for ransomware spin-offs.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The State Of Cyber Security In Schools

Security Boulevard

As a school district, you have a responsibility to protect student data from unauthorized access. But with increasingly sophisticated hackers targeting the education sector at an unprecedented rate, cyber security isn’t so simple. You need to know exactly what security threats you’re up against, where your district may be vulnerable, and how you can better […].

Education 119
article thumbnail

Microsoft suffers data breach leaking sensitive customer information

CyberSecurity Insiders

Microsoft has suffered a data breach that leads to leak of sensitive information of some of its customers. The technical blunder reportedly occurred on September 24th of this year because of a configuration error that made the server accessible to everyone on the internet, albeit with some technical knowledge. Prima facie revealed that the free to access data wasn’t misused till date and all affected customers were notified about the incident in the first week of Oct’22.

article thumbnail

Health system data breach due to Meta Pixel hits 3 million patients

Bleeping Computer

Advocate Aurora Health (AAH), a 26-hospital healthcare system in the states of Wisconsin and Illinois, is notifying its patients of an unintentional data breach that impacts 3,000,000 individuals. [.].

article thumbnail

Cloud Security: The Shared Responsibility Model

eSecurity Planet

Cloud security builds off of the same IT infrastructure and security stack principles of a local data center. However, a cloud vendor offering provides a pre-packaged solution that absorbs some operational and security responsibilities from the customer. Exactly which responsibilities the cloud vendor absorbs depends upon the type of solution. While cloud security offerings provide a wide spectrum of choices, there are three generalized situations to compare against on-premises data centers: inf

Backups 112
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Healthcare system Advocate Aurora Health data breach potentially impacted 3M patients

Security Affairs

Healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The US-based hospital healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The company is notifying the impacted individuals. The healthcare system operates 26 hospitals in Wisconsin and Illinois.

article thumbnail

Careers in Cybersecurity: Cameron Mancini

Security Boulevard

The post Careers in Cybersecurity: Cameron Mancini appeared first on Fidelis Cybersecurity. The post Careers in Cybersecurity: Cameron Mancini appeared first on Security Boulevard.

article thumbnail

Financial losses to synthetic identity-based fraud to double by 2024

CSO Magazine

Losses to imposter scams based on synthetic identities—identities that only exist as figments in a credit reporting bureau’s records—will rise from a reported $1.2 billion in 2020 to $2.48 billion by 2024 in the US, according to an analysis published Thursday by identity verification vendor Socure. Synthetic identities became a common concern for businesses and financial institutions in the mid-2010s, Socure’s report said.

Scams 106
article thumbnail

Time to Accept the Risk of Open Source?

Security Boulevard

Time to Accept the Risk of Open Source? Where is the real risk? Accepting Open Source Risk. Accepting cybersecurity risk has become the norm for organizations. Even with extensive firewalls, IDS, email security, zero-trust, ransomware, identity threat, and business email compromise protection, attacks still have a substantial financial impact on organizations.

Risk 111
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Facebook Ad Campaigns hit by Malware

CyberSecurity Insiders

In February this year, Check Point researchers revealed that a new malware named ‘Ducktail’ was behind the Facebook (FB) employees who were taking care of ad campaigns and their motive was to take hold of the direct payments made to them by customers or to hijack the ad campaigns to place their advertisements. Now, a new campaign of similar type has emerged on the dark web and it is taking a step ahead in malevolent behavior as it is found stealing browser data, currency from cryptocurrency wall

Malware 105
article thumbnail

Open Compute Project Unveils Caliptra, a Silicon Root-of-Trust

Security Boulevard

Ubiquitous hardware security, whether a secure enclave or a fully trustable boot sequence, has long been a security goal. With the announcement of the Caliptra 0.5 specification today, the Open Compute Project Foundation (OCP) hopes to bring that vision closer to reality. The OCP Foundation is an industry collective that aims to bring open source. The post Open Compute Project Unveils Caliptra, a Silicon Root-of-Trust appeared first on Security Boulevard.

Mobile 105
article thumbnail

BrandPost: DDoS Threat Intelligence Report Reveals Troubling Attacker Behavior

CSO Magazine

If there’s one consistent quality shared by all cybercriminals, it’s they never fail to innovate to get what they want – whether that’s to spy; spread mayhem, or access sensitive corporate data, personal information, or lucrative financial details. This certainly holds true for our findings in the newest DDoS Threat Intelligence Report, which launches September 27, 2022.

DDOS 102
article thumbnail

AppSec Decoded: DevSecOps in a post-pandemic world

Security Boulevard

In this episode, we discuss the accelerated trends in DevSecOps and AppSec tools that can bridge the gap between security and dev teams. The post AppSec Decoded: DevSecOps in a post-pandemic world appeared first on Application Security Blog. The post AppSec Decoded: DevSecOps in a post-pandemic world appeared first on Security Boulevard.

Risk 105
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

World Famous Computer Hackers and What They're Doing Now

Mitnick Security

We can agree that one thing all hackers share is curiosity, but not all hackers are the same. There are different types of hackers. For example, black hat hackers (threat actors) exploit network vulnerabilities and attempt to make a profit to the detriment of businesses. These are the “bad guys” of the hacking world.

Hacking 98
article thumbnail

A Basis of Trust For the IoT

Security Boulevard

In the classic grandchild scam, a con artist poses as an elderly victim’s grandchild over the phone or even in person to get “financial support.” Such scams take advantage of the fact that human interaction in both private and professional settings is based on trust: Without trust, there would be no trade, no financial transactions, The post A Basis of Trust For the IoT appeared first on Security Boulevard.

IoT 98
article thumbnail

Attackers switch to self-extracting password-protected archives to distribute email malware

CSO Magazine

Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters. More recently, researchers have spotted a variation that uses nested self-extracting archives that no longer require victims to input the password. “This is significant because one of the most difficult obstacles threat actors face when conducting this type of spam campaign is to convince the target to open the archive using the provided password,”

article thumbnail

Google Launches GUAC Open Source Project to Secure Software Supply Chain

The Hacker News

Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain.

Software 103
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.