Fri.Apr 02, 2021

article thumbnail

Malware Hidden in Call of Duty Cheating Software

Schneier on Security

News article : Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.) While the report doesn’t mention which forum they were posted on (that certainly would’ve been helpful), it does say that these offerings have popped up a number of times.

Software 204
article thumbnail

Weekly Update 237

Troy Hunt

As soon as I started watching this video back, I remembered why I don't do daylight mode in these any more. It's just so. boring. That said, I've got a bunch of stuff in the pipeline to enhance the room design and lighting as I think there's still plenty of room for improvement, stay tuned for that one. For now though, a lot of this week's video is about the Ubiquiti situation and I'm very candid about my feelings on that one.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI and CISA warn of state hackers attacking Fortinet FortiOS servers

Bleeping Computer

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits. [.].

article thumbnail

FirstNet public safety cellular network adds 5G and data encryption

Tech Republic Security

AT&T's public safety network picks up new features, including full tower-to-core encryption and a custom 5G setup.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Browser lockers: extortion disguised as a fine

SecureList

Browser lockers (aka browlocks) are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out payment details. The “locking” consists of preventing the user from leaving the current tab, which displays intimidating messages, often with sound and visual effects.

article thumbnail

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

Threatpost

Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon.

VPN 139

More Trending

article thumbnail

Kansas Man Could Serve 25 Years in Prison for Hacking Local Water System

Hot for Security

A 22-year-old Kansas man may face the next quarter century behind bars after allegedly hacking computer systems to affect tap water. A press release from the Department of Justice reveals that Wyatt A. Travnichek, 22, of Ellsworth County, Kansas is charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access.

Hacking 116
article thumbnail

GitHub Arctic Vault captures leaked patient medical data for 1,000 years

Bleeping Computer

GitHub Arctic Code Vault has inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years. [.].

article thumbnail

Leaky Apps Heighten Supply Chain Risk

Security Boulevard

Securing the apps that businesses and individuals have come to rely on, particularly during the pandemic, has become a multidimensional challenge. Recent research underscored the need to more tightly knit DevOps together with SecOps early in the development process. More than 40% of apps actively leaked information, increasing the risk that sensitive data would be.

Risk 110
article thumbnail

Man indicted for tampering with public water system in Kansas

Security Affairs

The United States Department of Justice (DoJ) charged a Kansas man, for accessing and tampering with a public water system. The United States Department of Justice charged Wyatt A. Travnichek (22), of Ellsworth County, Kansas, for accessing and tampering with the computer system of the Ellsworth County Rural Water District. Travnichek accessed the computer system of the Public Water System on or about March 27, 2019, without authorization. “ WYATT A.

Hacking 107
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Data, Data, and more Data!!!

Security Boulevard

Big data is exactly what is sounds like, large volumes of data sets. Today’s data is complex and comes in diverse forms that are constantly changing. Big data can be conveyed through volume, velocity, and variety. These elements, often called the “3 V’s of Big Data” define how data is expressed. Volume refers to the […]. The post Data, Data, and more Data!!!

Big data 108
article thumbnail

Massive Cyber Attack on F5 Systems and University of California

CyberSecurity Insiders

F5 Cloud Company that specializes in offering networking and application security has been targeted by a cyber attack that is under investigation. And highly placed sources confirm the hackers exploited a critical vulnerability in the F5 Systems to target the network with espionage and data stealing tools. The American-based technology company says that the attack took place as soon as it published Proof of Concept (PoC) code online and could have impacted its clients if the staff failed to take

article thumbnail

Cisco Live 2021: New Webex features, as-a-service offerings, improved security and no passwords

Tech Republic Security

The company made a slew of announcements at its annual conference this week that will roll out throughout the year.

Passwords 111
article thumbnail

Four Tenets of Zero Trust Workload Protection

Security Boulevard

To better protect our enterprise systems, the Zero Trust model must be re-defined and expanded to cover applications and cloud workloads during runtime. This is the only way to ensure that the right code and processes can execute and nothing else, regardless of the threat environment. 1. ‘We’ve Never Seen This Before’ is Not an Excuse. At recent Senate hearings around the SolarWinds attack, a common refrain was “this is unprecedented” or “we’ve never seen this before,” implying a reasonable excu

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Call of Duty Cheats Expose Gamers to Malware, Takeover

Threatpost

Activision is warning that cyberattackers are disguising malware -- a remote-access trojan (RAT) -- in cheat programs.

Malware 121
article thumbnail

A Risk Management Wake-Up Call

Security Boulevard

Our world is digitally dependent. The recent Oldsmar water attack on internet-connected control systems served as a clarion reminder: hackers almost succeeded in poisoning the water supply in Florida without setting foot inside the physical premises. As our reliance on digital systems grow, cyber risk becomes ever pervasive, enterprise organizations need to reset their approaches.

Risk 96
article thumbnail

Booking.com Fined €475,000 For Late Data Breach Reporting

Heimadal Security

The Dutch Data Protection Authority (AP) has imposed a €475,000 fine on Booking.com for reporting a data breach to the AP too late. Cybercriminals exfiltrated the personal data of more than 4,000 customers and they were also able to obtain the credit card details of nearly 300 victims. Source Hackers extracted login credentials of victims’ […].

article thumbnail

Understanding and Preventing S3 Leaks

Security Boulevard

Amazon Simple Storage Service, or S3, is a popular service that many developers today rely on to quickly build applications. Over time, S3 has become a popular target for attackers, resulting in a large number of data leaks. Most of them, such as the incident targeting Verizon, a leak of 1.8 million Chicago voter records and. The post Understanding and Preventing S3 Leaks appeared first on Security Boulevard.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

GitHub Arctic Vault likely contains leaked MedData patient records

Bleeping Computer

GitHub Arctic Code Vault has likely inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years. [.].

article thumbnail

From PowerShell to Payload: An Analysis of Weaponized Malware

Threatpost

John Hammond, security researcher with Huntress, takes a deep-dive into a malware's technical and coding aspects.

Malware 119
article thumbnail

Friday Five 4/2

Digital Guardian

Hacking team-ups, Turing Award winners, and scammers targeting universities - catch up on all of the week's infosec news with the Friday Five!

InfoSec 103
article thumbnail

Ransomware gang wanted $40 million in Florida schools cyberattack

Bleeping Computer

Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that can not afford them. An example of this is a recently revealed ransomware attack on the Broward County Public Schools district where threat actors demanded a $40,000,000 payment. [.].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Week in security with Tony Anscombe

We Live Security

PHP source code briefly backdoored – Prevent data loss before it's too late – The perils of owning a smart dishwasher. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.

88
article thumbnail

Don’t Let the Fox Watch the Henhouse: Securing Firmware

Security Boulevard

Recent attacks have caused the security industry to direct significant attention to supply chain security. As organizations look to address those challenges, it’s critical to start with what is arguably the most integral piece of the supply chain: the firmware layer. Firmware is, essentially, the foundational code within a device. Independent of the operating system, The post Don’t Let the Fox Watch the Henhouse: Securing Firmware appeared first on Security Boulevard.

article thumbnail

Conti Ransomware targets Florida’s largest school district

CyberSecurity Insiders

Broward County Public Schools that is the sixth largest school district in United States was hit by a ransomware attack sometime last month. And sources say that those behind the spread of ransomware demanded $40 million or else threatened to wipe off the entire data on the servers. School authorities of the largest Florida district say that they do not want to bow down to the demands of hackers as the previous negotiations failed.

article thumbnail

Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools

Security Affairs

Ransomware gang demanded a $40,000,000 ransom to the Broward County Public Schools district, Florida. It is just the last attack of a long string against the sector. Ransomware operators continue to target organizations worldwide and school districts particularly exposed to these malicious campaigns. Recently the Broward County Public Schools district announced that it was victim of a ransomware attack and crooks demanded a $40,000,000 payment.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Capital One notifies more clients of SSNs exposed in 2019 data breach

Bleeping Computer

US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. [.].

article thumbnail

Conti ransomware gang hits Broward County Schools with $40M demand

SC Magazine

Coral Glades High School, part of Broward County Public Schools. The $40 million ransomware attack on the district was one of a wave of cases targeting educational institutions over the last couple of weeks. (Formulanone, Public domain, via Wikimedia Commons). The Conti ransomware gang encrypted the systems at Broward County Public Schools several weeks ago and threatened to release sensitive student, teacher and employee personal data unless the district paid an enormous $40 million ransom. .

article thumbnail

Why Charity Water Wells May Be Worse For Women Than Long Walks With Cans

Security Boulevard

Part four in a three part series… I told myself I wouldn’t treat this lightly and so it ended up being delayed a long while. In a nutshell when a “water charity” would roll into villages in Africa they believed dropping a well directly outside homes would liberate women and children from the burden of … Continue reading Why Charity Water Wells May Be Worse For Women Than Long Walks With Cans ?.

article thumbnail

Robinhood Warns Customers of Tax-Season Phishing Scams

Threatpost

Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files.

Scams 89
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.