Anton on Security

SEPTEMBER 14, 2022

This blog / mini-paper is written jointly with Oliver Rochford. When we detect threats we expect to know what we are detecting. Sounds painfully obvious, right? But it is very clear to us that throughout the entire history of the security industry this has not always been the case. Some of us remember the early days of the network IDS intrusion detections systems were delivered without customers being able to see how the detections worked .

Threat Detection 244

Threat Detection CISO Accountability Ransomware 244

Schneier on Security

SEPTEMBER 14, 2022

People are trying to dig up dirt on Peiter Zatko, better known as Mudge. For the record, I have not been contacted. I’m not sure if I should feel slighted.

194

194

Krebs on Security

SEPTEMBER 14, 2022

This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16 , which offers a new privacy and security feature called “ Lockdown Mode.” And Adobe axed 63 vulnerabilities i

Spyware 175

Spyware Cyber threats Security Defenses Cyber Attacks 175

Tech Republic Security

SEPTEMBER 14, 2022

Lazarus, a North Korean cyberespionage group, keeps hitting energy providers in the U.S., Canada and Japan with a new malware arsenal. The post North Korean cyberespionage actor Lazarus targets energy providers with new malware appeared first on TechRepublic.

Malware 134

Malware Software 134

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

SEPTEMBER 14, 2022

Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. [.].

Authentication 142

Authentication Accountability 142

Digital Shadows

SEPTEMBER 14, 2022

Although in decline, carding has traditionally been an easy entry point into the world of cybercrime, owing to the low. The post There’s No Honor Among Thieves: Carding Forum Staff Defraud Users in an ESCROW Scam first appeared on Digital Shadows.

Scams 139

Scams Cybercrime 139

CSO Magazine

SEPTEMBER 14, 2022

A total 75% of organizations across North America, Asia Pacific and EMEA plan to consolidate the number of security vendors they use, a Gartner survey of 418 respondents found. That percentage has increased significantly, as only 29% were looking to consolidate vendors in 2020. The main reasons are an increase in dissatisfaction with operational inefficiencies and lack of integration of a heterogenous security stack, the survey found.

122

122

CyberSecurity Insiders

SEPTEMBER 14, 2022

Google Cloud has made an official announcement that it has completed the acquisition process of cybersecurity firm Mandiant for $5.4 billion. Trade analysts felt that the business purchase will help the cloud business of the web search giant mitigate risks associated with cyber threats with great confidence driven readiness. For the information of our readers, Mandiant is the same company that revealed the Solar Winds hack details to the world and uncovered the after details such as the attack i

Cyber threats 120

Cyber threats Hacking Technology Software 120

eSecurity Planet

SEPTEMBER 14, 2022

Cybercrime is a growth industry like no other. According to statistics from the FBI’s 2021 Internet Crime Report , complaints to the Internet Crime Complaint Center (IC3) have been rising since 2017. In 2021 alone, IC3 received 847,376 complaints which amounted to $6.9 billion in reported losses, up from 2020’s 791,790 complaints and $4.2 billion in reported losses.

Social Engineering 116

Social Engineering Energy and Utilities Phishing Internet 116

CyberSecurity Insiders

SEPTEMBER 14, 2022

A recent study made in the time frame of January to June this year revealed that over 1.2 million ransomware attacks were launched so far in this year. And as per an estimate, most of the targets were businesses operating in healthcare, finance, education, utilities and technology sectors. The research carried out by Barracuda networks confirmed that most cyber attacks of ransomware genre do not make it to the news headlines as the CFOs,CTOs and CIOs hide the news because of the fear of losing a

Ransomware 115

Ransomware Healthcare Insurance Education 115

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

SEPTEMBER 14, 2022

ESET researchers have uncovered another tool in the already extensive arsenal of the SparklingGoblin APT group: a Linux variant of the SideWalk backdoor. The post You never walk alone: The SideWalk backdoor gets a Linux variant appeared first on WeLiveSecurity.

108

108

Security Boulevard

SEPTEMBER 14, 2022

Attackers are like modern-day cartographers. The cartographers of old weren’t necessarily sailing the coastline of New England, drawing a map as they sailed. Instead, they talked to people who did the sailing. Before they drew a map, they picked brains, plied sailors with strong drinks, gathered information and sifted through contradictory claims to build their.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

SEPTEMBER 14, 2022

Chinese computer manufacturer Lenovo has issued a security advisory to warn its clients about several high-severity vulnerabilities impacting a wide range of products in the Desktop, All in One, Notebook, ThinkPad, ThinkServer, and ThinkStation lines. [.].

Manufacturing 98

Manufacturing 98

CSO Magazine

SEPTEMBER 14, 2022

Cybersecurity startup novoShield has launched an enterprise-grade mobile security application , designed to protect users from mobile phishing threats. Released this week for iPhones via the US and Israeli Apple app stores, novoShield’s namesake app detects malicious websites in real time and blocks users from accessing them. The software also provides users with live on-screen indicators to inform them when a website is safe to browse.

Mobile 98

Mobile Phishing Cybersecurity Software 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

SEPTEMBER 14, 2022

CISA added two new vulnerabilities to its list of security bugs exploited in the wild today, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs. [.].

98

98

Graham Cluley

SEPTEMBER 14, 2022

Windows users are once again being told to update their systems with the latest security patches from Microsoft, following the discovery of critical vulnerabilities - including ones which are already being exploited in the wild, or could be used to fuel a fast-spreading worm. Read more in my article on the Hot for Security blog.

Malware 98

Malware 98

Malwarebytes

SEPTEMBER 14, 2022

Whether your child has been socially active online for a while now or you just handed your young one their first ever smartphone, now is an excellent time to think about managing their online reputation. The concept may sound overwhelming, but doing it is easy. Since you're no doubt talking to your kids about how to keep themselves safe online, you might as well open up about online reputations and how to create or maintain a positive one.

Internet 98

Internet Internet Media Accountability 98

Security Affairs

SEPTEMBER 14, 2022

China-linked SparklingGoblin APT was spotted using a Linux variant of a backdoor known as SideWalk against a Hong Kong university. Researchers from ESET discovered a Linux variant of the SideWalk backdoor , which is a custom implant used by the China-linked SparklingGoblin APT group. The SparklingGoblin APT is believed to be a group that operated under the umbrella of the China-linked Winnti (aka APT41 ) cyberespionage group.

Malware 95

Malware Encryption Hacking Accountability 95

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

SEPTEMBER 14, 2022

A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them. [.].

Phishing 96

Phishing Passwords 96

Security Boulevard

SEPTEMBER 14, 2022

The 100+ newly introduced ransomware encryption attacks will now allow teams to simulate the actual ransomware behavior making the attack more realistic and increasing the validity of the results. The post Product Update – SafeBreach Introduces New Ransomware Encryption Attacks appeared first on SafeBreach. The post Product Update – SafeBreach Introduces New Ransomware Encryption Attacks appeared first on Security Boulevard.

Encryption 96

Encryption Ransomware 96

Bleeping Computer

SEPTEMBER 14, 2022

Microsoft says customers will see fewer Microsoft 365 update notifications because Office apps will update automatically while their computers are locked or idle. [.].

98

98

Naked Security

SEPTEMBER 14, 2022

It sounds like a scam that could never work: use a picture of browser and convince the user it's a real browser. You might be surprised.

Scams 110

Scams Phishing 110

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

SEPTEMBER 14, 2022

According to the 2022 Malwarebytes Threat review, 40M Windows business computers' threats were detected in 2021. And malware analysis is necessary to combat and avoid this kind of attack. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox. What is malware analysis?

Malware 94

Malware 94

The State of Security

SEPTEMBER 14, 2022

In an increasingly digital world, cybersecurity is a significant – and relevant – threat to individuals and companies alike. Cybercriminals are constantly devising new ways to steal information for personal gain through exploitation or ransom demands. It’s become unfortunately commonplace to hear tales of drained checking accounts, leaked photos, and private documents being published to […]… Read More.

Cybersecurity 92

Cybersecurity Accountability 92

The Hacker News

SEPTEMBER 14, 2022

A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. Slovak cybersecurity firm ESET, which detected the malware in the university's network, attributed the backdoor to a nation-state actor dubbed SparklingGoblin.

Malware 94

Malware Cybersecurity 94

Hacker Combat

SEPTEMBER 14, 2022

With an enterprise-grade iPhone protection app, mobile phishing defense firm novoShield has come out of hiding. According to novoShield, the new solution was created to shield organizations and end users against the rising amount of phishing attempts. With its real-time protection solution , novoShield seeks to address the considerable rise in cybercrime, including phishing, brought by the Covid-19 pandemic’s migration to remote work.

Mobile 91

Mobile Phishing Cybercrime Risk 91

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

SEPTEMBER 14, 2022

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.

92

92

Malwarebytes

SEPTEMBER 14, 2022

The Microsoft September 2022 Patch Tuesday includes fixes for two publicly disclosed zero-day vulnerabilities, one of which is known to be actively exploited. Five of the 60+ security vulnerabilities were rated as “Critical”, and 57 as important. Two vulnerabilities qualify as zero-days, with one of them being actively exploited. Zero-days.

System Administration 89

System Administration Authentication Internet Internet 89

Bleeping Computer

SEPTEMBER 14, 2022

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. [.].

Malware 91

Malware 91

Malwarebytes

SEPTEMBER 14, 2022

While Google Chrome still dominates as the top browser, Microsoft Edge, which is based on the Chromium source code, is gradually gaining more users. Perhaps more importantly, it is the default browser on the Microsoft Windows platform and as such some segments of its user base are of particular interest to fraudsters. We have tracked and observed a malvertising campaign on the Microsoft Edge News Feed used to redirect victims to tech support scam pages.

Scams 88

Scams Advertising Software 88

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.