The Last Watchdog

MARCH 29, 2022

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration. Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software. This is all part of corporations plunging into the near future: migration to cloud-based IT infrastructure is in high gear, complexity is mushrooming and fear of falli

Firewall 218

Firewall Digital transformation Internet Internet 218

Schneier on Security

MARCH 29, 2022

Based on two years of leaked messages , 60,000 in all: The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers should process their code, and shares best practices to keep the group’s members hidden from law enforcement.

Ransomware 197

Ransomware 197

Tech Republic Security

MARCH 29, 2022

To reduce security threats within your organization, you must prioritize security risk management. Here are some best practices to follow, as well as some top resources from TechRepublic Premium. The post Minimizing security risks: Best practices for success appeared first on TechRepublic.

Risk 206

Risk 206

Digital Shadows

MARCH 29, 2022

Since Russia’s invasion of Ukraine in February, the Digital Shadows Photon team has been following multiple aspects of the tragic. The post “Your rubles will only be good for lighting a fire”: Cybercriminals reel from impact of sanctions first appeared on Digital Shadows.

Cybercrime 143

Cybercrime 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MARCH 29, 2022

Phishing attempts are within reach of less tech-savvy attackers, thanks to the rise of phishing kits. Learn where these kits are found, how they work, and how to combat them. The post Cybercriminals’ phishing kits make credential theft easier than ever appeared first on TechRepublic.

Phishing 151

Phishing 151

CSO Magazine

MARCH 29, 2022

If you don’t currently have your own security operations center (SOC), you have two ways to get one: Build your own or use some managed collection of services. In past years the two paths were distinct, and it was relatively easy to make the call based on staffing costs and skills. Now, the SOC-as-a-service (SOCaaS) industry has matured to the point now where the term is falling into disfavor as managed services vendors have become more integral to the practice.

141

141

CSO Magazine

MARCH 29, 2022

Shodan is a search engine for everything on the internet — web cams, water treatment facilities, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs, refrigerators, anything and everything you could possibly imagine that's plugged into the internet (and often shouldn't be). Google and other search engines, by comparison, index only the web.

Engineering 132

Engineering Internet Internet 132

Tech Republic Security

MARCH 29, 2022

There are many ways to keep your data and network safe. A combination of these types of security tools is the best way to protect your organization. The post 5 types of cybersecurity tools every admin should know appeared first on TechRepublic.

Cybersecurity 144

Cybersecurity Software 144

CyberSecurity Insiders

MARCH 29, 2022

Those behind the spread of passwords stealing gang dubbed Racoon Stealer have announced that they are temporarily shutting their operations as they lost a crucial gang member in the invasion of Ukraine. Details are in that Racoon Stealing malware aka password stealing malicious software was being distributed in a MAAS (malware as a service) service for a price range of $75 to $200 on monthly note.

Malware 127

Malware Passwords Cryptocurrency Software 127

Tech Republic Security

MARCH 29, 2022

QR codes are everywhere, and they can also be dangerous. Here’s how to stay safe with some hints from Tom Merritt. The post Top 5 tips for QR code safety appeared first on TechRepublic.

134

134

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

MARCH 29, 2022

Since the start of the Russian invasion of Ukraine, the war on the battlefield has been accompanied by cyber attacks. Those attacks against critical infrastructure have knocked out banking and defense platforms, mostly by targeting several communication systems. In a timeline set up by NetBlocks , you can follow individual attacks on communication services, starting Thursday 24 February 2022, the same day the invasion of Ukraine started.

DDOS 116

DDOS Wireless Internet Internet 116

Identity IQ

MARCH 29, 2022

What is Social Media Account Cloning? IdentityIQ. When a scammer has the right information, they can easily impersonate you on social media by cloning your account. It’s pretty simple to do when much of the information that scammers need is publicly available on the real person’s profile. Criminals can use cloned social accounts to scam your friends, commit identity theft and even get your existing accounts shut down.

Media 115

Media Accountability Identity Theft Scams 115

Tech Republic Security

MARCH 29, 2022

QR codes are everywhere, and they can also be dangerous. Here’s how to stay safe with some hints from Tom Merritt. The post QR codes: Top 5 safety tips appeared first on TechRepublic.

102

102

TrustArc

MARCH 29, 2022

Regulation Management Can’t Keep Up with Data Growth Today every organization is acutely aware of the liability that data can be. It seems every department, function, and team in an organization uses their preferred list of external apps and vendors to satisfy their business needs. For example, the global big data analytics market is predicted […].

Risk 111

Risk Big data Marketing 111

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Heimadal Security

MARCH 29, 2022

A new email phishing operation has been noticed employing the conversation hijacking strategy to distribute the IcedID banking trojan-type malware onto compromised computers via unpatched and publicly-exposed Microsoft Exchange servers. According to an Intezer report shared with The Hacker News, The emails use a social engineering technique of conversation hijacking (also known as thread hijacking). […].

Social Engineering 109

Social Engineering Malware Banking Engineering 109

Security Boulevard

MARCH 29, 2022

A zero-day vulnerability is an as-yet-unknown computer software vulnerability, that attacks in stealth mode before security teams are aware of its presence. Zero-day is an amorphous concept; it refers to the period of time between the introduction of the software defect and the availability of a fix. This creates a unique security posture situation rife.

Software 105

Software Security Awareness Mobile Malware 105

Heimadal Security

MARCH 29, 2022

One of the first groups to use “triple extortion” tactics in their attacks was SunCrypt. This group is a RaaS (Ransomware as a Service) group. SunCrypt doesn’t have a big affiliate program like other RaaS groups. Instead, it has a small and private affiliate program. GO was used to write the first version of this […]. The post SunCrypt Ransomware Still Alive in 2022 appeared first on Heimdal Security Blog.

Ransomware 103

Ransomware Cybersecurity 103

We Live Security

MARCH 29, 2022

Soaring energy prices and increased geopolitical tensions amid the Russian invasion of Ukraine bring a sharp focus on European energy security. The post Europe’s quest for energy independence and how cyber‑risks come into play appeared first on WeLiveSecurity.

Cyber Risk 103

Cyber Risk Risk 103

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MARCH 29, 2022

In a joint advisory with the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. organizations today to secure Internet-connected UPS devices from ongoing attacks. [.].

Internet 98

Internet Internet Cybersecurity 98

Security Boulevard

MARCH 29, 2022

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration. Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising … (more…). The post MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks appeared first on Security Boulevard.

Security Awareness 98

Security Awareness 98

Bleeping Computer

MARCH 29, 2022

A Wyze Cam internet camera vulnerability allows unauthenticated, remote access to videos and images stored on local memory cards and has remained unfixed for almost three years. [.].

Internet 98

Internet Internet 98

The Hacker News

MARCH 29, 2022

A group of academics has designed a new system known as "Privid" that enables video analytics in a privacy-preserving manner to combat concerns with invasive tracking. "We're at a stage right now where cameras are practically ubiquitous.

Surveillance 98

Surveillance 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

MARCH 29, 2022

Today, the US Federal Trade Commission (FTC) sued Intuit, the maker of tax preparation software TurboTax, over deceptive advertising campaigns pitching free tax filing products that millions couldn't use. [.].

Advertising 98

Advertising Software Technology 98

The Hacker News

MARCH 29, 2022

Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older.

Firewall 97

Firewall Authentication Cybersecurity 97

Bleeping Computer

MARCH 29, 2022

As important as end user training and message filtering may be, there is a third method that tip the odds in their favor. Because phishing attacks often come disguised as password reset emails, it is important to handle password resets in a way that makes it obvious that email messages are not part of the password reset process. [.].

Passwords 97

Passwords Phishing 97

The Hacker News

MARCH 29, 2022

Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar.

Malware 97

Malware Cybersecurity 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

MARCH 29, 2022

Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity ‘s Ronin network bridge. Threat actors have stolen almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity’s Ronin network bridge. The attack took place on March 23rd, but the cyber heist was discovered today after a user was unable to withdraw 5,000 ether.

Hacking 97

Hacking Accountability Cybercrime Information Security 97

The Hacker News

MARCH 29, 2022

A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Transparent Tribe has been a highly active APT group in the Indian subcontinent," Cisco Talos researchers said in an analysis shared with The Hacker News.

Hacking 97

Hacking 97

Bleeping Computer

MARCH 29, 2022

British-based cybersecurity vendor Sophos warned that a recently patched Sophos Firewall bug allowing remote code execution (RCE) is now actively exploited in attacks. [.].

Firewall 97

Firewall Cybersecurity 97

The Hacker News

MARCH 29, 2022

SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as CVE-2022-22274 (CVSS score: 9.

Firewall 96

Firewall 96

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.