Schneier on Security

DECEMBER 1, 2020

Many systems are vulnerable : Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. […]. They broadened their research to show how light can be used to manipulate a wider range of digital assistants — including Amazon Echo 3 — but also sensing systems found in medical

Hacking 285

Hacking 285

Joseph Steinberg

DECEMBER 1, 2020

Social media users’ delight at receiving notification that their accounts have qualified for Verification (that is, receiving the often-coveted “blue check mark” that appears on the social media profiles of public figures) has become the latest target of criminal exploitation. Cybercrooks intent on stealing people’s identities (or worse) have begun sending well-crafted messages that both impersonate various major social-media providers, as well as mimic the instructions that such media platforms

Media 246

Media Accountability Phishing Scams 246

Krebs on Security

DECEMBER 1, 2020

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors. Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad , a gang of young ne’er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks a

DDOS 239

DDOS Mobile Hacking Encryption 239

Tech Republic Security

DECEMBER 1, 2020

Cybercriminals can use stolen information for extortion, scams and phishing schemes, and the direct theft of money, says Kaspersky.

Scams 185

Scams Phishing 185

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Threatpost

DECEMBER 1, 2020

An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.

Banking 113

Banking Backups Information Security 113

Tech Republic Security

DECEMBER 1, 2020

November saw a spike in phishing emails spoofing shipping companies such as DHL, Amazon, and FedEx, says Check Point Research.

Scams 145

Scams Phishing 145

Dark Reading

DECEMBER 1, 2020

Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.

Network Security 107

Network Security 107

Security Affairs

DECEMBER 1, 2020

Talos experts found flaws in the WebKit browser engine that can be also exploited for remote code execution via specially crafted websites. Cisco’s Talos team discovered security flaws in the WebKit browser engine, including flaws that can be exploited by a remote attacker to gain code execution by tricking the user into visiting a malicious website.

Engineering 107

Engineering Mobile Hacking Software 107

Threatpost

DECEMBER 1, 2020

The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.

Phishing 115

Phishing Accountability Scams Hacking 115

Security Affairs

DECEMBER 1, 2020

npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’ computers. Security staff behind the npm repository removed two packages that were found containing the malicious code to install the njRAT remote access trojan (RAT) on computers of JavaScript and Node.js developers who imported and installed the jdb.js and db-json.js packages.

Firewall 106

Firewall Hacking Software Information Security 106

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The State of Security

DECEMBER 1, 2020

U.S. Federal Cybersecurity Today Computer security regulations have come a long way from their early beginnings. Even before the Federal Information Security Management Act (FISMA), there was the Computer Security Act of 1987 (CSA). The Computer Security Act was enacted by the 100th United States Congress in response to a lack of computer security protection […]… Read More.

Information Security 100

Information Security Cybersecurity Government 100

Security Affairs

DECEMBER 1, 2020

The CyberNews investigation team discovered French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data. Original post @ [link]. The CyberNews investigation team discovered an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing confidential data belonging to Apodis Pharma , a software company based in France.

Small Business 104

Small Business Data privacy Insurance Healthcare 104

IT Security Guru

DECEMBER 1, 2020

It’s fair to say that we have all been spending less time jumping onto Wi-Fi hotspots at cafes, hotels, airports or company guest networks, over the last sixth months. But as lockdown measures were eased, we saw more people looking for a change of scenery in coffee bars and pubs offering workspaces. Whether at home or out and about, Wi-Fi has become something we have come to rely on for work and pleasure, while mobile operators increasingly use ‘hand-over’ to W-Fi networks as a way of meeting de

Wireless 98

Wireless Passwords Mobile Risk 98

Security Affairs

DECEMBER 1, 2020

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns. Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus , Cobalt Kitty , or APT32 , is deploying cryptocurrency miners while continues its cyberespionage campaigns. New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020.

Cryptocurrency 103

Cryptocurrency Antivirus Manufacturing Government 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

We Live Security

DECEMBER 1, 2020

Without ever setting foot in the lab, a threat actor could dupe DNA researchers into creating pathogens, according to a study describing "an end-to-end cyber-biological attack". The post Cyberattackers could trick scientists into producing dangerous substances appeared first on WeLiveSecurity.

Cybersecurity 98

Cybersecurity 98

Security Affairs

DECEMBER 1, 2020

Baltimore County Schools were hit by a ransomware attack that forced them to close leaving more than 100,000 students out. Baltimore County Schools are still closed following a ransomware attack and unfortunately, at the time of this writing, it is impossible to predict when school will resume. School officials notified state and federal law enforcement agencies, that launched an investigation into the incident.

Ransomware 91

Ransomware Risk Media Malware 91

Dark Reading

DECEMBER 1, 2020

A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.

94

94

Threatpost

DECEMBER 1, 2020

New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.

Authentication 112

Authentication Hacking 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

DECEMBER 1, 2020

The attorney general has long been one of the president’s chief apologists. Not this time.

114

114

Threatpost

DECEMBER 1, 2020

The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.

Malware 119

Malware 119

Dark Reading

DECEMBER 1, 2020

Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.

Cybersecurity 106

Cybersecurity 106

Threatpost

DECEMBER 1, 2020

The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers.

Mobile 96

Mobile 96

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

DECEMBER 1, 2020

SPONSORED: As most of the world shifted to remote work in 2020, cybercriminals upped their game, devising ways to use the fears and anxieties of organizations and end users against them. Sophos Principal Research Scientist Chester Wisniewski discusses the fast-changing attacker behaviors outlined in the Sophos 2021 Threat Report, and how IT professionals need to update their approach to protect against more sophisticated threats.

Threat Reports 100

Threat Reports Cybersecurity 100

Threatpost

DECEMBER 1, 2020

Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.

94

94

Dark Reading

DECEMBER 1, 2020

Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.

Cybersecurity 96

Cybersecurity 96

SecureWorld News

DECEMBER 1, 2020

The Home Depot recently reached a multi-state agreement which settles an investigation into a 2014 data breach. The data breach compromised payment card information of roughly 40 million customers. The company will pay a total of $17.5 million to 46 U.S. states and the District of Columbia. It has also agreed to strengthen its information security program through a series of steps, which must be done within 180 days of the agreement.

Data breaches 58

Data breaches Penetration Testing Password Management Information Security 58

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

DECEMBER 1, 2020

Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.

110

110

Digital Shadows

DECEMBER 1, 2020

This year has been a real doozy, y’all: Ransomware capitalizing on extortion, operators compromising thousands of organizations, the COVID-19 pandemic. The post 2021 Forecasts: Six Trends And Predictions For The New Year first appeared on Digital Shadows.

Ransomware 52

Ransomware Cybercrime 52

BH Consulting

DECEMBER 1, 2020

For many organisations, the international transfer of data is essential to running their business and the recent CJEU ruling (also called Schrems ruling ) will have had a significant impact on organisations operating outside the EEA. This is the first in a series of blogs exploring what this decision means for you. BH Consulting will analyse the recent guidance given to businesses by the European Data Protection Board (EDPB) and translate it into practical recommendations your business must cons

Surveillance 52

Surveillance Encryption Government Risk 52

Trend Micro

DECEMBER 1, 2020

Cloud-based Slack has become an integral part of many teams’ daily functions and interactions. But with all the corporate data and potentially confidential information being shared via Slack, have you stopped to think about its security?

Cyber threats 52

Cyber threats 52

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.