Troy Hunt

JULY 4, 2022

Continuing the rollout of Have I Been Pwned (HIBP) to national governments around the world, today I'm very happy to welcome Poland to the service! The Polish CSIRT GOV is now the 34th onboard the service and has free and open access to APIs allowing them to query their government domains. Seeing the ongoing uptake of governments using HIBP to do useful things in the wake of data breaches is enormously fulfilling and I look forward to welcoming many more national CSIRTs in the future.

Government 280

Government Data breaches 280

CSO Magazine

JULY 4, 2022

Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. "Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh. "This year, they weren't even in the top 11.

Data breaches 145

Data breaches 145

Security Boulevard

JULY 4, 2022

Find out top 10 risks answering why SMB's are doing cyber security wrong. We have also included fixes to help you understand the cybersecurity for SMB. The post The Top 10 SMB cyber security mistakes. Find out how to fix these security risks. appeared first on Cyphere | Securing Your Cyber Sphere. The post The Top 10 SMB cyber security mistakes.

Risk 145

Risk Cybersecurity 145

We Live Security

JULY 4, 2022

One in five organizations have teetered on the brink of insolvency after a cyberattack. Can your company keep hackers at bay? The post Cyberattacks: A very real existential threat to organizations appeared first on WeLiveSecurity.

Cybersecurity 143

Cybersecurity 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

JULY 4, 2022

Over two-thirds (69%) of security leaders in Asia are confident about their organization’s cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found. The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of serv

Cybersecurity 125

Cybersecurity CISO Risk Ransomware 125

Malwarebytes

JULY 4, 2022

The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne. HackerOne acts as a mediator between white hat hackers that find software vulnerabilities, and software vendors who want to know about weaknesses in their products.

Internet 122

Internet Internet Software Accountability 122

Security Affairs

JULY 4, 2022

Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one in the country’s history. “Shangai authorities have not publicly responded to the purported hack.

Cybercrime 114

Cybercrime Data breaches Cryptocurrency Internet 114

Bleeping Computer

JULY 4, 2022

An anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000). [.].

113

113

Malwarebytes

JULY 4, 2022

In the digital era, freedom is inextricably linked to privacy. After a good start, the Internet-enabled, technological revolution we are living through has hit some bumps in the road. We have already lost a lot of control over who and what has access to our data, and there are further threats to our freedom on the horizon. It doesn’t have to be that way though, and it is not inevitable that the trend will continue.

Internet 113

Internet Internet Technology DNS 113

Daniel Miessler

JULY 4, 2022

Information Security 209

Information Security 209

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JULY 4, 2022

AstraLocker Ransomware is all set to shut down its operations as it has shifted its operations towards Cryptojacking. The hackers behind the malware have issued an official statement on this note and added that they were ready to provide a free decryption tool to their victims, if any. Already, the hackers’ group released an informal statement in February this year about their intention to shut down their malware distribution operations.

Ransomware 107

Ransomware Cryptocurrency Malware Cybersecurity 107

Security Affairs

JULY 4, 2022

Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by the IT giant in 2022. “Google is aware t

Engineering 104

Engineering Hacking Information Security 104

CyberSecurity Insiders

JULY 4, 2022

. All these days, we have seen countries and governments screeching about cyber attacks and data thefts conducted by Chinese hackers. But now, a hacker online has claimed that he/she is ready to sell about 23 terabytes of data for 10 bitcoins or $246,000 appx. The hacker named ‘ChinaDan’ also notified those interested that the information was related to 1 billion Chinese populace and was stolen from a police database of Shanghai National Police during the recent covid pandemic propelled lockdow

Surveillance 105

Surveillance Media Government Cyber Attacks 105

Malwarebytes

JULY 4, 2022

A student friend recently shared a WhatsApp message, unsure if it was scam. The message claims to offer an easy to route to free visas, housing, accommodation, and medicine access. Here’s how we know it was a scam, and where it lead. It read as follows: UK GOVERNMENT JOB RECRUITMENT 2022 : This is open to all Individuals who wants to work in UK, Here is a great chance for you all to work conveniently in the UK.

Scams 103

Scams Mobile Government 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

JULY 4, 2022

The development team behind the Django Project has addressed a high-severity SQL Injection flaw in its framework. Django is a free and open-source, Python-based web framework that follows the model–template–views (MTV) architectural pattern. Django is maintained by the independent organization Django Software Foundation. The latest releases of the framework, Django 4.0.6 and 3.2.14 , addressed a high-severity SQL Injection vulnerability tracked as CVE-2022-34265.

Architecture 102

Architecture Hacking Software Risk 102

SecureBlitz

JULY 4, 2022

Cricket is a fairly popular sport in India as well as in Bangladesh. In Bangladesh, the popularity of this discipline. Read more. The post Cricket Betting Sites In Bangladesh appeared first on SecureBlitz Cybersecurity.

Cybersecurity 101

Cybersecurity 101

Bleeping Computer

JULY 4, 2022

Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022. [.].

99

99

Security Boulevard

JULY 4, 2022

We’ve covered the dangers and necessary defenses against various scams, including romance scams , supply chain scams , financial scams , lottery scams , and vishing scams , but now we turn our attention to what could be the most personal and invasive of scams – the medical scam. The post Medical scams: Educate yourself and your loved ones appeared first on Security Boulevard.

Education 98

Education Scams 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JULY 4, 2022

Django, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability impacts Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2, with patches and new releases issued fixing the vulnerability. [.].

98

98

The Hacker News

JULY 4, 2022

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.

102

102

CyberSecurity Insiders

JULY 4, 2022

British Army released a press statement admitting a hack of its Twitter and YouTube accounts by a hacker/s on Sunday last week. The spokesperson admitted they hacked the accounts to divert web traffic to fake NFTs and Crypto currency-related scams. Hackers also defaced the profile and banner pictures with some random letters, such as ‘Bapesclan’ ‘Psssd’ and ‘Possessed’.

Accountability 91

Accountability Hacking Cryptocurrency Scams 91

The Hacker News

JULY 4, 2022

Gardeners know that worms are good. Cybersecurity professionals know that worms are bad. Very bad. In fact, worms are literally the most devasting force for evil known to the computing world. The MyDoom worm holds the dubious position of most costly computer malware ever – responsible for some $52 billion in damage. In second place… Sobig, another worm.

Malware 95

Malware Cybersecurity 95

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

InfoWorld on Security

JULY 4, 2022

In the software world, identity is the mapping of a person, place, or thing in a verifiable manner to a software resource. Whenever you interact with nearly anything on the internet, you are dealing with identities: Facebook identity. Email address. Login name and password for a website. Everyone has multiple identities—multiple ways that people know who you are and interact with you in the virtual world.

Software 88

Software Passwords Internet Internet 88

The Hacker News

JULY 4, 2022

The Cyber Police of Ukraine last week disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campaign aimed at capitalizing on the ongoing conflict.

Phishing 89

Phishing Banking 89

Security Affairs

JULY 4, 2022

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of Microsoft’s May 2022 Patch Tuesday security updates. “CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerab

Authentication 88

Authentication Risk Hacking Accountability 88

Malwarebytes

JULY 4, 2022

Last week on Malwarebytes Labs: Ransomware review: June 2022 AstraLocker 2.0 ransomware isn’t going to give you your files back YTStealer targets YouTube content creators ZuoRAT is a sophisticated malware that mainly targets SOHO routers Amazon Photos vulnerability could have given attackers access to user files and data Criminals are applying for remote work using deepfake and stolen identities, says FBI Immigration organisations targeted by APT group Evilnum Update now!

Spyware 87

Spyware Ransomware Internet Internet 87

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JULY 4, 2022

British Army's Twitter and YouTube accounts were hacked sometime yesterday and altered to promote online crypto scams. In a statement, UK's Ministry of Defence confirms it is investigating the attack. [.].

Scams 86

Scams Accountability Hacking 86

Security Affairs

JULY 4, 2022

Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one in the country’s history. “Shangai authorities have not publicly responded to the purported hack.

Data breaches 85

Data breaches Cryptocurrency Internet Internet 85

Graham Cluley

JULY 4, 2022

Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers on Sunday. Read more in my article on the Hot for Security blog.

Accountability 85

Accountability Media Phishing 85

Malwarebytes

JULY 4, 2022

A new bill entered into both the House of Representatives and the Senate proposes the strongest Federal data privacy protections yet for an increasingly scrutinized form of data in the United States—reproductive and sexual health data. The “ My Body, My Data Act of 2022 ” was announced in early June in response to a leaked draft of a Supreme Court opinion that reported to show the Court’s intentions to overturn a seminal decision from 1973 that guaranteed a Constitutional right to have a choice

Data privacy 83

Data privacy Encryption Government Technology 83

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.