Joseph Steinberg

SEPTEMBER 6, 2022

It is not a secret that the American people remain in danger of massive, crippling cyberattacks that could impact financial services, utilities, health care, and just about every other area of modern life. What is not often discussed about the danger, however, is that one of the primary reasons that the United States, as a country, remains ill-prepared for fending off cyberattacks, is that decentralized State and Local government agencies, and not the centralized Federal government, run or overs

Government 331

Government Artificial Intelligence Cybersecurity Financial Services 331

The Last Watchdog

SEPTEMBER 6, 2022

Network security has been radically altered, two-plus years into the global pandemic. Related: ‘ Attack surface management’ rises to the fore. The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Criminal hacking collectives are thriving, more than ever.

Cloud Migration 188

Cloud Migration Cybersecurity Marketing CISO 188

Bleeping Computer

SEPTEMBER 6, 2022

A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [.].

Phishing 142

Phishing Authentication 142

CSO Magazine

SEPTEMBER 6, 2022

In-app browsers can pose significant security risks to businesses, with their tendency to track data a primary concern. This was highlighted in recent research which examined how browsers within apps like Facebook, Instagram and TikTok can be a data privacy risk for iOS users. Researcher Felix Krause detailed how popular in-app browsers inject JavaScript code into third-party websites, granting host apps the ability to track certain interactions, including form inputs like passwords and addresse

Risk 137

Risk Data privacy Passwords 137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

SEPTEMBER 6, 2022

Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files. The post Worok: The big picture appeared first on WeLiveSecurity.

136

136

CSO Magazine

SEPTEMBER 6, 2022

What is Heartbleed? Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it was present on thousands of web servers, including those running major sites like Yahoo. OpenSSL is an open source code library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability meant that a malicious user could easily trick a vulnerable web server into sending sensitive information, including usernames and passwords.

Encryption 127

Encryption Passwords 127

The State of Security

SEPTEMBER 6, 2022

WhatsApp is ranked as the most popular mobile messenger app in the world. In fact, there are two billion active users on the app. This is an incredibly large audience. Unfortunately, it is also a huge number of potential victims for criminals to target. Cybercriminals are increasingly using WhatsApp as the medium for their attacks, […]… Read More.

Scams 113

Scams Mobile Phishing Cybercrime 113

CyberSecurity Insiders

SEPTEMBER 6, 2022

TikTok, a sensation among the teenage folks, especially the dancing loving females, has stuck in a latest data breach controversy. According to a user named BlueHornet who tweeted on September 4th,2022, an exposed server named ‘Cabinet’ has led to the data breach of over 34GB worth of data and it could be more, as the breach history unfolds more. Despite clear-cut denial of TikTok, those who accessed the data leaked by a cloud storage platform have confirmed that the information truly belongs to

Data breaches 105

Data breaches Technology Cybersecurity 105

Security Boulevard

SEPTEMBER 6, 2022

August was another busy month in the cyberworld. From email security news headlines and hot cybersecurity news, here’s our monthly news round-up. At the beginning of the month, researchers found that North Korean hackers used malware to read and download emails and attachments. Another email cybersecurity news story was connected to a cyberattack on Spain’s […].

Malware 104

Malware Cybersecurity 104

CyberSecurity Insiders

SEPTEMBER 6, 2022

Samsung has issued an apology for the latest data breach that affected a small portion of its US Customers leaking data such as demographic info, DoBs, product registration info, contact and names. The company has urged its customers to stay assured that the attack did not affect the information such as social security numbers and debit and credit card numbers.

Data breaches 104

Data breaches Accountability Ransomware Cybersecurity 104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

SEPTEMBER 6, 2022

We recently ran a survey to get a better understanding of the state of WordPress security. The survey was open to everyone and included several WordPress security-related questions. This report details our findings. The post WordPress security survey results 2022 appeared first on WP White Security. The post WordPress security survey results 2022 appeared first on Security Boulevard.

104

104

Heimadal Security

SEPTEMBER 6, 2022

On Friday, September 2, 2022, information emerged on a hacking forum about a data breach that affected TikTok and WeChat social networks. Representatives of TikTok denied firmly the allegation of stolen data. The claim was made by AgainstTheWest, a hacking group that posted screenshots of the database which supposedly was extracted from the two companies. […].

Data breaches 101

Data breaches Hacking Cybersecurity 101

The Hacker News

SEPTEMBER 6, 2022

Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our security team investigated these claims and found no evidence of a security breach.

Data breaches 100

Data breaches Hacking 100

Dark Reading

SEPTEMBER 6, 2022

Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready.

Cloud Migration 98

Cloud Migration Ransomware Malware 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SecureList

SEPTEMBER 6, 2022

The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Since then, the industry has never stopped growing. According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion , with 3 billion players globally. Such an engaged, solvent and eager-to-win audience becomes a tidbit for cybercriminals, who always find ways to fool their victims.

Mobile 98

Mobile Passwords Software Accountability 98

Security Boulevard

SEPTEMBER 6, 2022

In an earlier post we introduced readers to Workforce Cyber Intelligence. To recap briefly, Workforce Cyber Intelligence provides organizations with operational intelligence synthesized from an employee’s physical interactions with organizational assets (data, machines, applications, and peers), their intensity of work, and their peer engagement to be used to help reduce costs, find efficiencies, and streamline … Continued.

98

98

Bleeping Computer

SEPTEMBER 6, 2022

Los Angeles Unified (LAUSD), the second largest school district in the U.S., disclosed that a ransomware attack hit its Information Technology (IT) systems over the weekend. [.].

Ransomware 97

Ransomware Technology 97

Security Boulevard

SEPTEMBER 6, 2022

With Data Privacy Week in the rearview mirror, Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, and Charlene discuss some of the biggest trends in cybersecurity. The video is below followed by a transcript of the conversation. Charlene O’Hanlon: Hey, everybody. Welcome back to Techstrong TV. I’m Charlene O’Hanlon and I’m here now with.

Data privacy 98

Data privacy Cybersecurity Data breaches Security Awareness 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

SEPTEMBER 6, 2022

A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.

Antivirus 98

Antivirus Ransomware Cybercrime Banking 98

SecureList

SEPTEMBER 6, 2022

Kaspersky provides incident response services and trainings to organizations around the world. In our annual incident response report, we share our observations and statistics based on investigation of real-life incidents. The report contains anonymized data collected by the Kaspersky Global Emergency Response Team (GERT), which is our main incident response and digital forensics unit.

Data collection 97

Data collection Encryption Ransomware 97

Malwarebytes

SEPTEMBER 6, 2022

Everyone loves a good campfire story prone to exaggeration. However, when told online it’s not quite got the same effect. Long ago, sites like Myspace would play host to very certain types of messages. “Don’t open this post from Johnny Cyberhack, or your account will be stolen and your C drive will be wiped” Complete nonsense, but vague and scary hacking-themed missives will always find a receptive audience.

Hacking 95

Hacking Scams Mobile Accountability 95

Security Affairs

SEPTEMBER 6, 2022

Experts spotted new Android spyware that was used by China-linked threat actors to spy on the Uyghur community in China. Researchers from Cyble Research & Intelligence Labs (CRIL) started their investigation after MalwareHunterTeam experts shared information about a new Android malware used to spy on the Uyghur community. "The China Freedom Trap.L1986v8V.apk": fd99acc504649e8e42687481abbceb71c730f0ab032357d4dc1e95a6ef8bb7ca Seems related to some possible Uyghur targeted samples ( [li

Malware 100

Malware Spyware Mobile Banking 100

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

SEPTEMBER 6, 2022

Summary: ThreatLabz observed an update to the Ares banking trojan that introduces a domain generation algorithm (DGA), which mirrors the Qakbot DGA. Based on analyzing the malware code, there does not appear to be a direct link between these two malware families. The Ares DGA may be an effort for the threat actor to maximize the lifetime of an infection, which provides more opportunities for monetizing compromised systems through attacks such as wire fraud and ransomware.

Banking 95

Banking Malware Engineering Ransomware 95

Security Affairs

SEPTEMBER 6, 2022

Threat actors published a sample of data allegedly stolen from TikTok, but the company denies it was breached. The hacking collective AgainstTheWest recently published a post on Breach Forums message board claiming to have hacked TikTok and stolen source code and user data. The group published screenshots of an alleged stolen data, it claims to have had access to an Alibaba cloud instance containing data for both TikTok and WeChat users.

Data breaches 100

Data breaches Hacking Media Authentication 100

The Hacker News

SEPTEMBER 6, 2022

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News.

Cybercrime 94

Cybercrime Technology Malware Software 94

Security Affairs

SEPTEMBER 6, 2022

Researchers discovered a previously undocumented software control panel, named TeslaGun, used by a cybercrime gang known as TA505. Researchers from cybersecurity firm PRODAFT have discovered a previously undocumented software control panel, tracked as TeslaGun, used by a cybercrime group known as TA505. Russian TA505 hacking group , aka Evil Corp , has been active since 2014 focusing on Retail and banking sectors.

Cybercrime 98

Cybercrime Banking Malware Retail 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

SEPTEMBER 6, 2022

A transnational sextortion ring was uncovered and dismantled following a joint investigation between Interpol's cybercrime division and police in Singapore and Hong Kong. [.].

Cybercrime 93

Cybercrime 93

Security Affairs

SEPTEMBER 6, 2022

China accuses the United States of conducting tens of thousands of cyberattacks on its country, including cyberespionage campaigns. The Government of Beijing accused the United States of launching tens of thousands of cyberattacks on China. The attacks aimed at stealing sensitive data from government entities and universities. In the past, the US Government has accused China of cyberattacks against US organizations and private businesses, but Bejing always denied the claims.

Government 98

Government Hacking Passwords Cybersecurity 98

Heimadal Security

SEPTEMBER 6, 2022

SharkBot malware is back in Google Play Store where two SharkbotDopper apps were identified. The two malicious apps are “Mister Phone Cleaner” and “Kylhavy Mobile Security,” both having cumulatively over 60,000 installations. The new version – 2.25 – is targeting banking credentials of Android users and its main update is a new function designed to […].

Malware 93

Malware Banking Mobile Cybersecurity 93

Dark Reading

SEPTEMBER 6, 2022

What under-the-hood details of newly discovered attack control panel tells us about how the Evil Corp threat group manages its ServHelper backdoor malware campaigns.

Malware 96

Malware 96

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.