Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. In addition to having cancelled finals, the district, which ranks in many surveys as being among the top 50 school districts in the country, has been forced to revert for its final days of instruction for the 201-2022 academic year to using paper, pencils, and pre-computer-era overhead projectors instead of its usual

Ransomware 344

Ransomware Artificial Intelligence Education Cybercrime 344

The Last Watchdog

JUNE 9, 2022

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing.

Identity Theft 267

Identity Theft Scams Insurance Internet 267

Schneier on Security

JUNE 9, 2022

Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting.

Authentication 237

Authentication 237

Tech Republic Security

JUNE 9, 2022

A large-scale phishing attack was uncovered by PIXM, as well as the person who had been carrying out the attacks. The post A cybercriminal stole 1 million Facebook account credentials over 4 months appeared first on TechRepublic.

Accountability 188

Accountability Phishing 188

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JUNE 9, 2022

Interesting article about civilians using smartphones to assist their militaries in wartime, and how that blurs the important legal distinction between combatants and non-combatants: The principle of distinction between the two roles is a critical cornerstone of international humanitarian law­—the law of armed conflict, codified by decades of customs and laws such as the Geneva Conventions.

Risk 181

Risk 181

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with the infected systems.

Malware 145

Malware DNS Antivirus Passwords 145

Bleeping Computer

JUNE 9, 2022

A previously unknown Chinese-speaking threat actor has been uncovered by threat analysts SentinelLabs who were able to link it to malicious activity going as far back as 2013. [.].

Hacking 127

Hacking 127

Malwarebytes

JUNE 9, 2022

Facebook is once again the launchpad for a large-scale phishing campaign, according to researchers at PIXM. The campaign, which first shows signs of life back in September 2021, has generated millions of page views and ad referral revenue “estimated to be millions of USD at this scale of operation” Credential harvesting on a grand scale.

Phishing 125

Phishing Scams Accountability Authentication 125

Security Boulevard

JUNE 9, 2022

Ethical hacking is the concept of gaining unauthorised access to systems but with the explicit permission of the system owner. Learn more about working and techniques used in ethical hacking in this article. The post What is Ethical Hacking? Working, Techniques and Jobs appeared first on Cyphere | Securing Your Cyber Sphere. The post What is Ethical Hacking?

Hacking 117

Hacking 117

The State of Security

JUNE 9, 2022

Working in the Electric Utility sector of critical infrastructure gives a person a very unique perspective on how many of the pieces of the puzzle fit together to provide uninterrupted services to a broad population. My personal experience as a software engineer in the electrical industry introduced me to the nuances that the average person […]… Read More.

Cybersecurity 116

Cybersecurity Engineering Software 116

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

JUNE 9, 2022

BlackBasta, an alleged subdivision of the ransomware group Conti , just began supporting the encryption of VMware’s ESXi virtual machines (VM) installed on enterprise Linux servers. Because more and more organizations have begun using VMs for cost-effectiveness and easier management of devices, this change in tactic makes sense. An ESXi VM is a bare-metal hypervisor software.

Ransomware 115

Ransomware Encryption Firewall Software 115

CSO Magazine

JUNE 9, 2022

Top cybersecurity vendors have joined Mandiant's newly launched Cyber Alliance Program, formed to help develop integrated security systems and share threat intelligence. The alliance, announced this week, is open to partners offering a wide variety of applications for endpoint, network, and cloud security, as well as identity, authentication, security information, and event management.

Cybersecurity 114

Cybersecurity Authentication 114

Security Boulevard

JUNE 9, 2022

Feds are gloating over their “seizure” of the notorious SSNDOB marketplace, which traded in stolen personal information. But the action seems too little, too late. The post DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’ appeared first on Security Boulevard.

Identity Theft 109

Identity Theft Social Engineering Security Awareness Engineering 109

CSO Magazine

JUNE 9, 2022

Notable incidents such as SolarWinds and Log4j have placed a focus on software supply chain security. They have also sent security teams in search of tools to ensure the integrity of software from third parties. Software use is ubiquitous, with digital platforms now accounting for 60% of GDP per the World Economic Forum (WEF). While the way we use software has and is changing the world, the methods to ensuring the integrity of software sourced from across the ecosystem is lacking.

Software 109

Software Accountability 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

JUNE 9, 2022

At a 2022 RSA Conference keynote, technologist Bruce Schneier asserted that artificial intelligence agents will start to hack human systems — and what that will mean for us.

Artificial Intelligence 105

Artificial Intelligence Hacking 105

CSO Magazine

JUNE 9, 2022

Viruses and other malware spreading for sinister or baffling reasons has been a staple of cyberpunk novels and real-life news stories alike for decades. And in truth, there have been computer viruses on the internet since before it was the internet. This article will take a look at some of the most important milestones in the evolution of malware: These entries each represent a novel idea, a lucky break that revealed a gaping security hole, or an attack that turned to be particularly damaging—an

Malware 105

Malware Internet Internet 105

Bleeping Computer

JUNE 9, 2022

Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. [.].

103

103

CSO Magazine

JUNE 9, 2022

Researchers have come across a stealthy Linux backdoor that uses sophisticated techniques to hide itself on compromised servers and steal credentials. Dubbed Symbiote because it injects itself into existing processes, the threat has been in development since at least November 2021 and seems to have been used against the financial sector in Latin America.

DNS 104

DNS Malware 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JUNE 9, 2022

The malware is using spreadsheets, documents, and other types of Microsoft Office attachments in a new and improved version that is often able to bypass email gateway-security scanners.

Banking 102

Banking Malware 102

Malwarebytes

JUNE 9, 2022

Earlier this year Malwarebytes released its 2022 Threat Review , a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the year’s alarming rebound in malware detections, and a significant shift in the balance of email threats. We are now halfway through 2022 and Malwarebytes’ Security Evangelist Adam Kujawa has been updating attendees at this year’s RSA Conference on what the report contains, and

Threat Detection 100

Threat Detection Malware Adware Accountability 100

Bleeping Computer

JUNE 9, 2022

Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network. [.].

Hacking 100

Hacking Malware 100

The Hacker News

JUNE 9, 2022

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information.

IoT 99

IoT Architecture 99

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JUNE 9, 2022

Threat analysts have discovered a new malware targeting Linux systems that operates as a symbiote in the host, blending perfectly with running processes and network traffic to steal account credentials and give its operators backdoor access. [.].

Malware 99

Malware Accountability 99

Security Boulevard

JUNE 9, 2022

Working in the Electric Utility sector of critical infrastructure gives a person a very unique perspective on how many of the pieces of the puzzle fit together to provide uninterrupted services to a broad population. My personal experience as a software engineer in the electrical industry introduced me to the nuances that the average person […]… Read More.

Cybersecurity 98

Cybersecurity Engineering Software Risk 98

Digital Guardian

JUNE 9, 2022

Read up on how Apple is getting ahead of the curve on security, how you could be targeted in a Facebook phishing scam, why a different type of cyberattack could surpass ransomware, and more all in this week’s Friday Five!

Scams 98

Scams Phishing Ransomware 98

The Hacker News

JUNE 9, 2022

Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a parasite.

Malware 98

Malware Cybersecurity 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JUNE 9, 2022

Active since 2017, Lyceum group is a state-sponsored Iranian APT group that is known for targeting Middle Eastern organizations in the energy and telecommunication sectors and mostly relying on.NET based malwares. Zscaler ThreatLabz recently observed a new campaign where the Lyceum Group was utilizing a newly developed and customized.NET based malware targeting the Middle East by copying the underlying code from an open source tool.

DNS 98

DNS Energy and Utilities Malware Telecommunications 98

Dark Reading

JUNE 9, 2022

AI works best when security professionals and AI are complementing each other.

Cybersecurity 145

Cybersecurity 145

Security Boulevard

JUNE 9, 2022

Part of the struggle in combating cyberattacks is that threat actors never stand still. Constant evolutions in tactics and threats attempt to outwit cybersecurity controls, strategies and training programs. A new threat gaining traction over the last year or so is QR code phishing. This article examines the use of QR codes in phishing along…. The post QR Code Phishing: A New Threat?

Phishing 97

Phishing Cybersecurity 97

Heimadal Security

JUNE 9, 2022

Cybersecurity specialists discovered a massive phishing campaign that used Facebook Messenger to trick millions of individuals into entering their login details and watching advertisements on phishing pages. These stolen accounts were used by the threat actors to deliver more phishing messages to their friends, resulting in impressive earnings from online advertising commissions.

Phishing 97

Phishing Advertising Accountability Cybersecurity 97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.