Tue.Aug 30, 2022

article thumbnail

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their

Mobile 340
article thumbnail

FTC Sues Data Broker

Schneier on Security

This is good news: The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. “Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locatio

Risk 294
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hackers hide malware in James Webb telescope images

Bleeping Computer

Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. [.].

Malware 145
article thumbnail

A study on malicious plugins in WordPress Marketplaces

Security Affairs

A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites. A team of researchers from the Georgia Institute of Technology has analyzed the backups of more than 400,000 unique web servers and discovered 47,337 malicious plugins installed on 24,931 unique WordPress websites. The experts studied the evolution of CMS plugins in the production web servers dating back to 2012, to do this they developed an automated framework na

Backups 144
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Chrome extensions with 1.4 million installs steal browsing data

Bleeping Computer

Threat analysts at McAfee found five Google Chrome extensions that steal track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times. [.].

144
144
article thumbnail

A new Google bug bounty program now covers Open Source projects?

Security Affairs

Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source projects of the IT giant. The company will pay up to $31,337 for vulnerabilities in its projects, while its lowest payout will be $100.

Software 142

LifeWorks

More Trending

article thumbnail

Three campaigns delivering multiple malware, including ModernLoader and XMRig miner

Security Affairs

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners. Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims.

Malware 141
article thumbnail

Boots lets down its customers, by only offering SMS-based 2FA

Graham Cluley

I must admit I was delighted to receive an email today from UK high street pharmacy Boots telling me I should enable two-factor authentication on my account. Boots customers would have benefited from two-factor authentication a couple of years ago, when hackers attempted to gain access to customers’ Boots Advantage Card accounts, and temporarily stopped … Continue reading "Boots lets down its customers, by only offering SMS-based 2FA".

article thumbnail

Cryptocurrency Mining Campaign Goes Undetected Since 2019

Heimadal Security

An ongoing cryptocurrency mining campaign that developed undetected since 2019 has been attributed to a Turkish-speaking agent called Nitrokod. The mining campaign managed to make 111.000 victims until now, and all of them were fooled by its ability to mimic a desktop extension for Google Translate, for example. A list of countries affected includes the […].

article thumbnail

Why Do You Need a Bot Protection Solution for Your Business?

CyberSecurity Insiders

[ This article was originally published here by Indusface.com ]. Data from a recent report revealed that bots take up two-thirds of internet traffic. However, not all bots are safe and well-intentioned. Research further suggests that of all the web traffic, nearly 40% is bad bot traffic, and around 25% is good bot traffic. Given how destructive bad bots are, it is essential to use a bot protection solution to detect bad bots, manage bot traffic, and mitigate bot threats.?

Marketing 129
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

How to Support Agile Development Through Cybersecurity Best Practices

Security Boulevard

Understanding other people’s problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly and easily to stay ahead of their competition. They want to be able to embrace […]. The post How to Support Agile Development Through Cybersecurity Best Practices appeared first on Blog.

article thumbnail

Nvidia partners with Dell and VMware for faster AI systems

CSO Magazine

New vSphere paired with Nvidia DPUs will speed up data center performance.

127
127
article thumbnail

2.5M People Had Their Student Loan Accounts Data Stolen

Heimadal Security

About 2,501,324 individuals have been affected by a breach in the network of Nelnet Servicing, a technology services providing company. The malicious actors have stolen data about student loan accounts from Oklahoma Student Loan Authority (OSLA) and EdFinancial, two clients of Nelnet Servicing. Oklahoma Student Loan Authority and EdFinancial were using technology solutions from Nelnet […].

article thumbnail

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

The Hacker News

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Smart Cities Need to Keep Cybersecurity in Mind – Techstrong TV

Security Boulevard

Karen, Senior Cybersecurity Strategist at VMware, and Charlene discuss smart city cybersecurity—why security is not baked into smart city infrastructure tech from the beginning, what the major vulnerabilities are, and how we go forward from here. The video is below followed by a transcript of the conversation. Charlene O’Hanlon: Hey, everybody, welcome back to Techstrong.

article thumbnail

Automation is the ultimate cloud security tip

InfoWorld on Security

I’ve written about cloud security many times, including this post from 2021. The report I referenced found that misconfigured cloud servers caused 19% of data breaches. Corroborative data is available from public cloud providers that fight this daily. Microsoft analyzed the anonymized data of real cyberthreat activity and, according to the company’s Cyber Signals report , found that more than 80% of ransomware attacks can be traced to common configuration errors in software and devices.

article thumbnail

Google Introduces Open Source Bug Bounty Program

SecureWorld News

Google has announced a new bug bounty program called the Open Source Software Vulnerability Rewards Program (OSS VRP) , which will pay security researchers for finding flaws in Google's open source projects. Google is one of the world's largest open source contributors, as it maintains big time projects such as Golang, Angular, and Fuchsia. Google plans to pay out rewards ranging from $100 to $31,337 depending on the severity of the vulnerability and the project's importance.

Software 116
article thumbnail

FBI Issues Warning About Increase in Attacks Against DeFi Platforms

Hacker Combat

The FBI has issued a warning about an uptick in hacks aimed at stealing cryptocurrencies from decentralised finance (DeFi) services. The government claims that criminals are using the rising popularity of cryptocurrencies, the open source nature of DeFi platforms, and their intricate functionality to carry out malicious deeds. According to the FBI, cybercriminals are taking advantage of security holes in the smart contracts controlling DeFi platforms to steal virtual currency and defraud investo

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

What is Cheaper? Open-Source vs. Commercialized Mobile App Security Testing Tools

Appknox

When choosing automated mobile app security testing tools, mobile app development companies have two options: open-source and commercialized tools. But which one should you go for? Or, to be more precise, which one’s cheaper? If you have these questions on your mind, you’ve come to the right place.

Mobile 113
article thumbnail

Russian streaming platform confirms data breach affecting 7.5M users

Bleeping Computer

Russian media streaming platform 'START' (start.ru) has confirmed rumors of a data breach impacting millions of users. [.].

article thumbnail

Phishing Campaign Targets PyPI Users to Distribute Malicious Code

Dark Reading

The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process.

Phishing 109
article thumbnail

Microsoft Azure outage knocks Ubuntu VMs offline after buggy update

Bleeping Computer

Microsoft Azure customers' virtual machines (VMs) running Ubuntu 18.04 have been taken offline by an ongoing outage caused by a faulty systemd update. [.].

111
111
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

3 Cybersecurity Trends for 2022

IT Security Guru

As cyber criminals continue to employ increasingly sophisticated methods to breach security protocols within organizations, cybersecurity will remain a major concern for businesses of all sizes. As such, the cost of cybercrime is set to increase with the global cybersecurity market estimated to reach $403.01 billion by 2027 with a compound annual growth rate (CAGR) of 12.5%.

article thumbnail

Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger

CSO Magazine

Researchers have discovered a new multi-stage malware delivery campaign that relies on legitimate application installers distributed through popular software download sites. The malicious payload delivery, which includes a cryptocurrency mining program, is done in stages with long delays that can add up to almost a month. "After the initial software installation, the attackers delayed the infection process for weeks and deleted traces from the original installation," researchers from security fi

Malware 109
article thumbnail

0ktapus/‘Scatter Swine’ Hacking Gang Stole 10,000 Corp Logins via Twilio

Security Boulevard

More on the Twilio débâcle from earlier this month: Researchers reveal the hackers swiped at least 9,931 user credentials from more than 130 organizations. The post 0ktapus/‘Scatter Swine’ Hacking Gang Stole 10,000 Corp Logins via Twilio appeared first on Security Boulevard.

Hacking 105
article thumbnail

Key takeaways from the Open Cybersecurity Schema Format

CSO Magazine

One of the most pervasive challenges in the current cybersecurity environment is an overabundance of tooling vendors, all of which produce telemetry or data, often in their own native or nuanced schema or format. As cybersecurity’s visibility has risen in organizations, so has the number of cybersecurity vendors and tools that teams need to integrate, implement and govern.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Forrester: CISO Budgets Not Immune to Cuts

Security Boulevard

With looming pullbacks in enterprise technology budgets—including, potentially, security budgets—despite rising digital attacks, regulatory pressure, increasing enterprise business-technology architectural complexity and a shortage of staff with specialized cybersecurity skills, CISOs and their peers are heading into one of the most challenging times they’ve faced.

CISO 105
article thumbnail

World’s largest distributors of books Baker & Taylor hit by ransomware

Security Affairs

Baker & Taylor, one of the world’s largest distributors of books, revealed that it was hit by a ransomware attack. Baker & Taylor, one of the world’s largest distributors of books worldwide, suffered a ransomware attack on August 23. The incident impacted the company’s phone systems, offices, and service centers. pic.twitter.com/QcFEEaALlL — Baker and Taylor (@BakerandTaylor) August 23, 2022.

article thumbnail

Building a Strong SOC Starts With People

Dark Reading

A people-first approach reduces fatigue and burnout, and it empowers employees to seek out development opportunities, which helps retention.

101
101
article thumbnail

Tackling the Growing and Evolving Digital Attack Surface: 2022 Midyear Cybersecurity Report

Trend Micro

This blog entry highlights the threats that dominated the first six months of the year, which we discussed in detail in our midyear cybersecurity roundup report, “Defending the Expanding Attack Surface.”.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!