Tue.Nov 01, 2022

article thumbnail

Iran’s Digital Surveillance Tools Leaked

Schneier on Security

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summari

article thumbnail

3 inexpensive steps to secure IoT

Tech Republic Security

IoT devices can be openings for attackers, causing major disruptions to businesses. Follow these three steps to secure your IoT devices. The post 3 inexpensive steps to secure IoT appeared first on TechRepublic.

IoT 148
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Dropbox discloses breach after hacker stole 130 GitHub repositories

Bleeping Computer

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. [.].

Phishing 145
article thumbnail

APT trends report Q3 2022

SecureList

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 141
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

OpenSSL fixes two high severity vulnerabilities, what you need to know

Bleeping Computer

The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. [.].

article thumbnail

FBI/CISA Failed: Biden’s Ransomware Summit Convenes, Impotently

Security Boulevard

The International Counter Ransomware Summit is on in D.C., with 36 nations and blocs. But will it amount to anything of substance? The post FBI/CISA Failed: Biden’s Ransomware Summit Convenes, Impotently appeared first on Security Boulevard.

More Trending

article thumbnail

LockBit 3.0 gang claims to have stolen data from Thales

Security Affairs

The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential to the development of our societies, by placing people at the heart of decision-making.

article thumbnail

New ransomware tries to corner cybersecurity researchers

CyberSecurity Insiders

A new ransomware named ‘Azov Ransomware’ is found framing cybersecurity researchers as it doesn’t demand any ransom from its victims, instead it is asking them to contact forensic experts from a firm in the vicinity and do as per their instructions. Though the actions of Azov Ransomware are strange, researchers state that it’s not a big surprise. As someone is trying to frame security personnel from a specific company or some in related field are playing the blame-game.

article thumbnail

Experts warn of critical RCE in ConnectWise Server Backup Solution

Security Affairs

ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise , the vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data.

Backups 122
article thumbnail

The State of Endpoint Security Management in 2022: It’s Worse Than You Suspect

CyberSecurity Insiders

How important is endpoint security management for organizations? If you ask security managers, not that much. A recent poll shows that it is not a concern for 60 percent of organizations. Around 49 percent of the poll’s respondents say that endpoint security is nonexistent for them, while 11 percent regard it as a lowest-priority matter. This state of endpoint security is a disaster waiting to happen.

IoT 120
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

OpenSSL project patches two vulnerabilities but downgrades severity

CSO Magazine

The OpenSSL project released a patch for two high severity vulnerabilities in the world’s most widely used cryptographic library. The project’s maintainers warned users since last week to prepare for a critical patch on November 1, but the severity has since been downgraded following additional testing. Organizations should still determine which of their applications and servers are impacted and deploy the patches as soon as possible.

DNS 119
article thumbnail

Security and the Future of Open Finance: How to Improve Adoption Globally

CyberSecurity Insiders

By Jacob Ideskog, CTO at Curity. The adoption of Open Banking has increased rapidly over recent years and has had a revolutionary impact on financial institutions and on the experience consumers have when interacting with finance products. According to the OBIE 5 million people are now using Open Banking in the UK, as the benefits of the new products and services begin to be recognized by consumers and businesses alike.

Banking 119
article thumbnail

The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs

We Live Security

Do you find reports of spy cams found in vacation rentals unsettling? Try these tips for spotting hidden cameras and put your worries to rest. The post The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs appeared first on WeLiveSecurity.

116
116
article thumbnail

Cyber Threat from ‘Hackers for Hire’

CyberSecurity Insiders

All these days, we have seen threats from cyber hackers. But according to the concern expressed freshly by UK Spy Chief, Jeremy Fleming, a new threat is looming on the internet in the disguise of hackers for hire where even the white hat guys are being lured into the world of nefarious hacking because of the economic slowdowns and the looming recession threat in the west.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Scammers Exploiting New Twitter Verification Process in Phishing Attacks

SecureWorld News

Halloween may have just passed, but things are getting spooky for Twitter users that are being scammed by cybercriminals taking advantage of Elon Musk's purchase of the social media behemoth. With all of the changes—namely, increasing the cost of the Twitter Blue subscription service from $4.99 to $20 per month—hackers are taking advantage of the verification process being revamped under the new Musk-led version of the company.

Phishing 113
article thumbnail

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Dark Reading

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

article thumbnail

Malicious Android apps with 1M+ installs found on Google Play

Bleeping Computer

A set of four malicious applications currently available in Google Play, the official store for the Android system, are directing users sites that steal sensitive information or generate 'pay-per-click' revenue for the operators. [.].

Mobile 107
article thumbnail

Hard Truths About Driving a Security Mindset

Security Boulevard

Working in cybersecurity as a consultant can be eye-opening. We regularly see clients who, despite knowing they need cybersecurity, come to us with little or no real security controls in place. Our job is to quickly assess where they are most vulnerable and recommend solutions and then implement a plan to bring them up to. The post Hard Truths About Driving a Security Mindset appeared first on Security Boulevard.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

2023 Cyber Threat Predictions

Digital Shadows

As we move towards the end of 2022, now is the time to take a look back at the major. The post 2023 Cyber Threat Predictions first appeared on Digital Shadows.

article thumbnail

Multiple Vulnerabilities Discovered in Juniper Junos OS

Heimadal Security

A series of severe security flaws have been disclosed to affect Juniper Networks devices, some of which might end up being exploited to achieve unauthorized access or remote code execution. Out of the vulnerabilities presented in the vendor`s advisory, the most dangerous one appears to be CVE-2022-22241, a remote pre-authenticated PHP archive file deserialization vulnerability with the CVSS score […].

article thumbnail

Episode 245: How AI is remaking knowledge-based authentication

The Security Ledger

Six decades in, password use has tipped into the absurd, while two-factor authentication is showing its limits. We talk with Matt Salisbury of Honeybadger HQ, which is using AI and machine learning to re-imagine knowledge-based authentication. The post Episode 245: How AI is remaking knowledge-based authentication appeared first on The Security. Read the whole entry. » Click the icon below to listen.

article thumbnail

How Are Elderly Americans Vulnerable to Identity Theft?

Identity IQ

How Are Elderly Americans Vulnerable to Identity Theft? IdentityIQ. Elderly Americans are facing a drastic increase in cybercrime, identity theft and financial abuse. Adults over age 60 last year reported $1.3 billion in cybercrime losses to the FBI’s Internet Crime Complaint Center (IC3) – a 74% increase from the previous year. The fact is, older Americans are a popular target for criminals who seek to scam their victims out of their identity and money.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

$4 Million in Exchange for Access to 576 Corporate Networks

Heimadal Security

According to a new report published by cybersecurity researchers, hackers are selling access to 576 corporate networks around the world for a total of $4,000,000, driving enterprise attacks. The Q3 2022 ransomware report published by Israeli cyber-intelligence researchers from KELA showed stable activity in the initial access sales sector but a significant increase in the […].

article thumbnail

Malware on the Google Play store leads to harmful phishing sites

Malwarebytes

A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.

article thumbnail

Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware

The Hacker News

The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky.

Malware 96
article thumbnail

LinkedIn introduces new security features to combat fake accounts

Malwarebytes

LinkedIn knows it has a problem with bots and fake accounts, and has acknowledged this on more than one occasion. For years, it has been aware of spam, fake job offers, phishing, fraudulent investments, and (at times) malware, and has been trying to combat those issues. In 2018, LinkedIn rolled out a way to automatically detect fake accounts. It also gave users an inside look into what's going on behind the scenes: A dedicated team constantly analyzing abusive behavior, risk signals, and pattern

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Instagram Bug Causes Users’ Accounts Suspension

Heimadal Security

Instagram users might have taken the greatest Halloween scare ever yesterday after they found themselves unable to access their accounts for a while. Users started experiencing login issues yesterday, some of them even being informed that their accounts have been suspended, without a trace of a legitimate reason behind the ban. The Instagram problem occurs […].

article thumbnail

Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB

The Hacker News

Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss.

article thumbnail

The OSPO – the front line for secure open-source software supply chain governance

CSO Magazine

Organizations of every shape, size, and sector have embraced open-source software (OSS). The financial, medical, and manufacturing industries – and even national security – now use OSS to power their most critical applications and activities. However, this widespread adoption comes with pitfalls: a corresponding increase of almost 800% in software supply chain attacks according to the State of the Software Supply Chain from Sonatype.

article thumbnail

Ransomware activity and network access sales in Q3 2022

Security Affairs

Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity in the sector of initial access sales, but experts observed a rise in the value of the offerings. “In Q3 actors offered more expensive listings since the total number of listings remained almost the same.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.