Krebs on Security
SEPTEMBER 9, 2022
Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions.
Schneier on Security
SEPTEMBER 9, 2022
Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don’t have an ongoing relationship with the hardware and software providers that protect their funds—nor do they have an incentive to update security on a regular bas
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 9, 2022
Jack Wallen ponders the rising tide of Linux malware and offers advice on how to help mitigate the issue. The post The rise of Linux malware: 9 tips for securing the OSS appeared first on TechRepublic.
The Hacker News
SEPTEMBER 9, 2022
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 9, 2022
The lack of transparency could be cause for concern, but the data stolen is not high value. The post Impact of Samsung’s most recent data breach unknown appeared first on TechRepublic.
Security Affairs
SEPTEMBER 9, 2022
Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA). After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were offered for sale on the darkweb, the Portuguese agency discovered it has suffered a cyberattack. The Armed Forces General Staff (Portuguese: Estado-Maior-General das Forças Armadas), or EMGFA, is the supreme military body of Portugal.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 9, 2022
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and media files.
Security Boulevard
SEPTEMBER 9, 2022
Patreon, the notorious membership monetization platform, laid off its entire security team yesterday. Just like that. The post Patreon Fires its Security Team — and the Internet Freaks Out appeared first on Security Boulevard.
Graham Cluley
SEPTEMBER 9, 2022
A ransomware gang that has been increasingly disproportionately targeting the education sector is the subject of a joint warning issued by the FBI, CISA, and MS-ISAC. Read more in my article on the Tripwire State of Security blog.
eSecurity Planet
SEPTEMBER 9, 2022
Nearly a quarter of healthcare organizations hit by ransomware attacks experienced an increase in patient mortality, according to a study from Ponemon Institute and Proofpoint released today. The report , “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care,” surveyed 641 healthcare IT and security practitioners and found that the most common consequences of cyberattacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of the healthcare prov
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CSO Magazine
SEPTEMBER 9, 2022
Retailers are fast becoming the favorite targets for ransomware criminals, with two out of three companies in the sector being attacked last year, according to a new report from cybersecurity firm Sophos. Attackers were able to successfully encrypt files in more than half of the attacks. Of 422 retail IT professionals surveyed internationally, 77% said their organizations were hit by ransomware attacks in 2021.
Bleeping Computer
SEPTEMBER 9, 2022
The Armed Forces General Staff agency of Portugal (EMGFA) has suffered a cyberattack that allegedly allowed the theft of classified NATO documents, which are now sold on the dark web. [.].
Security Boulevard
SEPTEMBER 9, 2022
The rapid move to a distributed workforce during the pandemic turbocharged cloud adoption and, as a result, exponentially expanded the attack surface. Today’s digital economy mostly consists of online applications in public or private clouds. They are all connected via APIs, increasing the number of access points attackers can use to gain unauthorized access to systems.
CSO Magazine
SEPTEMBER 9, 2022
A vulnerability found in an interaction between a Wi-Fi -enabled battery system and an infusion pump for the delivery of medication could provide bad actors with a method for stealing access to Wi-Fi networks used by healthcare organizations, according to Boston-based security firm Rapid7. The most serious issue involves Baxter International’s SIGMA Spectrum infusion pump and its associated Wi-Fi battery system, Rapid7 reported this week.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
SEPTEMBER 9, 2022
Understanding Vulnerability assessment, penetration testing, and attack simulations requires a better understanding of who will be using the results and […]. The post Scanning, Testing and Simulating – Where does PTaaS Fit? appeared first on Security Boulevard.
Bleeping Computer
SEPTEMBER 9, 2022
Security researchers at Norton Labs have found that roughly eight out of ten websites featuring a search bar will leak their visitor's search terms to online advertisers like Google. [.].
Security Boulevard
SEPTEMBER 9, 2022
A recent article in Forbes Magazine by HYPR’s CEO Bojan Simic discussed the cybersecurity skills gap and how practitioners and executives can address the technical workforce shortages. While that article highlighted why and how companies should look beyond current job experience, this post looks holistically at how to attract talented people. It highlights what we do at HYPR to attract and retain our talented team members from a more personal approach.
Heimadal Security
SEPTEMBER 9, 2022
The North Face, an outdoor clothing brand, was the victim of a large-scale credential stuffing attack. The malicious actors managed to steal the data of 194,905 accounts on the thenorthface.com website. The attack began on July 26, 2022, but was detected only on August 11, 2022, with the administrators of the website being able to […]. The post Outdoor Clothing Brand, The North Face, Hit With Credential Stuffing Attack appeared first on Heimdal Security Blog.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
SEPTEMBER 9, 2022
CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 12 new vulnerabilities to its Known Exploited Vulnerabilities Catalog , including four vulnerabilities in D-Link routers, two Chrome zero-day issues, and a recently disclosed flaw in the QNAP Photo Station.
Security Boulevard
SEPTEMBER 9, 2022
It has never been more critical than it is today to get things right in terms of cloud safety and security when building new software. Yet many organizations are still suffering from massive breaches, vulnerabilities and supply chain attacks. According to a report released by Check Point Research, in 2021 the number of cyberattacks against. The post The Rise of Software Developers in Cloud Security appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 9, 2022
Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a unit of the Iranian actor PHOSPHORUS.
CSO Magazine
SEPTEMBER 9, 2022
Security researchers have discovered a new remote access Trojan (RAT) being used in attack campaigns this year by Lazarus, a threat actor tied to the North Korean government. The new RAT has been used alongside other malware implants attributed to Lazarus and it's mainly used in the first stages of an attack. Dubbed MagicRAT, the new Lazarus malware program was developed using Qt, a framework commonly used to develop graphical user interfaces for cross-platform applications.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
SEPTEMBER 9, 2022
US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover more than $30 million worth of cryptocurrency stolen by North Korean-linked APT group Lazarus from online video game Axie Infinity.
The Hacker News
SEPTEMBER 9, 2022
Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you're putting yourself and others at risk. API attacks are more dangerous than other breaches.
CyberSecurity Insiders
SEPTEMBER 9, 2022
Meta, that owns Facebook, was slapped with a penalty of €450m for mis-handling data related to children. The financial implication was announced on Instagram that is used by adults to share videos and images. Ireland’s Data Protection Commission (DPC) found several discrepancies in the way Instagram was handling information related to children and so slapped a penalty for allowing children to run business accounts.
Bleeping Computer
SEPTEMBER 9, 2022
A new version of the Bumblebee malware loader has been spotted in the wild, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
SEPTEMBER 9, 2022
A recently-released Surfshark report looked into global inquiries into the activities of specific accounts made by governments to service providers. The report found the United States “requests the most user data from big tech companies.” While the company characterizes government requests as “surveillance,” I prefer the term “inquiry.” The Surfshark review included 177 countries from.
Bleeping Computer
SEPTEMBER 9, 2022
The U.S. Treasury Department announced sanctions today against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for their role in the July cyberattack against the government of Albania, a U.S. ally and a NATO member state. [.].
Security Boulevard
SEPTEMBER 9, 2022
Cybersecurity has been a worldwide threat, and DDoS attacks remain a major concern. Infotech-driven businesses, small companies, and mega corporations are all potential targets of such cyberattacks, which can bring operations to a screeching halt. What is a DDoS attack? It’s a type of cyberattack aimed at overwhelming a server with malicious traffic, causing a […].
The Hacker News
SEPTEMBER 9, 2022
More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
275 
Let's personalize your content