Mon.Feb 22, 2021

article thumbnail

GPS Vulnerabilities

Schneier on Security

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March.

Backups 250
article thumbnail

Why non-human workers can increase security issues in your business

Tech Republic Security

Most organizations don't give the same thought and attention to their non-human workers, such as bots, RPAs and service accounts, as they do human workers and identity lifecycles.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Rise of Initial Access Brokers

Digital Shadows

Over the course of 2020, Digital Shadows detected over 500 cybercriminals’ listings advertising network access across a multitude of industry. The post The Rise of Initial Access Brokers first appeared on Digital Shadows.

article thumbnail

Mysterious malware infects 30,000 Mac computers

Tech Republic Security

Known as Silver Sparrow, the malware's intent is still unknown as it has yet to deliver an actual payload, says security firm Red Canary.

Malware 202
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

‘Think about problems in a different way’: Inside the Bank of America CISO’s neurodiversity push

SC Magazine

Craig Froelich, chief information security officer of Bank of America Merrill Lynch, described how cybersecurity is not just a technology risk during a 2017 annual meeting of the Securities Industry and Financial Markets Association. (SIFMA). Diversity and inclusion programs gained a great deal of traction in the last few years as a means of hiring minorities, women and other underrepresented members of the modern security workforce.

Banking 137
article thumbnail

Cybersecurity pros: Automation and app security are top priorities in 2021

Tech Republic Security

A study on CIO and CISO prioritization showed these two areas are most important this year. Cloud security is another area high on their lists.

CISO 194

More Trending

article thumbnail

The top 6 enterprise VPNs to use in 2021

Tech Republic Security

Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses.

136
136
article thumbnail

China Hijacked an NSA Hacking Tool—and Used It for Years

WIRED Threat Level

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.

Hacking 145
article thumbnail

How to Fight Business Email Compromise (BEC) with Email Authentication?

The Hacker News

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

article thumbnail

Free password manager alternatives to LastPass

Tech Republic Security

With the free version of LastPass now limiting where you can sync your passwords, here are a few other options.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Chinese hackers used NSA exploit years before Shadow Brokers leak

Bleeping Computer

Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. [.].

145
145
article thumbnail

Assume ClubHouse Conversations Are Being Recorded, Researchers Warn

Threatpost

At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. The company confirmed to Bloomberg that over the weekend a user was able to breach “multiple” ClubHouse room audio feeds […].

Media 118
article thumbnail

Brave browser’s Tor mode exposed users’ dark web activity

We Live Security

A bug in the ad blocking component of Brave’s Tor feature caused the browser to leak users' DNS queries. The post Brave browser’s Tor mode exposed users’ dark web activity appeared first on WeLiveSecurity.

DNS 113
article thumbnail

Google puts more focus on mobile security in Android 12

CyberSecurity Insiders

Google seems to have taken mobile security and data privacy on a serious note, as it is clear in its latest preview of its Android 12 Operating System. Introducing to the world the new mobile operating system, Dave Burke, the Vice President of Engineering working for the Alphabet subsidiary stated that the new OS will give utmost attention to security features.

Mobile 112
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

New 'Silver Sparrow' Malware Infected Nearly 30,000 Apple Macs

The Hacker News

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker's M1 processors.

Malware 113
article thumbnail

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was to create weaponized Excel documents used in multiple phishing attacks.

Malware 112
article thumbnail

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

The Hacker News

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).

Hacking 108
article thumbnail

New York issues cyber insurance framework as ransomware, SolarWinds costs mount

CSO Magazine

On February 4, 2021, New York became the first state in the nation to issue a cybersecurity insurance risk framework to all authorized property and casualty insurers. In releasing the framework, New York's Department of Financial Services (DFS) said that "[f]rom the rise of ransomware to the recently revealed SolarWinds-based cyber-espionage campaign, it is clear that cybersecurity is now critically important to almost every aspect of modern life – from consumer protection to national security."

Insurance 106
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Apple’s Safe Browsing Request Proxy, BEC Attacks, LastPass Updates

Security Boulevard

In episode 161: Apple will start to proxy Safe Browsing requests to hide IP addresses from Google, the rise of Business Email Compromise attacks, and changes to the free version of LastPass. ** Links mentioned on the show ** Apple will proxy Safe Browsing requests to hide iOS users’ IP from Google [link] This cybersecurity […]. The post Apple’s Safe Browsing Request Proxy, BEC Attacks, LastPass Updates appeared first on The Shared Security Show.

article thumbnail

Kroger Notifies Customers and Associates of Data Breach Incident

Hot for Security

Kroger is notifying customers of a data breach, two months after the supermarket chain’s file transfer service Accellion disclosed a cyberattack. The supermarket giant is the latest victim of the zero-day vulnerability exploited by malicious actors in the December 23 attack. Although Accellion released a patch for the vulnerability within 72 hours of its discovery, cybercriminals quickly capitalized on the exploit, stealing confidential information from multiple companies that use their FTA file

article thumbnail

How to Secure Your Cloud Investment

Security Boulevard

Cloud adoption was already a safe bet in 2020, but the pandemic drove a rapid acceleration of this trend last year. Enterprises’ average cloud spend went up 59% from 2018 according to IDG’s 2020 State of Cloud report. That same report found that security is the greatest obstacle organizations are facing when attempting to take. The post How to Secure Your Cloud Investment appeared first on Security Boulevard.

Firewall 105
article thumbnail

Google Alerts used to launch fake Adobe Flash Player updater

SC Magazine

Taking advantage of users who may not realize support for Adobe Flash Player expired on December 31, hackers have been using Google Alerts to promote a fraudulent Flash Player updater that installs other unwanted programs on their computers. The threat actors create fake stories with titles containing popular keywords that Google Search indexes, according to a Sunday Bleeping Computer report.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

TDoS Attacks Take Aim at Emergency First-Responder Services

Threatpost

The FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services.

Hacking 99
article thumbnail

BrandPost: Proactive Security Requires Leveraging AI and Automation

CSO Magazine

The speed of digital innovation has completely transformed how organizations do business. Instant access to critical business tools and information via cloud -based applications lets any worker access any needed resources from any location on any device. However, this same innovation trend has also transformed cybercrime, raising the bar on both the speed and severity of attacks, with a successful data breach now costing an average of $3.86 million.

article thumbnail

Windows network monitoring made easy with OpManager

Security Boulevard

Network administrators are responsible for the day-to-day operation of computer networks at organizations of any size and scale. Their primary duty is to manage, monitor, and keep a close watch on the network infrastructure to prevent and minimize downtime. Managing …. The post Windows network monitoring made easy with OpManager appeared first on ManageEngine Blog.

97
article thumbnail

Undervalued and ineffective: Why security training programs still fall short

CSO Magazine

As a former U.S. Naval officer, Bruce Beam says corporate security training would benefit from adopting the military notion that you fight like you train.

103
103
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Chinese hackers cloned attack tool belonging to NSA’s Equation Group

Zero Day

The Jian tool was used to exploit a Windows zero-day vulnerability years before a patch was issued.

126
126
article thumbnail

Industrial Cybersecurity and the Florida Water Supply Attack with Dale Peterson

Security Boulevard

Through the lens of the Florida water supply hack, Dale Peterson teaches how events like these remind us to take the necessary steps to maintain our cybersecurity. Founder and chair of S4 Events, Dale has been helping security professionals effectively and efficiently manage risk to their critical assets for over 15 years. Spotify: [link] [link] […]… Read More.

article thumbnail

What You Need to Know Before Implementing an EDR Solution

Heimadal Security

In today’s constantly evolving cyber-threat landscape, your organization’s endpoints are more than simple workstations. They are digital connections to the online world, which is undeniably useful, but can become dangerous as well. Did you know that most cyber attackers enter your business infrastructure via your endpoints? This is why enterprise needs to be protected on […].

article thumbnail

30,000 Macs infected with new Silver Sparrow malware

Zero Day

Silver Sparrow can even run on systems with Apple's new M1 chip.

Malware 145
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.