Tue.Jan 31, 2023

article thumbnail

Ransomware Payments Are Down

Schneier on Security

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.

article thumbnail

CIOs hold greater organizational leadership status

Tech Republic Security

Foundry’s study found the role has been significantly elevated because of the economy, and CIOs are recognized as strategic business partners by their LOB peers. The post CIOs hold greater organizational leadership status appeared first on TechRepublic.

161
161
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why Traditional Approaches Don’t Work for API Security

Security Boulevard

API sprawl, which Brian Otten, VP of the digital transformation catalysts division with Axway, defined as “an uncontrolled proliferation of APIs in an organization,” is creating a flood of new security headaches for organizations. One of the biggest problems in providing security for APIs is that sprawl makes them difficult to track and inventory. And.

article thumbnail

IT staff systems and data access policy

Tech Republic Security

IT pros typically have access to company servers, network devices and data so they can perform their jobs. However, that access entails risk, including exposure of confidential information and interruption in essential business services. This policy from TechRepublic Premium offers guidelines for governing access to critical systems and confidential data.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Another Password Manager Leak Bug: But KeePass Denies CVE

Security Boulevard

Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw. The post Another Password Manager Leak Bug: But KeePass Denies CVE appeared first on Security Boulevard.

article thumbnail

Russia Killnet launches DDoS attack on Netherlands and the United States

CyberSecurity Insiders

Killnet launched a Distributed Denial of Service attack(DDoS) on the healthcare websites of the United States and Netherlands, disrupting their operations for several hours. And preliminary investigations revealed that the attack was launched in retaliation for Biden’s pledge to send Abrams battle tanks to support Ukraine against Putin led nation. The University of Michigan Hospital and Stanford Health Care Center are two of the most renowned websites that were targeted in the attack, and the ca

DDOS 125

More Trending

article thumbnail

Google Fi Customer Information leaked in a Cyber Attack

CyberSecurity Insiders

Google Fi, a wireless phone plan offered only to Alphabet Inc’s subsidiary customers, has confirmed a data breach that could have occurred because of a security incident on T-Mobile servers that leaked data related to millions of customers. Only a limited portion of customer data was reportedly leaked in the attack and accessed information, such as phone numbers, account details, SIM card serial numbers, and mobile billing plan details.

article thumbnail

C++ creator Bjarne Stroustrup defends its safety

InfoWorld on Security

The creator of C++, Bjarne Stroustrup, is defending the venerable programming language after the US National Security Agency (NSA) recently recommended against using it. NSA advises organizations to use memory safe languages instead. Responding to the agency’s November 2022 bulletin on software memory safety, Stroustrup , who designed C++ in 1979, stressed decades-long efforts to enable better, safer, and more efficient C++.

Software 113
article thumbnail

IoT, connected devices biggest contributors to expanding application attack surface

CSO Magazine

The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations’ expanding attack surfaces. That’s according to a new report from Cisco AppDynamics , which revealed that 89% of global IT professionals believe their organization has experienced an expansion in its attack surface over the last two years.

IoT 111
article thumbnail

ESET APT Activity Report T3 2022

We Live Security

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T3 2022 The post ESET APT Activity Report T3 2022 appeared first on WeLiveSecurity

110
110
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Prilex modification now targeting contactless credit card transactions

SecureList

Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat we have seen so far, as described in a previous article. Forget about those old memory scrapers seen in PoS attacks. Prilex goes beyond these, and it has evolved very differently. This is highly advanced malware adopting a unique cryptographic scheme, doing real-time patching in target software, forcing protocol downgrades, manipulating cryptograms, d

Retail 105
article thumbnail

Ultimate Guide to OWASP API Top 10

Appknox

The OWASP API Top 10 is a list of common vulnerabilities found in APIs. OWASP created it as a resource for developers, testers, and security professionals to help them understand how to protect against API threats.

105
105
article thumbnail

Guardz debuts with cybersecurity-as-a-service for small businesses

CSO Magazine

Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed funding and the broad availability of its flagship product. The premise of the company’s main offering is tight API integration with Microsoft 365 and Google Workspace.

article thumbnail

Microsoft releases emergency updates to fix XPS display issues

Bleeping Computer

Microsoft has released out-of-band (OOB) updates for some .NET Framework and.NET versions to address XPS display issues triggered by December 2022 cumulative security updates. [.

98
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

40% of online shops tricking users with “dark patterns”

Malwarebytes

The European Commission has been looking at retail websites to see if they're misleading consumers with "dark patterns". Spoiler: Yes, they are. The Commission, along with the national consumer protection authorities of 23 EU member states, plus Norway and Iceland, have released the results of their screening of online shops. In a sweep of 399 sites the investigation discovered that 148 of them contained at least one of the three dark patterns they were checked for.

article thumbnail

CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

Security Boulevard

Learn about CVE-2022-23846, a denial-of-service-vulnerability affecting GTP libraries found in Open5GS. The post CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library appeared first on Security Boulevard.

article thumbnail

Are Your Employees Thinking Critically About Their Online Behaviors?

Dark Reading

Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices.

97
article thumbnail

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

The Hacker News

A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years.

Malware 98
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

What is Fintech as a service & the Impact of APIs on Fintech?

Security Boulevard

Introduction to Fintech as a Service (FaaS) Fintech as a Service (FaaS) is a business model that enables companies to outsource financial technology (fintech) services to a third-party provider. This model provides companies with a more flexible and cost-effective way to access fintech services and improve their financial operations. Let’s explore the concept of Fintech […] The post What is Fintech as a service & the Impact of APIs on Fintech?

article thumbnail

JD Sports reports cyber-attack impacting millions of customers

ZoneAlarm

Sportswear retailer JD Sports has confirmed that a recent cyber-attack may have resulted in the exposure of around 10 million customers’ personal data, including names, addresses, email addresses, phone numbers, order details, and the last four digits of bank cards linked to online orders placed between Nov 2018 and Oct 2020. Despite the company’s claim … The post JD Sports reports cyber-attack impacting millions of customers appeared first on ZoneAlarm Security Blog.

article thumbnail

The Evolution of Data Privacy Laws

Security Boulevard

As businesses and economies become more data-driven and digitally transformed, data privacy laws expand and strengthen around the world. Exemplifying the tightening regulatory environment is Gartner’s prediction that by 2024, 75%of the world’s population will be protected by some form of data privacy law. A more complex data privacy landscape is good news for individuals and data privacy advocates, but.

article thumbnail

Exploit released for critical VMware vRealize RCE vulnerability

Bleeping Computer

Horizon3 security researchers have released proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances. [.

98
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Case May Impact Role of Lawyers in Data Breaches and IR

Security Boulevard

On January 9, 2023, the U.S. Supreme Court heard oral arguments on a criminal tax investigation case out of California that might impact the scope and extent of attorney-client privileges in data forensic investigations. The case, called In Re Grand Jury, Dkt. No. 21-1397, involves a federal grand jury demand for records created by a law. The post Case May Impact Role of Lawyers in Data Breaches and IR appeared first on Security Boulevard.

article thumbnail

Hackers Stole GitHub Desktop and Atom Code-Signing Certificates

Heimadal Security

Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. Therefore, the company is taking the precautionary action of canceling the exposed certificates. These versions of GitHub Desktop for Mac have been rendered invalid: 3.0.2, 3.0.3, 3.0.4, 3.0.5, […] The post Hackers Stole GitHub Desktop and Atom Code-Signing Certificates appeared first on Heimdal Securi

article thumbnail

Illicit Telegram Groups: A New Dark Web Frontier?

Security Boulevard

The shady underworld of the dark web provides cybercriminals with an outlet to trade stolen information, tools, or malware, hold victims of cyber attacks to ransom, and discuss their targets and tactics. But the dark web forums that normally host illicit marketplaces and discussions are starting to lose their allure. Find out why the messaging […] The post Illicit Telegram Groups: A New Dark Web Frontier?

article thumbnail

What Is Dynamic Host Configuration Protocol (DHCP)?

Heimadal Security

DHCP, or Dynamic Host Configuration Protocol, is a network protocol that allows devices on a network to be automatically assigned an IP address. DHCP is used extensively in both home and enterprise networks, as it simplifies the process of configuring IP addresses for new devices. In this article, we will have a closer look at […] The post What Is Dynamic Host Configuration Protocol (DHCP)?

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

The Top SaaS Security Risks and Concerns to be Aware of

Security Boulevard

Learn more about how to handle the top SaaS security concerns related to visibility, risk, and access control to protect your organization’s SaaS security. The post The Top SaaS Security Risks and Concerns to be Aware of appeared first on Security Boulevard.

Risk 93
article thumbnail

Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

Dark Reading

Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.

97
article thumbnail

BrandPost: Is Your Organization Security Resilient? Here’s How to Get There

CSO Magazine

Security resilience is top of mind for the vast majority of executives; 96% say its highly important to their business, according to the Cisco Security Outcomes Report, Volume 3. And with good reason: data breaches, ransomware, and other cyberattacks continue to plague organizations. In fact, the Cisco report found that 62% of organizations have experienced a security event that affected their resilience, including: 52% experienced a network or data breach 51% suffered a network or system outage

article thumbnail

10 Million JD Sports Customers Had Their Data Exposed in a Data Breach

Heimadal Security

The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers. All the information stored in the attacked server related to purchases made between November 2018 and October 2020. Details About the Data Breach JD Sports […] The post 10 Million JD Sports Customers Had Their Data Exposed in a Data Breach appeared first on Heimdal Security Blog.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.