More Russian Cyber Operations against Ukraine
Schneier on Security
JANUARY 5, 2022
Both Russia and Ukraine are preparing for military operations in cyberspace.
Schneier on Security
JANUARY 5, 2022
Both Russia and Ukraine are preparing for military operations in cyberspace.
Tech Republic Security
JANUARY 5, 2022
The Kennedy Space Center kick-started Andee Harston's career in cybersecurity. Here's how she worked her way up to overseeing the cybersecurity curriculum for Infosec.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
JANUARY 5, 2022
From social engineering to looking over your shoulder, here are some of the most common tricks that bad guys use to steal passwords. The post 5 ways hackers steal passwords (and how to stop them) appeared first on WeLiveSecurity.
Tech Republic Security
JANUARY 5, 2022
Already impacting more than 2,000 victims, the malware is able to modify a DLL file digitally signed by Microsoft, says Check Point Research.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JANUARY 5, 2022
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection. [.].
Security Boulevard
JANUARY 5, 2022
Spyderbat is making available an open source tool that scans for vulnerable versions of the Log4j log management software for Java applications on Linux systems. Seth Goldhammer, vice president of product management at Spyderbat, said the command line tool scans a Linux system to discover vulnerable versions of Log4j. These are typically harder to find.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JANUARY 5, 2022
Ransomware gangs are continuing to evolve new tactics and techniques, and organizations need to be better prepared to defend against them in 2022. In the business of extorting money from victims, bad actors are finding innovative, disruptive new ways to gain leverage and provide incentives for victims to hand over the ransom payment. The rise. The post Defending Against Modern Ransomware Tactics appeared first on Security Boulevard.
CyberSecurity Insiders
JANUARY 5, 2022
This blog was written by an independent guest blogger. Technology in healthcare has the potential to make all the difference in terms of safety outcomes. Right now, modern tech is pushing the envelope of what is possible in the doctor’s office and the patient’s home, as telehealth and artificial intelligence transform the landscape of medical care.
Security Boulevard
JANUARY 5, 2022
WhiteSource this week made good on a promise to add Log4j vulnerability remediation capabilities to both its free and commercial tools for updating open source software components. Susan St. Clair, director of product management for WhiteSource, said the Log4j remediation preset capability can find and automatically fix both direct and indirect Log4j dependencies.
Thales Cloud Protection & Licensing
JANUARY 5, 2022
Trends and Predictions for 2022 – More of the Same? madhav. Wed, 01/05/2022 - 05:12. What will 2022 bring for cybersecurity? Are we going to see more of the same as we did in 2021? During the latest Thales Security Sessions podcast , hosted by Neira Jones, I had the pleasure to discuss what we can expect in 2022 with Andy Green, CISO at Gemserv, and how the many changes have impacted the security landscape.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CyberSecurity Insiders
JANUARY 5, 2022
Hackers are found inducing Zloader Malware into Windows machines since November last year and reports are in that the malicious software tool has already targeted over 2,848 victims from 111 countries so far. Highly placed sources say that the malware has been distributed via phishing campaign by a cyber threat group named MalSmoke. Check Point researchers who discovered Zloader reiterated the fact that the said malware has capabilities to steal other sensitive info along with the feature of ind
Bleeping Computer
JANUARY 5, 2022
Microsoft says zero-touch onboarding for Microsoft Defender for Endpoint (MDE) on iOS is now available in public preview, allowing enterprise admins to silently install Defender for Endpoint automatically on enrolled devices. [.].
CyberSecurity Insiders
JANUARY 5, 2022
Going with the latest Log4j News, US Federal Trade Commission (FTC) has warned all the companies that it will take stern action against firms that fail to protect critical information related to Log4j vulnerability. Therefore, FTC is urging companies to take appropriate security measures that will help in blocking data exposure to hackers who could exploit Log4J Apache vulnerability anytime.
Webroot
JANUARY 5, 2022
Each year, as online shopping ramps up in the weeks before the holidays, so do online scams targeting the elderly. This season – in many ways unprecedented – is no different in this regard. In fact, COVID-19, Zoom meetings, vaccination recommendations and travel warnings all provide ample and unique precedent for social engineering attacks. Not surprisingly, cybercriminals often target those least able to protect themselves.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CSO Magazine
JANUARY 5, 2022
Several years ago I documented Windows updates that needed additional registry keys to be set before you are fully patched. These updates can be hard to keep track of. Microsoft recently released several more updates that need action on your part. The Microsoft Japanese security team documented several updates released in November 2021 that need more registry keys or actions taken to better protect Active Directory.
Malwarebytes
JANUARY 5, 2022
There’s a lot of concern in the cryptocurrency realm at the moment. A yield farming platform “utilizing arbitrage to gain optimal yield with low risk” has gone AWOL. Site down , Twitter account deleted , no word from the team behind it explaining what happened. Worst of all, some $10 million worth of funds have been drained leading to accusations of rug-pulling.
Security Affairs
JANUARY 5, 2022
Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. A team of academics (Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser) from the Research Institute of Computer Science and Random Systems (IRISA) have devised a new approach that analyzes electromagnetic field emanations from the Internet of Things (IoT) devices to detect highly evasive malware.
Malwarebytes
JANUARY 5, 2022
On New Year’s Eve, Seif Elsallamy ( @0x21SAFE on Twitter), a bug bounty hunter and security researcher, pointed out a phish-worthy security flaw he found on Uber’s email system. The flaw allowed anyone to send emails on behalf of Uber, meaning they would end with “ @uber.com “, just like the one below: The proof-of-concept (PoC) email that Seif sent to his Gmail account while testing the Uber email server flaw.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
JANUARY 5, 2022
The Malsmoke attack group is behind a campaign that has exploited the Microsoft e-signature verification tool to target 2,100 victims.
Bleeping Computer
JANUARY 5, 2022
A new Zloader campaign exploits Microsoft's e-signature code verification to steal user credentials from over two thousand victims in 111 countries. [.].
Security Boulevard
JANUARY 5, 2022
By Stefan Nagy This past winter, I was fortunate to have the opportunity to work for Trail of Bits as a graduate student intern under the supervision of Peter Goodman and Artem Dinaburg. During my internship, I developed Dr. Disassembler, a Datalog-driven framework for transparent and mutable binary disassembly. Though this project is ongoing, this […].
Digital Guardian
JANUARY 5, 2022
Business email compromise scams have cost companies billions over the past several years. How can businesses best protect themselves against a BEC scam? We asked a panel of experts.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Naked Security
JANUARY 5, 2022
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!
The Hacker News
JANUARY 5, 2022
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems.
Bleeping Computer
JANUARY 5, 2022
The New York State Office of the Attorney General (NY OAG) has warned 17 well-known companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks. [.].
The Hacker News
JANUARY 5, 2022
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Threatpost
JANUARY 5, 2022
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
The Hacker News
JANUARY 5, 2022
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby's Realty that involved injecting malicious skimmers to steal sensitive personal information.
Security Boulevard
JANUARY 5, 2022
A CISO’s job can be one of the most stressful in cybersecurity. It can sometimes feel like an avalanche of responsibilities, all in the pursuit of keeping an organization safe. The problem more often than not comes down to the issue of obtaining funding for new technology that can make the job easier. In reality, CISOs can’t […]… Read More. The post Tips, Advice, and Insights on Achieving Buy-in for Cybersecurity Projects appeared first on The State of Security.
The Hacker News
JANUARY 5, 2022
Cybersecurity researchers have taken the wraps of an organized financial-theft operation undertaken by a discreet actor to target transaction processing systems and siphon funds from entities primarily located in Latin America for at least four years.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Let's personalize your content