Schneier on Security

SEPTEMBER 26, 2022

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.

Passwords 278

Passwords Insurance Banking 278

The Last Watchdog

SEPTEMBER 26, 2022

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry. In fact, the 2022 Verizon Data Breach Investigation Report revealed an alarming 13 percent increase in ransomware attacks overall – greater than past five years combined – and the inability to properly manage identities and pri

Ransomware 179

Ransomware Passwords Data breaches Accountability 179

Tech Republic Security

SEPTEMBER 26, 2022

Jack Wallen details a recent hack and why he believes one aspect of two-factor authentication is part of the problem. The post Why 2FA is failing and what should be done about it appeared first on TechRepublic.

Authentication 186

Authentication Hacking Accountability 186

We Live Security

SEPTEMBER 26, 2022

Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again). The post What happens with a hacked Instagram account – and how to recover it appeared first on WeLiveSecurity.

Accountability 145

Accountability Hacking 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

SEPTEMBER 26, 2022

In August, Patrick Hillman, chief communications officer of blockchain ecosystem Binance, knew something was off when he was scrolling through his full inbox and found six messages from clients about recent video calls with investors in which he had allegedly participated. “Thanks for the investment opportunity,” one of them said. “I have some concerns about your investment advice,” another wrote.

Cryptocurrency 143

Cryptocurrency Scams 143

The State of Security

SEPTEMBER 26, 2022

For the record, it should be acknowledged from the start that there is no question that the cybersecurity landscape has improved over time, mostly courtesy of persistent increases in cyber spending year after year. Gartner estimates that the U.S. and the rest of the world will invest $172 billion in cybersecurity this year, up from $150 […]… Read More.

Cybersecurity 140

Cybersecurity Security Awareness 140

CSO Magazine

SEPTEMBER 26, 2022

Reliance on VPNs for remote access is putting enterprises at significant risk as social engineering , ransomware , and malware attacks continue to advance, exposing businesses to greater risk, according to a new report by cloud security company Zscaler.

Social Engineering 127

Social Engineering Engineering Risk Ransomware 127

CyberSecurity Insiders

SEPTEMBER 26, 2022

Staffing shortages in some industries have worsened since the COVID-19 pandemic began wreaking havoc in 2020, especially in cybersecurity. Cyberattacks have increased in many sectors, primarily targeting education and healthcare. What can employers do for their businesses with attacks rising alongside the widening cybersecurity skills gap? What Is the Cybersecurity Skills Gap?

Cybersecurity 122

Cybersecurity Education Artificial Intelligence Phishing 122

Security Boulevard

SEPTEMBER 26, 2022

First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here and others indicated in references section below. On Thursday this week, Australia’s second-largest telecom company , Optus, announced it had suffered a major data breach that had compromised sensitive customer information.

InfoSec 120

InfoSec Cryptocurrency Data breaches Accountability 120

The Hacker News

SEPTEMBER 26, 2022

Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones.

Network Security 122

Network Security Technology Cybersecurity 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

SEPTEMBER 26, 2022

Securing machine identities is a rising concern for enterprises and cybersecurity leaders venturing into the relatively new terrain of the Internet of Things. The post Why the Internet of Things Needs PKI appeared first on Keyfactor. The post Why the Internet of Things Needs PKI appeared first on Security Boulevard.

Internet 112

Internet Internet Cybersecurity 112

Cisco Security

SEPTEMBER 26, 2022

As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Providing assurance that residual risk posture falls within business risk tolerance is critical to Cisco’s Audit Committee and executive leadership team, especially during the mergers and acquisitions (M&A) process. . Bolotin champions the continued advancement of the technology audit profession and received a master’s degree in cybersecurity from the University of Cali

Risk 113

Risk Cybersecurity Technology InfoSec 113

CSO Magazine

SEPTEMBER 26, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published a new Cybersecurity Advisory (CSA) for protecting operational technology (OT) and industrial control systems (ICS). The CSA outlines the Tactics, Techniques and Procedures (TTPs) malicious actors use to compromise OT/ICS assets and recommends security mitigations that owners and operators should implement to defend systems.

Technology 110

Technology Cybersecurity Risk 110

Security Affairs

SEPTEMBER 26, 2022

China-linked cyberespionage group TA413 exploits employ a never-before-undetected backdoor called LOWZERO in attacks aimed at Tibetan entities. A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat) , is exploiting recently disclosed flaws in Sophos Firewall (CVE-2022-1040) and Microsoft Office ( CVE-2022-30190 ) to deploy a never-before-detected backdoor called LOWZERO in attacks aimed at Tibetan entities.

Firewall 108

Firewall Phishing Malware Hacking 108

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

SEPTEMBER 26, 2022

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities.

Firewall 99

Firewall 99

Security Affairs

SEPTEMBER 26, 2022

Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample of malware classified as the.NET exfiltration tool Exmatter.

Ransomware 109

Ransomware Encryption Malware Hacking 109

The Hacker News

SEPTEMBER 26, 2022

Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests.

Accountability 96

Accountability Cybercrime Hacking 96

Malwarebytes

SEPTEMBER 26, 2022

Some new security additions and changes have been announced for users of Windows, but you’ll have to be using Windows 11 to get the most out of them. Windows 10 users may find that this is going to be a case of falling behind the herd ever so slightly. Anti-phishing tools. Enhanced phishing protection, by way of Smartscreen, is the name of the game, and Microsoft is all too happy to explain the changes.

Phishing 95

Phishing Passwords Password Management Authentication 95

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

IT Security Guru

SEPTEMBER 26, 2022

Cyber security has never been so important and in a post-pandemic world it is more important than ever. According to a recent report by Kaspersky, the number of the number of Trojan-PSW (Password Stealing Ware) detections increased by almost a quarter globally – 4,003,323 in 2022 compared to 3,029,903 in 2021. In addition, internet attacks also grew from 32,500,00 globally in 2021 to almost 35,400,000 in 2022.

Cyber threats 98

Cyber threats Cybercrime Government Education 98

CSO Magazine

SEPTEMBER 26, 2022

ZecOps protects world-leading enterprises, governments, and individuals; Jamf has acquired it to help secure the enterprise.

Government 113

Government 113

Bleeping Computer

SEPTEMBER 26, 2022

Security researchers have discovered 75 applications on Google Play and another ten on Apple's App Store engaged in ad fraud. Collectively, they add to 13 million installations. [.].

Adware 92

Adware 92

The Hacker News

SEPTEMBER 26, 2022

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach.

Malware 110

Malware Ransomware Backups Software 110

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

SEPTEMBER 26, 2022

The Ukrainian military intelligence service warned today that Russia is planning "massive cyber-attacks" targeting the critical infrastructure of Ukraine and its allies. [.].

Cyber Attacks 92

Cyber Attacks 92

The Hacker News

SEPTEMBER 26, 2022

Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switch will not go live for all users in 2023.

Accountability 90

Accountability Technology 90

Heimadal Security

SEPTEMBER 26, 2022

The National Security Agency (NSA) together with the Cybersecurity and Infrastructure Agency (CISA) have issued an advisory that outlines what the operators of critical infrastructure should how to deal with cyberattacks, on operational technology and industrial control system assets. The advisory in the light of recent cyberattacks launched on Ukraine’s energy grid and ransomware against […].

Technology 88

Technology Ransomware Cybersecurity 88

Graham Cluley

SEPTEMBER 26, 2022

Could the 16-year-old arrested in Oxford in March now be the 17-year-old arrested in Oxfordshire and charged with breaching his bail conditions?

Hacking 100

Hacking Data breaches 100

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

SEPTEMBER 26, 2022

It won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers.

106

106

The Hacker News

SEPTEMBER 26, 2022

At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant.

Cyber threats 81

Cyber threats 81

Security Boulevard

SEPTEMBER 26, 2022

How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Third case: Twitter API keys are used to pump an altcoin. The post Thinking Like a Hacker: Commanding a Bot Army of Leaked Twitter Accounts appeared first on Security Boulevard.

Accountability 78

Accountability 78

Heimadal Security

SEPTEMBER 26, 2022

Exmatter, a well-known data exfiltration malware used by the BlackMatter ransomware group, has been spotted operating a new tactic. The malware was upgraded with data corruption functionality which might show a switch in the field of ransomware attacks with hackers preferring deserting the encryption tactic. How Data Corruption Works The new data corruption tactic was […].

Ransomware 79

Ransomware Encryption Malware Cybersecurity 79

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.