Javvad Malik
JULY 7, 2022
Over here in the UK we’ve had dozens of MPs (members of parliament) tender their resignation over the last day or so. While I’m not interested in politics, seeing so many resignation letters did provide me with the template to create the perfect letter. It consists of a few steps. 1. Yellow paper (not the white one peasants write on). 2.
Schneier on Security
JULY 7, 2022
Report by Georgetown’s Center on Privacy and Technology published a comprehensive report on the surprising amount of mass surveillance conducted by Immigration and Customs Enforcement (ICE). Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
JULY 7, 2022
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 ). My favorite quotes from the report follow below: “Another common tactic that continues to be observed is when bad actors actively impersonate legitimate sounding organizations (especially in journalism or education) with the objective of in
Joseph Steinberg
JULY 7, 2022
A mischievous hacker, or group of hackers, took over Disneyland’s official Instagram and Facebook accounts earlier today, and, apparently, defaced them both with a series of profane and racist posts. Walt Disney Company has confirmed the breach, which appears to have occurred around 7 AM US Eastern time. The entertainment giant stated that it responded to the incident with zeal: “We worked quickly to remove the reprehensible content, secure our accounts, and our security teams are conducting an
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 7, 2022
Cybercriminals found a way into a Shanghai National Police database, in the largest exploit of personal information in the country’s history. The post China suffers massive cybersecurity breach affecting over 1 billion people appeared first on TechRepublic.
Bleeping Computer
JULY 7, 2022
While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on "feedback" until further notice. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Malwarebytes
JULY 7, 2022
Apple has announced a new feature of iOS 16 called Lockdown Mode. This new feature is designed to provide a safer environment on iOS for people at high risk of what Apple refers to as “mercenary spyware.” This includes people like journalists and human rights advocates, who are often targeted by oppressive regimes using malware like NSO Groups’ Pegasus spyware.
Tech Republic Security
JULY 7, 2022
Since May of 2021, state-sponsored attackers have been deploying Maui ransomware in an attempt to encrypt sensitive records and disrupt services for vulnerable healthcare organizations. The post North Korean-sponsored ransomware attacks target US healthcare companies appeared first on TechRepublic.
Bleeping Computer
JULY 7, 2022
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. [.].
Tech Republic Security
JULY 7, 2022
Cybersecurity is a more significant concern nowadays as hackers have become more sophisticated and aggressive. Train for the fight against cybercrime with this training bundle. The post Train for some of today’s top cybersecurity credentials for $39 appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Heimadal Security
JULY 7, 2022
The recent incident at Marriott is not the first time the company has been the victim of a massive data breach. An incident that occurred in 2014 but was not discovered until September 2018 led to a fine of £14.4 million ($24 million) from the Information Commissioner’s Office in the United Kingdom. Names, mailing addresses, […]. The post Marriott Confirms Data Breach appeared first on Heimdal Security Blog.
Tech Republic Security
JULY 7, 2022
The ransomware has expanded its arsenal of extortion techniques, adding a search engine for cybercriminals. The post ALPHV’s ransomware makes it easy to search data from targets who do not pay appeared first on TechRepublic.
Bleeping Computer
JULY 7, 2022
A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine. [.].
Dark Reading
JULY 7, 2022
It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JULY 7, 2022
Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser. [.].
CyberSecurity Insiders
JULY 7, 2022
T Mobile’s Executive Vice President Mike Katz issued an update on his LinkedIn page, a sophisticated cyber attack resulting in data breach that apparently occurred last week targeting some of the business customers of his company. The consequences of the attack are yet to be estimated. However, Mr. Katz told that the impact of the data breach could vary by business and individual.
The State of Security
JULY 7, 2022
Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. Read more in my article on the Tripwire State of Security blog.
Security Affairs
JULY 7, 2022
Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion techniques and hooks key functions to maintain persistence on the infected systems.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
JULY 7, 2022
Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control — and millions of dollars — from personal and business accounts.
Security Affairs
JULY 7, 2022
US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are
CSO Magazine
JULY 7, 2022
The company is introducing Lockdown Mode to protect high-risk individuals against corrosive surveillance and attacks, and investing millions to improve protection on its devices.
The Hacker News
JULY 7, 2022
Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec. What can tens of thousands of machines tell us about illegal hacker activities?
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
JULY 7, 2022
You’ve done your research and looked at the various ways you can map, prioritize and remediate vulnerabilities. You clearly see that a risk-based vulnerability management (RBVM) approach is the only reasonable way to address the tsunami of vulnerabilities your organization encounters and provide the context needed for risk-based remediation decisions.
CSO Magazine
JULY 7, 2022
You only need to consider that more than 4.4 million distributed denial-of-service (DDoS) attacks occurred in the second half of 2021, to know with certainty that such attacks are always happening. It’s not a matter of if a company will be impacted by a DDoS attack, it’s a matter of when. But enterprises don’t have to cower and wait for the inevitable to occur.
The Hacker News
JULY 7, 2022
Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.
CSO Magazine
JULY 7, 2022
The National Institute of Standards and Technology’s (NIST) zero-trust security framework presents a new way of solving an age-old problem of securing networks and information, and organizations of all sizes are rethinking their security architecture, processes, and procedures to adopt zero-trust principles. According to the NIST , “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and re
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
JULY 7, 2022
The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines and triggers a memory corruption during the computation.
Threatpost
JULY 7, 2022
A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.
CSO Magazine
JULY 7, 2022
Cybersecurity skills are in short supply , and specialized cybersecurity skills are even harder to find. Take, for example, identity and access management skills, for which employers are paying an average 17% premium over base pay, according to the most recent statistics from the Foote Partners IT skills and pay index. Fortunately, for the US Department of Homeland Security (DHS), Amanda Conley is not one to shy away from resourcing rare and specialized skills.
Security Affairs
JULY 7, 2022
Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi , that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
306 
Let's personalize your content