Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their

Mobile 274

Mobile Phishing Authentication Accountability 274

Schneier on Security

AUGUST 30, 2022

This is good news: The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. “Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locatio

Risk 216

Risk 216

Bleeping Computer

AUGUST 30, 2022

Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. [.].

Malware 145

Malware Phishing 145

We Live Security

AUGUST 30, 2022

Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? The post TikShock: Don’t get caught out by these 5 TikTok scams appeared first on WeLiveSecurity.

Scams 138

Scams Media 138

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

AUGUST 30, 2022

Threat analysts at McAfee found five Google Chrome extensions that steal track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times. [.].

144

144

CyberSecurity Insiders

AUGUST 30, 2022

[ This article was originally published here by Indusface.com ]. Data from a recent report revealed that bots take up two-thirds of internet traffic. However, not all bots are safe and well-intentioned. Research further suggests that of all the web traffic, nearly 40% is bad bot traffic, and around 25% is good bot traffic. Given how destructive bad bots are, it is essential to use a bot protection solution to detect bad bots, manage bot traffic, and mitigate bot threats.?

Marketing 129

Marketing DDOS Advertising Phishing 129

Security Boulevard

AUGUST 30, 2022

Understanding other people’s problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly and easily to stay ahead of their competition. They want to be able to embrace […]. The post How to Support Agile Development Through Cybersecurity Best Practices appeared first on Blog.

Cybersecurity 127

Cybersecurity Software 127

Heimadal Security

AUGUST 30, 2022

An ongoing cryptocurrency mining campaign that developed undetected since 2019 has been attributed to a Turkish-speaking agent called Nitrokod. The mining campaign managed to make 111.000 victims until now, and all of them were fooled by its ability to mimic a desktop extension for Google Translate, for example. A list of countries affected includes the […].

Cryptocurrency 123

Cryptocurrency Cybersecurity 123

Security Affairs

AUGUST 30, 2022

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners. Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims.

Malware 121

Malware Cryptocurrency Hacking Technology 121

Security Boulevard

AUGUST 30, 2022

Karen, Senior Cybersecurity Strategist at VMware, and Charlene discuss smart city cybersecurity—why security is not baked into smart city infrastructure tech from the beginning, what the major vulnerabilities are, and how we go forward from here. The video is below followed by a transcript of the conversation. Charlene O’Hanlon: Hey, everybody, welcome back to Techstrong.

Cybersecurity 117

Cybersecurity 117

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

InfoWorld on Security

AUGUST 30, 2022

I’ve written about cloud security many times, including this post from 2021. The report I referenced found that misconfigured cloud servers caused 19% of data breaches. Corroborative data is available from public cloud providers that fight this daily. Microsoft analyzed the anonymized data of real cyberthreat activity and, according to the company’s Cyber Signals report , found that more than 80% of ransomware attacks can be traced to common configuration errors in software and devices.

Data breaches 116

Data breaches Ransomware Software Risk 116

Appknox

AUGUST 30, 2022

When choosing automated mobile app security testing tools, mobile app development companies have two options: open-source and commercialized tools. But which one should you go for? Or, to be more precise, which one’s cheaper? If you have these questions on your mind, you’ve come to the right place.

Mobile 113

Mobile Penetration Testing 113

Bleeping Computer

AUGUST 30, 2022

China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet. [.].

Malware 109

Malware Media Government 109

CSO Magazine

AUGUST 30, 2022

Researchers have discovered a new multi-stage malware delivery campaign that relies on legitimate application installers distributed through popular software download sites. The malicious payload delivery, which includes a cryptocurrency mining program, is done in stages with long delays that can add up to almost a month. "After the initial software installation, the attackers delayed the infection process for weeks and deleted traces from the original installation," researchers from security fi

Malware 109

Malware Cryptocurrency Software Technology 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

AUGUST 30, 2022

Microsoft Azure customers' virtual machines (VMs) running Ubuntu 18.04 have been taken offline by an ongoing outage caused by a faulty systemd update. [.].

114

114

CSO Magazine

AUGUST 30, 2022

One of the most pervasive challenges in the current cybersecurity environment is an overabundance of tooling vendors, all of which produce telemetry or data, often in their own native or nuanced schema or format. As cybersecurity’s visibility has risen in organizations, so has the number of cybersecurity vendors and tools that teams need to integrate, implement and govern.

Cybersecurity 105

Cybersecurity Risk Government 105

Security Boulevard

AUGUST 30, 2022

More on the Twilio débâcle from earlier this month: Researchers reveal the hackers swiped at least 9,931 user credentials from more than 130 organizations. The post 0ktapus/‘Scatter Swine’ Hacking Gang Stole 10,000 Corp Logins via Twilio appeared first on Security Boulevard.

Hacking 104

Hacking Social Engineering Security Awareness Engineering 104

Bleeping Computer

AUGUST 30, 2022

Russian media streaming platform 'START' (start.ru) has confirmed rumors of a data breach impacting millions of users. [.].

Data breaches 125

Data breaches Media 125

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

AUGUST 30, 2022

With looming pullbacks in enterprise technology budgets—including, potentially, security budgets—despite rising digital attacks, regulatory pressure, increasing enterprise business-technology architectural complexity and a shortage of staff with specialized cybersecurity skills, CISOs and their peers are heading into one of the most challenging times they’ve faced.

CISO 104

CISO Architecture Technology Cybersecurity 104

IT Security Guru

AUGUST 30, 2022

As cyber criminals continue to employ increasingly sophisticated methods to breach security protocols within organizations, cybersecurity will remain a major concern for businesses of all sizes. As such, the cost of cybercrime is set to increase with the global cybersecurity market estimated to reach $403.01 billion by 2027 with a compound annual growth rate (CAGR) of 12.5%.

Cybersecurity 100

Cybersecurity Phishing Ransomware Marketing 100

Heimadal Security

AUGUST 30, 2022

About 2,501,324 individuals have been affected by a breach in the network of Nelnet Servicing, a technology services providing company. The malicious actors have stolen data about student loan accounts from Oklahoma Student Loan Authority (OSLA) and EdFinancial, two clients of Nelnet Servicing. Oklahoma Student Loan Authority and EdFinancial were using technology solutions from Nelnet […].

Accountability 99

Accountability Technology Cybersecurity 99

The Hacker News

AUGUST 30, 2022

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems.

Cryptocurrency 98

Cryptocurrency Malware 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

AUGUST 30, 2022

The adoption of SaaS (Software as a Service) started as far back as the 1960s, but picked up steam in the late 1990s when Salesforce introduced their CRM that used “cloud computing”. Today, there isn’t an organization that isn’t using many SaaS applications. In fact, newer organizations are completely cloud-based and only use SaaS applications, […].

Authentication 98

Authentication Software 98

CSO Magazine

AUGUST 30, 2022

The Federal Trade Commission (FTC) flexed its muscle on August 29, 2022, when it filed a lawsuit against Kochava, Inc., for harvesting, aggregating, collating, and then selling the “precise geolocation data” of millions of individuals in violation of the FTC Act. FTC complaint: Data allows tracing individuals to and from sensitive locations. The FTC explains that Kochava acquires the location data, which originated from individuals’ mobile devices, from an array of data brokers.

Mobile 98

Mobile Marketing 98

Security Boulevard

AUGUST 30, 2022

Over the last two months, hackers have stepped up attacks on academic institutions and students thereby opening a new frontier in the battle against cybercrime. Rising attacks on educational institutions could have multiple security and risk implications for the overall security of everything connected and beyond. Implications of attacks on educational institutions: New variants of […].

Education 97

Education Cybercrime Risk 97

CyberSecurity Insiders

AUGUST 30, 2022

Google Translate is turning into a crypto mining malware and has reportedly claimed about 111,000 victims from over 11 countries. Yes, what you’ve read is right! According to a research carried out by Check Point Software technologies, a Turkish firm named Nitrokod has devised free software that acts as a Google Translate Desktop software, but is actually a crypto mining malware having capabilities of evading anti-malware solutions.

Malware 94

Malware Cryptocurrency Software Banking 94

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

AUGUST 30, 2022

Lloyd's Backs Off Insurance for State-Sponsored Cyberattacks. brooke.crothers. Tue, 08/30/2022 - 15:00. 22 views. Cyber related businesses are ‘evolving risk’. Lloyds of London Ltd. issued a market bulletin dated August 16, 2022 setting out new rules for standalone cyber-attack policies that would exclude coverage for damages from state-sponsored attacks.

Insurance 95

Insurance Cyber Attacks Government Marketing 95

The Hacker News

AUGUST 30, 2022

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs.

Software 94

Software 94

Hacker Combat

AUGUST 30, 2022

The FBI has issued a warning about an uptick in hacks aimed at stealing cryptocurrencies from decentralised finance (DeFi) services. The government claims that criminals are using the rising popularity of cryptocurrencies, the open source nature of DeFi platforms, and their intricate functionality to carry out malicious deeds. According to the FBI, cybercriminals are taking advantage of security holes in the smart contracts controlling DeFi platforms to steal virtual currency and defraud investo

Cryptocurrency 93

Cryptocurrency Government Accountability Hacking 93

Dark Reading

AUGUST 30, 2022

The phishing campaign deploying a ScanBox reconnaissance framework has targeted the Australian government and companies maintaining wind turbines in the South China Sea.

Phishing 94

Phishing Government 94

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.