Mon.Aug 01, 2022

article thumbnail

Ring Gives Videos to Police without a Warrant or User Consent

Schneier on Security

Amazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent. Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from US Senator Ed Markey (D-Mass.), confirming that there have been 11 cases in 2022 where Ring complied with police “emergency” requests.

article thumbnail

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

The Last Watchdog

After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms. Related: The crucial role of ‘Digital Trust’ After numerous delays and course changes, the Matter protocol, is set to roll out this fall, in time for the 2022 holiday shopping season.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New CosmicStrand rootkit targets Gigabyte and ASUS motherboards

Tech Republic Security

A probable Chinese rootkit infects targeted computers and stays active even if the system is being reinstalled. The post New CosmicStrand rootkit targets Gigabyte and ASUS motherboards appeared first on TechRepublic.

209
209
article thumbnail

Get rich in Europe for €250 (or lose it all and your personal data)

Javvad Malik

Group-IB have published a very well researched report on fake investment scams in Europe. The scam follows a well-established set of steps:1. The bogus come-on is published on social media. 2. The victim is taken to a phony investment website. 3. The victim enters personal information in a form on the scam site. 4. A call center contacts the victim, offering more information about the fraudulent investment prospectus. 5.

Scams 113
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Over 3,200 apps leak Twitter API keys, some allowing account hijacks

Bleeping Computer

Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. [.].

article thumbnail

Average cost of data breaches hits record high of $4.35 million: IBM

CSO Magazine

The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches. The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022.

More Trending

article thumbnail

There Is an Increase in Smishing Attacks, FCC Warns

Heimadal Security

The independent agency of the United States federal government Federal Communications Commission (FCC) alerted mobile users to an uptick in SMS (Short Message Service) phishing campaigns that aim to steal their money and snatch their private data. Threat actors behind these types of attacks, also known as smishing or robotexts, may employ a variety of […].

Mobile 128
article thumbnail

Chromium Browsers Allow Data Exfiltration via Bookmark Syncing

Dark Reading

"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.

134
134
article thumbnail

Amazon Echo and Google Nest can be hacked and used to steal data

CyberSecurity Insiders

Security researchers from the consumer group ‘Which?’ have discovered that smart home products such as Google Nest and Amazon Echo smart speaker can be hacked at any moment as security patch updates have been stopped to such devices from the past three years and so they are or might have already fallen prey to hackers. Mentioning some device names, Which?

Hacking 122
article thumbnail

Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys

The Hacker News

Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News.

Mobile 123
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Twitter API Keys exposed by over 3000+ mobile applications

CyberSecurity Insiders

Security research carried out by CloudSEK has found that over 3000+ mobile applications were exposing Twitter’s API keys, thus providing access to twitter accounts fraudulently. The research also found that among those, over 230 of them belonged to newly started companies that were found leaking authentication related credentials, allowing a complete takeover of twitter accounts.

Mobile 120
article thumbnail

ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

Security Affairs

The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs and maintains high, medium and low-voltage electricity networks and high, medium and low-pressure natural gas pipelines,

article thumbnail

Winamp releases new version after four years in development

Bleeping Computer

Winamp has released its first release candidate after four years in development, officially bringing the popular media player out of beta. [.].

Media 140
article thumbnail

T Mobile to offer data priority services to first responders

CyberSecurity Insiders

After analyzing many situations like the Uvalde Texas Shooting attack that killed 19 people including 17 children and 2 adults(teachers) T Mobile has come up with a new data priority strategy applicable to all first responders across the United States. The telecom company announced that it will offer a free network upgrade to all those people acting as first responders, all for free.

Mobile 117
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

This was H1 2022 – Part 1 – The Fight Against Cybercrime

Security Boulevard

After many long lockdowns, the information technology industry woke up to a new reality. Cyber crime was too widespread and heavily resourced. Hybrid architectures had grown too complex to be able to provide adequate defense, resulting in new larger threat surfaces. To make matters worse, there was a lack of skilled security professionals who could […].

article thumbnail

Data privacy: Collect what you need, protect what you collect

CSO Magazine

Every time a user opens an app on their device, it seems they are being asked to provide both information necessary to engage with the app and far too often additional information that falls into the nice-to-have or marketing niche. Having CISOs participating in the discussions on what data is necessary for an app to function is table stakes. They should have a say in how that data is parsed to determine how it must be protected to remain in compliance with privacy laws.

article thumbnail

Backup Encryption: What It Is and Why It’s Important for Data Security

Security Boulevard

Backup encryption is the process of converting backups from plaintext to ciphertext using mathematical algorithms and encryption keys for maximum data security. The post Backup Encryption: What It Is and Why It’s Important for Data Security appeared first on Security Boulevard.

Backups 119
article thumbnail

For Big Tech, Neutrality Is Not an Option — and Never Really Was

Dark Reading

Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out.

119
119
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Threat Actors Circumvent Microsoft Efforts to Block Macros

Security Boulevard

Microsoft’s announcement that it would block macros in Microsoft Office apps by default didn’t stop threat actors—they have simply resorted to new tricks. “Threat actors across the landscape responded by shifting away from macro-based threats,” Proofpoint researchers noted in a blog post. In fact, an analysis of campaign data, “which include threats manually analyzed and.

Malware 116
article thumbnail

Heimdal™ Announces Expansion and New Office Opening in London, UK

Heimadal Security

COPENHAGEN, August 1st, 2022 – Heimdal™ today announces the opening of a new office in London, United Kingdom. This expansion enables Heimdal™ to continue its evolution as an already emerging market leader in the region. Tied to its spectacular year-over-year advancement, it was only natural for the company to enlarge and strengthen its presence in […].

Marketing 103
article thumbnail

2022 IT Operations Survey Highlights: Good, Bad and Ugly

Security Boulevard

Before the pandemic, small and midsize businesses (SMBs) were often inconsistent in their willingness and ability to adopt the latest Read More. The post 2022 IT Operations Survey Highlights: Good, Bad and Ugly appeared first on Kaseya. The post 2022 IT Operations Survey Highlights: Good, Bad and Ugly appeared first on Security Boulevard.

115
115
article thumbnail

You Need a Password Manager. Here Are the Best Ones

WIRED Threat Level

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Open source licensing shift: Fedora blocks Creative Commons CC0

Security Boulevard

Even organizations that are fully dedicated to software development don’t want to spend their time and competitive energy chasing software compliance. But ignoring changing legal requirements is dangerous. The post Open source licensing shift: Fedora blocks Creative Commons CC0 appeared first on Security Boulevard.

Software 105
article thumbnail

Black Hat USA 2022

Digital Shadows

Ready, set, connect! Black Hat 2022 is right around the corner and our team is ready to be back in. The post Black Hat USA 2022 first appeared on Digital Shadows.

article thumbnail

NSO Pegasus Spyware Developments | Avast

Security Boulevard

Last summer, we wrote about a major international investigation of the NSO Group and its Pegasus spyware. We described how it works and what you can do to protect your phone. NSO has gone through some difficult times as a result of that analysis. NSO was almost purchased by an American company that is closely linked to intelligence operations until the US Government put them, along with another Israeli spyware vendor Candiru, on a special block list that prevents both from obtaining government c

Spyware 98
article thumbnail

Wrestling star Mick Foley’s Twitter compromised, selling PS5 consoles

Malwarebytes

One of the biggest wrestling stars around, Mick Foley , had his Twitter account hijacked in an attempt to legitimize a very popular scam. When a well known individual has their social media accounts compromised, disaster looms, as everything from phishing to malware distribution waits in the wings for potential victims. But this time, we traded messages with the scammer to see what was up.

Scams 97
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Prepare for a Hacking Incident | Avast

Security Boulevard

The initial phases of a breach are often the most critical: The intruder is counting on your confusion, your lack of a plan or a clear chain of authority, and any early missteps. Given that it’s only a matter of time before a breach happens, what can you do after encountering an incident to minimize the damage? . For businesses of all sizes, incident response planning infrastructures have gotten very complex, with many interconnected relationships that might not be immediately obvious — until so

Hacking 98
article thumbnail

Have we lost the fight for data privacy? Lock and Code S03E16

Malwarebytes

At the end of 2021, Lock and Code invited the folks behind our news-driven cybersecurity and online privacy blog, Malwarebytes Labs, to discuss what upset them most about cybersecurity in the year prior. Today, we’re bringing those same guests back to discuss the other, biggest topic in this space and on this show: Data privacy. You see, in 2021, a lot has happened.

article thumbnail

Securing Your Move to the Hybrid Cloud

Threatpost

Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments.

InfoSec 97
article thumbnail

A week in security (July 25 – July 31)

Malwarebytes

Last week on Malwarebytes Labs: Update Google Chrome now! New version includes 11 important security patches Lightning Framework, modular Linux malware Malware spent months hoovering up credit card details from 300 US restaurants Lock down your Neopets account: Data breach being investigated Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR Microsoft clamps down on RDP brute-force attacks in Windows 11 SonicWall urges customers to patch critical SQL injection

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.