Wed.Oct 06, 2021

article thumbnail

Over 1.5 billion Facebook users' personal data found for sale on hacker forum

Tech Republic Security

Unrelated to other recent problems Facebook has had, this particular batch of data was scraped from profiles, meaning it's publicly available knowledge. That doesn't stop it from being dangerous.

218
218
article thumbnail

Every day is cyber security awareness month

Javvad Malik

October is National Cyber Security Awareness Month. . Delivering effective cyber security awareness is an ongoing process, and not one that can be solved in one month a year. But that doesn’t mean we shouldn’t try. Staying safe online has many similarities with staying safe on the line aka tightrope walking. It involves a delicate mix of courage, foolhardiness, balance, poise, and the threat of falling to a horrible death.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to encrypt specific sections of Google Docs with the DocSecrets add-on

Tech Republic Security

Anyone who needs to hide away sections of text in Google Documents should give this handy add-on a try.

article thumbnail

To the moon and hack: Fake SafeMoon app drops malware to spy on you

We Live Security

Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze. The post To the moon and hack: Fake SafeMoon app drops malware to spy on you appeared first on WeLiveSecurity.

Malware 143
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

Resecurity researchers dumped Gigabytes of data from Agent Tesla C2Cs, one of the most well-known cyberespionage tools suffers a data leakage. Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets.

article thumbnail

Does XDR Need a New Kill Chain?

CyberSecurity Insiders

The time has come for cyber security technology to keep up with the adversaries. Now that we have seen so many successful multi-stage attacks, we need to reassess the way we correlate the signals we are seeing from all the security tools in our environments. Correlation is helpful but it doesn’t always paint the complete picture. What is the next phase in detection and response?

Big data 134

More Trending

article thumbnail

Cybersecurity Jobs: 5 Tips to Help You Get Hired

Cisco Security

Before joining Cisco, I spent a lot of time wading through the resumes of potential cybersecurity candidates to hire for my teams. I was looking for individuals from a variety of backgrounds and experiences but finding candidates with zero to three years of experience was the most difficult to find. Many find it challenging to get a job, but I will let you in on a little secret – it’s even more challenging for a hiring manager to find quality cybersecurity talent.

article thumbnail

VMware ESXi Servers Encrypted by Lightning-Fast Python Script

Threatpost

The little snippet of Python code strikes fast and nasty, taking less than three hours to complete a ransomware attack from initial breach to encryption.

article thumbnail

5 steps toward real zero trust security

CSO Magazine

Zero trust has long been the logical successor to the moat/castle perimeter security model, which hasn’t worked very well to protect enterprises from cyberattacks and is becoming increasingly outdated as employees become more mobile and applications migrate to the cloud. But adoption of the zero trust model, created by former Forrester analyst John Kindervag more than a decade ago, has been slow due in part to aversion to change and concerns that replacing perimeter security with something new w

CSO 128
article thumbnail

‘Twitch compromised’: What we know so far, and what you need to do

Malwarebytes

Big, breaking news going around at the moment. If you have a Twitch account, you may wish to perform some security due diligence. There are multiple reports of the site being compromised. And they absolutely do mean compromised: [link] got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.

Passwords 117
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

1 Death = Total Recall: Volvo Quietly Blows Tesla Out of the Water

Security Boulevard

The Drive has reported this as “…a lot that goes into making Volvo one of the world’s safest auto brands.” Volvo undeniably puts safety first, above all else. They famously said a long time ago that zero deaths is their vision. Volvo –- whose XC90 was among the nine vehicles cited by the IIHS [with … Continue reading 1 Death = Total Recall: Volvo Quietly Blows Tesla Out of the Water ?.

article thumbnail

Smashing Security podcast #246: Facebook has fallen

Graham Cluley

Facebook suffers a massive (and very public) failure, Britain announces plans for counter-attacking nation states in cyberspace, and there’s a tragic story related to ransomware. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by … Continue reading "Smashing Security podcast #246: Facebook has fallen".

article thumbnail

How a phishing attack thwarted MFA to steal money from Coinbase customers

Tech Republic Security

A flaw in Coinbase's setup of SMS-based MFA allowed attackers to compromise a large number of accounts.

Phishing 138
article thumbnail

What the CEO Saw: Colonial Pipeline, Accellion Execs Share Cyberattack War Stories

Dark Reading

CEOs of the two breached companies said their priorities instantly shifted to joining the response efforts when they first learned of attacks on their systems.

123
123
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Microsoft shares Windows 11 TPM check bypass for unsupported PCs

Bleeping Computer

Microsoft has published a new support webpage where they provide an official method to bypass the TPM 2.0 check and have Windows 11 installed on unsupported systems. [.].

119
119
article thumbnail

New Security Challenges Require New Mindset

Security Boulevard

One of the biggest complications of modern security is that it requires a completely different mindset, with IT taking on strategic significance and cloud computing undoing the traditional notion of a secure perimeter. This means organizations must approach cybersecurity with a completely different mindset and wake up to the fact that practices considered good enough.

article thumbnail

Twitch hacked, and 100GB data stolen

CyberSecurity Insiders

Twitch, the American online streaming platform, was reportedly hacked by an anonymous hacker last month who now claims to leak over 100GB data online to disrupt the future business plans of the victimized company further. Leaked data from the claimed cyber attack includes source code of the streaming platform, some payouts made to developers related to games and apps and other internal software information.

Hacking 112
article thumbnail

Iranian APT targets aerospace and telecom firms with stealthy ShellClient Trojan

CSO Magazine

Security researchers have uncovered cyberespionage operations by an Iran-based hacker group targeting aerospace and telecom firms with a previously undocumented stealthy Trojan program that's been in use since 2018. Security firm Cybereason has dubbed the campaign Operation GhostShell and said it targeted primarily companies in the Middle East, but also in the US, Europe and Russia.

CSO 111
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Apache web server zero-day bug is easy to exploit – patch now!

Naked Security

Some of us have Apache as our primary web server. But lots of us may have Apache without knowing it, as part of another product.

131
131
article thumbnail

Facebook releases tool to discover Security Issues and Software Bugs

CyberSecurity Insiders

Facebook, on a recent note, released an open source Mariana Trench tool for android mobile operating system developers to discover any security and privacy issues in applications meant to be hosted on Google Play Store. The newly designed utility released by the FB helps in scanning large mobile codebases and flag any security or privacy related potential threats that could lurk in the mobile databases while in beta phase.

Software 109
article thumbnail

BrandPost: DLP Still Doesn’t Work: Proofpoint Sues Former Employee

CSO Magazine

What’s the #1 indicator that an employee is going to take data? They quit. It’s that simple. If you think your company is immune to departing employees walking out the door with sensitive data, think again. It happens every day – I’ve said this before. Case in point: Last week, a data loss security company, Proofpoint, filed a lawsuit against a former employee for stealing confidential sales-enablement data prior to leaving for Abnormal Security, a market rival.

Marketing 107
article thumbnail

UK to build $5 billion headquarters to retaliate offensive Cyber Attacks

CyberSecurity Insiders

All these days, Britain tried its best to remain calm against nations that were hitting its critical infrastructure constantly on a digital note. But now, the nation will not remain silent against the cyber warfare and has retaliated strongly. UK Defense Secretary Ben Wallace has announced that his nation will soon build a $5 billion National Cyber Force Headquarters to retaliate tier 1 kind of cyber attacks by hostile nations.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Patch now! Apache fixes zero-day vulnerability in HTTP Server

Malwarebytes

The Apache HTTP Server 2.4.49 is vulnerable to a flaw that allows attackers to use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by “require all denied” these requests can succeed. This issue is known to be exploited in the wild. The vulnerability.

Internet 100
article thumbnail

Everything You Need to Know About Open Banking Security

Appknox

Financial services have developed at a breakneck pace, resulting in fierce competition among financial technologies. These services in the digital age must be characterized by three words: rapid, efficient, and intuitive. It is no longer necessary to wait in queues to speak with a bank teller.

Banking 105
article thumbnail

Mental Health & Burnout in Cybersecurity: Tips, Stories and Insights

Cisco Security

During the Tokyo 2020 Olympic Games, gymnastics legend Simone Biles surprised everyone when she withdrew from the individual all-around competition to take care of her mental well-being. Biles later returned to the Games, winning two medals overall. I personally found her contribution to the conversations around mental health just as inspiring as her sporting achievements.

article thumbnail

Recorded Future’s intelligence summit, Predict 21, is happening next week – and you’re invited!

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Predict 21, the world’s premier virtual event for analysts, network defenders, and cybersecurity executives interested in learning about how intelligence helps companies with their proactive and persistent security, is taking place October … Continue reading "Recorded Future’s intelligence summit, Predict 21, is happening next week – and yo

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Twitch Gets Gutted: All Source Code Leaked

Threatpost

An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch's source code, comments going back to its inception and more.

Hacking 108
article thumbnail

European Parliament calls for ban on AI-powered mass surveillance

Bleeping Computer

The EU Parliament has voted in favor of a resolution that bans the adoption of AI-powered biometric mass surveillance technologies such as facial recognition systems in the continent. [.].

article thumbnail

The Rising Costs of Data Breaches

Security Boulevard

Costs are rising, but there's good news, too. Breaches of companies that had Zero Trust deployed were less frequent and cost 35% less than for companies that did not deploy Zero Trust. The post The Rising Costs of Data Breaches appeared first on Ericom Blog. The post The Rising Costs of Data Breaches appeared first on Security Boulevard.

article thumbnail

The New CASP+: Your Questions Answered

CompTIA on Cybersecurity

CASP+ is for security architects and senior security engineers charged with leading and improving an enterprise’s cybersecurity readiness. Read on as we’ve answered your pressing questions about the newest version of the exam.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.