Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.

Malware 205

Malware DNS Architecture Hacking 205

Joseph Steinberg

JUNE 30, 2022

Nearly a decade ago, well before most people had first heard the term “fake news,” I wrote a piece for Forbes unlike any other piece I had ever written before. Since then, I have seen many Internet memes circulate that appear to convey a similar message. As the result of several recent incidents, however, I have decided to re-share the piece… SO, here you go… Written for Forbes – April 2013: Yesterday’s posting by a hacker of a false report that President Obama was injured by explosi

Internet 130

Internet Internet Artificial Intelligence Marketing 130

Tech Republic Security

JUNE 30, 2022

Most organizations surveyed by Titaniam have existing security prevention and backup tools, but almost 40% have still been hit by ransomware attacks in the last year. The post How traditional security tools fail to protect companies against ransomware appeared first on TechRepublic.

Ransomware 152

Ransomware Backups Encryption Cybersecurity 152

SecureList

JUNE 30, 2022

Following on from our earlier Owowa discovery , we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didn’t come back empty-handed… In 2021, we noticed a trend among several threat actors for deploying a backdoor within IIS after exploiting one of the ProxyLogon-type vulnerabilities within Microsoft Exchange servers.

Passwords 132

Passwords Backups Manufacturing Government 132

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 30, 2022

Kaspersky explores the ways hackers are able to confuse users through seemingly legitimate email templates. The post Have you ever found phishing emails confusing? You aren’t alone appeared first on TechRepublic.

Phishing 152

Phishing 152

Cisco Security

JUNE 30, 2022

The past few months have been chockfull of conversations with security customers, partners, and industry leaders. After two years of virtual engagements, in-person events like our CISO Forum and Cisco Live as well as the industry’s RSA Conference underscore the power of face-to-face interactions. It’s a reminder of just how enriching conversations are and how incredibly interconnected the world is.

Digital transformation 124

Digital transformation Data privacy Identity Theft Data breaches 124

eSecurity Planet

JUNE 30, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added PwnKit as a high-severity Linux vulnerability to its list of actively exploited bugs. Recorded as CVE-2021-4034 , with a CVSS score of 7.8/10, PwnKit was discovered by Qualys in November 2021 and can be used by hackers to gain full root control over major Linux distributions.

Hacking 123

Hacking Accountability Software Cybersecurity 123

Tech Republic Security

JUNE 30, 2022

This bundle provides a strong overview of the cybersecurity field. The post Get 15 hours of basic cybersecurity education online for just $29 appeared first on TechRepublic.

Education 148

Education Cybersecurity 148

Security Affairs

JUNE 30, 2022

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware , the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing the Hive ransomware integrated recovery tool.This recovery tool can recover Hive ransomware version 1 to version 4.” reads the announcement p

Ransomware 106

Ransomware Cybersecurity Encryption VPN 106

Tech Republic Security

JUNE 30, 2022

The attack campaign, possibly state-sponsored, went undetected for nearly two years while targeting SOHO routers to compromise remote workers. The post SOHO routers used as initial point of compromise in stealth attack campaign appeared first on TechRepublic.

146

146

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

JUNE 30, 2022

Amazon has patched a flaw in the Amazon Photos app which could have allowed an attacker to steal and use a user’s unique access token that verifies their identity across multiple Amazon APIs. That would give attackers access to a trove of information, since many of these APIs contain personal data, such as names, email addresses, and home addresses.

Software 106

Software Encryption Passwords Ransomware 106

Tech Republic Security

JUNE 30, 2022

The infamous ransomware-as-a-service group is offering money to researchers and hackers willing to share personal data for exploitation. The post LockBit ransomware gang promises bounty payment for personal data appeared first on TechRepublic.

Ransomware 140

Ransomware 140

Dark Reading

JUNE 30, 2022

It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.

111

111

Malwarebytes

JUNE 30, 2022

AMD is investigating the claim that the RansomHouse extortion group has its hands on more than 450GB of the company’s data. AMD’s breach revelation came to light after RansomHouse teased on Telegram about selling data belonging to a popular ‘three-letter company that starts with the letter ‘A’ The event crescendoed with the addition of AMD to the group’s data leak site.

Passwords 103

Passwords Password Management Accountability Authentication 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Naked Security

JUNE 30, 2022

Latest episode - listen and read now! Use our advice to advise your own friends and family. let's all do our bit to stand up to scammers!

Cryptocurrency 118

Cryptocurrency 118

Cisco Security

JUNE 30, 2022

Extended Detection and Response, or XDR, the cybersecurity topic that dominated the RSA conference 2022 show floor with multiple vendors, has been getting a lot of attention lately, and for good reason. A connected, unified approach to detection and response promises to give security professionals all the tools and capabilities they need to address the ever-growing attack surface.

Architecture 102

Architecture Threat Detection Cybersecurity 102

Appknox

JUNE 30, 2022

Social media is both a boon and a bane. While it has connected billions of people, made them more accessible, and created more possibilities for the end-users. There's no doubt that it has also made them more susceptible to security threats and vulnerabilities. According to We Are Social , there are around 4.62 billion active social media users worldwide.

Media 102

Media Phishing 102

Graham Cluley

JUNE 30, 2022

Popular NFT marketplace OpenSea has warned users that they might be targeted with phishing attacks following a data breach that exposed the email addresses of its users and newsletter subscribers.

Data breaches 105

Data breaches Phishing 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

JUNE 30, 2022

If the promise of a cash prize in return for answering a few questions sounds like a deal that is too good to be true, that’s because it is. The post Costco 40th anniversary scam targets WhatsApp users appeared first on WeLiveSecurity.

Scams 102

Scams 102

Bleeping Computer

JUNE 30, 2022

OpenSea, the largest non-fungible token (NFT) marketplace, disclosed a data breach on Wednesday and warned users of phishing attacks that could target them in the coming days. [.].

Data breaches 98

Data breaches Phishing 98

The State of Security

JUNE 30, 2022

Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations. Read more in my article on the Tripwire State of Security blog.

Ransomware 99

Ransomware Malware 99

Bleeping Computer

JUNE 30, 2022

A newly discovered lightweight and persistent malware was used by attackers to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa. [.].

Malware 100

Malware Government 100

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

JUNE 30, 2022

An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.

98

98

Malwarebytes

JUNE 30, 2022

Mozilla released version 102.0 of the Firefox browser to Release channel users on June 28, 2022. The new version fixes 20 security vulnerabilities, five of which are classified as “High”. The new version also comes with a new privacy feature that strips parameters from URLs that track you around the web. Vulnerabilities. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database.

Advertising 98

Advertising 98

The Hacker News

JUNE 30, 2022

One of the commissioners of the U.S. Federal Communications Commission (FCC) has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "its pattern of surreptitious data practices.

Risk 98

Risk 98

Security Boulevard

JUNE 30, 2022

Cybersecurity awareness is an ongoing process of educating employees about the threats that lurk in cyberspace and how to act responsibly. Learn more. The post Cybersecurity Awareness: Definition, Importance, Purpose and Challenges appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Education 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

eSecurity Planet

JUNE 30, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is recommending that government agencies and private organizations that use Microsoft’s Exchange cloud email platform migrate users and applications to Modern Auth before Basic Auth is deprecated in October. CISA noted that Basic authentication is simple and pretty convenient but unsecured by design.

Authentication 98

Authentication Government Passwords Cybersecurity 98

Security Boulevard

JUNE 30, 2022

A deep dive into SYN Ventures and the rise of specialist venture capital funds within the cybersecurity ecosystem. The post SYN Ventures and the Specialization of Cybersecurity Venture Capital appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Mitnick Security

JUNE 30, 2022

Although vulnerability scans and assessments are crucial for maintaining a strong cybersecurity posture, penetration testing goes beyond the routine to thoroughly test your organization against potential security threats.

Penetration Testing 97

Penetration Testing Cybersecurity 97

Security Boulevard

JUNE 30, 2022

Welcome to the The Week in Cybersecurity, which brings you the latest headlines from both the world and our team at ReversingLabs about the most pressing topics in cybersecurity. This week: International relations intersects with cybersecurity, learn how to leverage YARA rules, plus new developments on AstraLocker 2.0. . The post The Week in Cybersecurity: NATO creates cyber rapid response appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.