Schneier on Security
AUGUST 24, 2022
Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitter’s chief security officer until he was fired in January. The Washington Post has the scoop (with documents) and companion backgrounder.
Tech Republic Security
AUGUST 24, 2022
Analyzing over 100 prominent ransomware incidents, Barracuda found the top targeted sectors to be education, municipalities, healthcare, infrastructure and financial. The post How ransomware attacks target specific industries appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trend Micro
AUGUST 24, 2022
A new ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
Tech Republic Security
AUGUST 24, 2022
Learn more about a new Iranian tool dubbed Hyperscrape and how it is used by a cyberespionage group to extract content from victims’ inboxes. The post Iranian cyberespionage group uses new Hyperscrape tool to extract emails from victims’ mailboxes appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
AUGUST 24, 2022
Plex, an American Streaming platform, has officially sent out email notifications to all its users urging them to change their passwords. The entertainment offering company added in its update that the reason to send a notification to all its users was because of the discovery of suspicious activity on one of its IT databases. In the statement issued by Plex, the streaming media specified that the activity was discovered by it on August 23rd of this year and soon its IT staff, along with a third
CSO Magazine
AUGUST 24, 2022
Cybersecurity spending in the coming year may not be recession-proof, but it's likely to be recession-resistant. Still, pressure remains on security leaders to prioritize technologies that generate the most bang for the buck. Forrester released a report Tuesday to help organizations do just that. "It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice Pr
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
AUGUST 24, 2022
The metaverse is seen by many companies as a great business opportunity and for new ways of working. Security provider Trend Micro, however, warns in a recent research report that cybercriminals could misuse the technology for their own purposes. Security researchers predict that a kind of darknet structure could emerge there, similar to today's Internet.
Security Affairs
AUGUST 24, 2022
Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server.
CSO Magazine
AUGUST 24, 2022
What is WannaCry? WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them. A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain's National Health
The State of Security
AUGUST 24, 2022
Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients, including the potential […]… Read More.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
SecureList
AUGUST 24, 2022
Introduction. In our crimeware reporting service, we analyze the latest crime-related trends we come across. Last month, we again posted a lot on ransomware, but we also covered other subjects, such as 1-day exploits. In this blogpost, we provide excerpts from these reports. For questions or more information about our crimeware reporting service, please contact crimewareintel@kaspersky.com.
Dark Reading
AUGUST 24, 2022
The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.
SecureBlitz
AUGUST 24, 2022
This post will show you the benefits of logo templates. All entrepreneurs know that a business needs a logo, but not everyone understands its role. This is not just a beautiful symbol or trademark of the brand. Its meaning and goal lie much deeper. Fortunately, we can always turn to ready-made logo templates to ease […]. The post Top 4 Benefits Logo Templates Can Bring To Your Business appeared first on SecureBlitz Cybersecurity.
Heimadal Security
AUGUST 24, 2022
The Department for Culture, Media and Sport (DCMS) in the UK issued a new report showing that businesses neglect cybersecurity procedures until after a major attack had happened. The report extended on four years and investigated ten organizations of different sizes which had all dealt with a major data protection breach in this period. The […].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
AUGUST 24, 2022
North Korea’s Lazarus Group has reportedly designed new ransomware that is being targeted at M1 processors popularly running on Macs and Intel systems. And security researchers from ESET have discovered that the malware was uploaded to the VirusTotal operated system in Brazil and was targeted by a social engineering attack. ESET claims the Lazarus campaign targeted specifically Macs as most of the journalists, high-profile dignitaries, and politicians use them to stay connected to the world.
Cisco Security
AUGUST 24, 2022
Security tools are only as good as the intelligence and expertise that feeds them. We’re very fortunate to have our security technologies powered by Cisco Talos , one of the largest and most trusted threat intelligence groups in the world. Talos is comprised of highly skilled researchers, analysts, and engineers who provide industry-leading visibility, actionable intelligence, and vulnerability research to protect both our customers and the internet at large.
CSO Magazine
AUGUST 24, 2022
Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren’t fixed right or variant bugs that could have been patched the first time.
Security Affairs
AUGUST 24, 2022
The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Google Security
AUGUST 24, 2022
Posted by Pedro Barbosa, Security Engineer, and Daniel Bleichenbacher, Software Engineer Paranoid is a project to detect well-known weaknesses in large amounts of crypto artifacts, like public keys and digital signatures. On August 3rd 2022 we open sourced the library containing the checks that we implemented so far ( [link] ). The library is developed and maintained by members of the Google Security Team, but it is not an officially supported Google product.
Malwarebytes
AUGUST 24, 2022
A former Twitter executive has acted as a whistleblower and alleged some serious problems. Provided these accusations are true, the disclosure shows a side of Twitter that poses a threat to its own users' personal information, to company shareholders, to national security, and to democracy. Otherwise known as Mudge, Peiter Zatko is a network security expert, open source programmer, writer, and a hacker.
Security Boulevard
AUGUST 24, 2022
This summer, Meta is facing renewed criticism of how it manages, and often violates, personal privacy online. Meta, the parent company of Facebook, Instagram, and many others, is facing a class action lawsuit in the Northern District of California over its collection of personal data through its webpage marketing integrations. The post Meta, Marketing, and Online Healthcare: A Deadly Combination (for Data Privacy) appeared first on Source Defense.
The Hacker News
AUGUST 24, 2022
A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards (NICs). The approach, codenamed ETHERLED, comes from Dr.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
AUGUST 24, 2022
To many, VPNs seem unremarkable and haven’t changed much in the past decade. A VPN is a VPN is a VPN. Some even think that VPNs are hardly necessary with the rise of building encryption directly into email, browsers, applications and cloud storage. The reality is that—especially for small and medium businesses (SMBs)—VPNs are still. The post This is Not Your Father’s VPN appeared first on Security Boulevard.
Security Affairs
AUGUST 24, 2022
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users. The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services were spotted targeting Google G Suite users. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.
Security Boulevard
AUGUST 24, 2022
Barracuda Networks published a report today that showed the volume of ransomware threats its security operations center (SOC) team detected spiked in January and again in June to more than 1.2 million per month. The report also noted that out of 106 highly publicized ransomware attacks that occurred in the last 12 months, the dominant. The post Barracuda Networks Reports Ransomware Volume Spikes appeared first on Security Boulevard.
CSO Magazine
AUGUST 24, 2022
A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason , the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn't seem to be dropping a traditional ransom note.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
AUGUST 24, 2022
BlackCloak founder and CEO Dr. Chris Pierson recently participated in a webinar on what small businesses get wrong about cybersecurity and how to avoid common mistakes. ContraForce, a cybersecurity readiness management tool for small businesses, sponsored the webinar. Adam Gladsden, head of cybersecurity solutions at Swiss Re, a global provider of reinsurance and other protections […].
The State of Security
AUGUST 24, 2022
With Cyber Security Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of investing in the security of their business. […]… Read More.
Security Boulevard
AUGUST 24, 2022
Elastic Security today updated its security orchestration, automation and response (SOAR) platform to provide integrations with similar platforms as part of an effort to streamline analytics. Version 8.4 of the Elastic SOAR platform now provides bi-directional integrations with ServiceNow, Swimlane, Tines, D3 and Torq. It also provides access to a terminal-like interface that enables cybersecurity.
Dark Reading
AUGUST 24, 2022
In a widespread campaign, threat actors use a compromised Dynamics 365 Customer Voice business account and a link posing as a survey to steal Microsoft 365 credentials.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
256 
Let's personalize your content