Krebs on Security

SEPTEMBER 16, 2021

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.

DDOS 285

DDOS DNS Internet Internet 285

Tech Republic Security

SEPTEMBER 16, 2021

Canonical announced that its managed services had MSPCV Certification. Jack Wallen believes this milestone should help big businesses realize it is time to trust open source software.

Software 147

Software 147

CSO Magazine

SEPTEMBER 16, 2021

Social engineering definition. Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.

Social Engineering 145

Social Engineering Engineering Scams Passwords 145

Bleeping Computer

SEPTEMBER 16, 2021

Security researchers have discovered malicious Linux binaries created for the Windows Subsystem for Linux (WSL), indicating that hackers are trying out new methods to compromise Windows machines. [.].

Malware 145

Malware 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 16, 2021

The free decryption tool will help victims restore their encrypted files from attacks made before July 13, 2021, says Bitdefender.

Encryption 155

Encryption Ransomware 155

Bleeping Computer

SEPTEMBER 16, 2021

A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free. [.].

Ransomware 145

Ransomware Encryption 145

eSecurity Planet

SEPTEMBER 16, 2021

An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data. The investigators said the advanced threat actors used a mixture of known and unique malware tools in the attack – which they dubbed Operation Harvest – to compromise the victim’s IT environment, exfiltrate the data and evade detection.

Malware 137

Malware Manufacturing Software Cyber Attacks 137

Malwarebytes

SEPTEMBER 16, 2021

We all know cookies as tasty baked treats that we love to eat, but computer cookies are quite different. Although they’re most popularly known as just “cookies”, they may be referred to as browser cookies, Internet cookies, HTTP cookies, web cookies, computer cookies, or digital cookies. What are cookies? Cookies are pieces of information that a website can save in your browser.

VPN 134

VPN Advertising Encryption Technology 134

Security Boulevard

SEPTEMBER 16, 2021

On September 14, 2021, two unrelated incidents demonstrated not only the vulnerability of users to state-sponsored attacks but the fact that defenders are relegated to playing “cat and mouse” with attackers (including government attackers), and the fact that when we provide computer and network attack (CNA) tools just to the “good guys”—we really don’t know.

Risk 134

Risk Government Spyware Surveillance 134

Bleeping Computer

SEPTEMBER 16, 2021

Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates. [.].

145

145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

SEPTEMBER 16, 2021

In most organizations, it is common for both the CISO and CIO to have responsibilities around cybersecurity—an issue increasingly pivotal to the effective running of any modern business. Clear, defined cybersecurity ownership can prove integral to successful organizational security positioning. A recent ISACA survey of almost 3,700 global cybersecurity professionals found that while almost half (48%) of cybersecurity teams report directly into a CISO, one in four reports to the CIO.

CISO 129

CISO Cybersecurity Cybercrime 129

Quick Heal Antivirus

SEPTEMBER 16, 2021

At the start of February 2021, Bazarloader malware was in the news about its mechanism of delivering the. The post What you need to know about the BazarLoader Malware? appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Malware 129

Malware Phishing Ransomware Cybersecurity 129

eSecurity Planet

SEPTEMBER 16, 2021

OWASP security researchers have updated the organization’s list of the ten most dangerous vulnerabilities – and the list has a new number one threat for the first time since 2007. The last update was in November 2017, and the latest draft is available for peer review until the end of the year. The Open Web Application Security Project (OWASP) is a nonprofit foundation and an open community dedicated to security awareness.

Authentication 118

Authentication Penetration Testing Firewall Security Awareness 118

Quick Heal Antivirus

SEPTEMBER 16, 2021

What is Cryptocurrency? Cryptocurrency is a type of digital currency that generally only exists electronically. There is no. The post Blockchain & Fraud Prevention: Strategies to overcome the cryptocurrency scam appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Cryptocurrency 122

Cryptocurrency Scams Computers and Electronics Ransomware 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

SEPTEMBER 16, 2021

Detecting compromises by highly skilled attackers is no easy task, requiring advanced network traffic monitoring, behavioral analysis of endpoint logs, and even dedicated threat hunting teams that manually search for signs of compromise by imitating attackers. This is highlighted in a new McAfee report about a long-term compromise discovered on a customer network that started out as a simple malware infection investigation.

Manufacturing 118

Manufacturing Malware 118

CyberSecurity Insiders

SEPTEMBER 16, 2021

Is there a cloud security skills shortage? It depends on who you ask. Prior to the pandemic, the world was immersed in cloud technology – everyone, it seemed, had a migration strategy. Then the global lockdown happened. We collectively added a layer of priority to the cloud as tens of millions of people started to rely on it for work and communications in ways we hadn’t before.

Education 116

Education Technology Cybersecurity CISO 116

The Hacker News

SEPTEMBER 16, 2021

New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed "Seventh Inferno" (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.

110

110

CyberSecurity Insiders

SEPTEMBER 16, 2021

Next time you find your corporate database breached, just be sure that the siphoned data might already been traded on a Telegram platform. Yes, this news was confirmed by Cyber Intelligence Group named Cyberint that discovered that a large set of hacking groups were super-active in sharing data on the messaging platform, sometimes on broadcasted channels having thousands of followers.

Cyber threats 116

Cyber threats Encryption Authentication Hacking 116

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

SEPTEMBER 16, 2021

Tensions between IT teams and employees working from home threaten the security of organizations, with attempts to increase or update security for remote working regularly rebuffed in the name of business continuity. HP Inc. CISO Joanna Burkey believes security leaders must address these frictions to secure the future of the hybrid workplace. Speaking to CSO, she reflects on her experience with such issues and offers best practices for dealing with them. [ Learn the 5 key qualities of successful

CISO 111

CISO CSO Risk Cybersecurity 111

CyberSecurity Insiders

SEPTEMBER 16, 2021

Schools operating in whole of Britain will get a free cyber security tool for free from September last week. The tool will be rolled out in a testing phase to help the educational institutes in accessing the robustness of their cybersecurity measures. Come January 2022, the tool will be available for a premium price that will be enriched with more security measures that can help them scan for ransomware and other malware related invasions on a school computer network.

Cybersecurity 115

Cybersecurity Education Cyber Risk Cyber threats 115

Security Boulevard

SEPTEMBER 16, 2021

While we’re seeing more data breaches than in years past, being proactive can make an enormous difference. Head-in-sand is not the optimal position for any modern organization with a network-based infrastructure. Education about the nature of modern data breaches is a great place to start. The post 10 Eye-Opening Data Breach Statistics (and How You Can Better Protect Your Network) appeared first on Security Boulevard.

Data breaches 108

Data breaches Education Data privacy Ransomware 108

PCI perspectives

SEPTEMBER 16, 2021

The Implementing ISO Format 4 PIN Blocks Information Supplement provides guidance to help?PIN acquiring entities with the planning, migration, and testing of the implementation of ISO Format 4 PIN blocks in conformance with the requirements in the PCI PIN Standard. This document contains information that may be useful in migrating to the Advanced Encryption Standard (AES).

Encryption 108

Encryption 108

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SecureList

SEPTEMBER 16, 2021

This summer, several events that were postponed from 2020 due to the pandemic took place. Some of them interested children, while others barely registered by them. It is worth noting that children’s hobbies typically do not change from winter to summer — the only difference is that they devote more time to them during the summer vacation. In line with their typical habits, in summer 2021 children spent time watching their favorite YouTube bloggers, playing games, watching cartoons and list

Accountability 106

Accountability Mobile Media Banking 106

Cisco Security

SEPTEMBER 16, 2021

Improving efficiency for the Cisco team in the Black Hat USA NOC. As a proud partner of the Black Hat USA NOC , Cisco deployed multiple technologies along with the other Black Hat NOC partners to build a stable and secure network for the conference. We used Cisco Secure Malware Analytics to analyze files and monitor any potential PII leaks. We also used Meraki SM to manage over 300 iPads used around the venue for registration, as well as sales lead generation.

DNS 106

DNS Authentication Technology Malware 106

TrustArc

SEPTEMBER 16, 2021

On this week of Serious Privacy, Paul Breitbarth and K Royal connect with Romain Robert, the program director and a senior lawyer for noyb, who is actively participating in their research and litigation strategy. Romain is also a member of the litigation chamber of the Belgian Data Protection Authority and previously worked as legal advisor for both the Belgian DPA […].

105

105

Bleeping Computer

SEPTEMBER 16, 2021

Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw. [.].

Ransomware 109

Ransomware 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

SEPTEMBER 16, 2021

Ransomware developers have powerful financial incentives to continue adding new features to their code. From developers to affiliates, these malicious pieces of software enrich countless cyber criminals at great expense to victims , and will likely continue to do so into the future. The average ransom demand has climbed more than 500% between 2020 and 2021, and the average payout has spiked 82% in that same period according to research from Unit 42.

Ransomware 104

Ransomware Software 104

Threatpost

SEPTEMBER 16, 2021

Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,

DDOS 103

DDOS 103

The Hacker News

SEPTEMBER 16, 2021

Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.

Phishing 99

Phishing 99

SecureList

SEPTEMBER 16, 2021

Summary. Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers create a document with a specially-crafted object. If a user opens the document, MS Office will download and execute a malicious script.

Engineering 99

Engineering Telecommunications Internet Internet 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.