Joseph Steinberg

JUNE 15, 2021

Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan. Moynihan made the comment on CNBC’s Squawk Box show yesterday (June 14), noting that “I became CEO 11 and a half years ago, and we probably spent $300 million to $400 million (per year) and we’re up over a billion now… The institutions around us, other institutions and my peers, spend like amounts, and our contra

Cybersecurity 362

Cybersecurity Artificial Intelligence Banking Insurance 362

Krebs on Security

JUNE 15, 2021

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her

Cybercrime 297

Cybercrime Ransomware Passwords Banking 297

Schneier on Security

JUNE 15, 2021

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of optical-scan voting machines (possibly over several years of use) can cause paper-fold lines in absentee ballots to be interpreted as votes… New Hampshire (and other states) may need to maintain the accu

Risk 252

Risk 252

Tech Republic Security

JUNE 15, 2021

56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report.

193

193

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

JUNE 15, 2021

With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ].

CSO 144

CSO Malware 144

Bleeping Computer

JUNE 15, 2021

An alleged preview build for Windows 11 has been leaked, confirming the new name for Microsoft's next generation of Windows and providing a glimpse of the new features. [.].

145

145

Security Boulevard

JUNE 15, 2021

Artificial intelligence (AI) in cybersecurity can be a double-edged sword. While AI can effectively mitigate threats and prevent potential cyberattacks, criminals can also exploit the technology to their advantage – putting businesses and customers at significant risk. This, in turn, increases the need for greater security and protection. We’re still dealing with the side effects […].

Artificial Intelligence 141

Artificial Intelligence Cybersecurity Technology Risk 141

CyberSecurity Insiders

JUNE 15, 2021

All the world leaders who took part at the G7 Summit held in Cornwall, UK have agreed on a unanimous note that ransomware and cyber attacks have emerged as the biggest threats to their nation in recent times. G7 that comprises countries like the USA, UK, Canada, Japan, Italy, Germany, and France has decided to launch a committed fight against the spread of ransomware that was being facilitated by the price rise in Cryptocurrency.

Cyber Attacks 138

Cyber Attacks Ransomware Cryptocurrency Malware 138

Hot for Security

JUNE 15, 2021

Our mobile devices are not just a means to communicate with others. They’ve evolved into a data storage device, a video and sound recorder, as well as an easy way to access our bank accounts. Mobile security is often overlooked by many technology users, who dismiss the reality of security risks brought by careless interactions with the digital world.

Mobile 137

Mobile Banking Phishing Social Engineering 137

CSO Magazine

JUNE 15, 2021

Researchers claim to have discovered the identity of the operators of Hades ransomware, exposing the distinctive tactics, techniques, and procedures (TTPs) they employ in their attacks. Hades ransomware first appeared in December 2020 following attacks on a number of organizations, but to date there has been limited information regarding the perpetrators. [ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the lates

Ransomware 135

Ransomware CSO Malware 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

JUNE 15, 2021

The fraudsters ran their campaigns from the cloud and used phishing and email forwarding rules to steal their targets' financial information. The post Microsoft takes down large‑scale BEC operation appeared first on WeLiveSecurity.

Phishing 139

Phishing Cybercrime 139

CSO Magazine

JUNE 15, 2021

Three weeks after releasing patches for a critical vulnerability in VMware vCenter, thousands of servers that are reachable from the internet remain vulnerable to attacks. VMware vCenter is used by enterprises to manage virtual machines, the VMware vSphere cloud virtualization solution, ESXi hypervisors, and other virtualized infrastructure components. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO

CSO 127

CSO Authentication Internet Internet 127

Bleeping Computer

JUNE 15, 2021

The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation. [.].

Hacking 126

Hacking Ransomware 126

Naked Security

JUNE 15, 2021

After nearly a decade as a US expat dubbed "The Face of Anoynmous", he's back in the US facing cybercrime charges from almost a decade ago.

Cybercrime 141

Cybercrime Hacking 141

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Adam Shostack

JUNE 15, 2021

You know what’s not in my threat model? A meteor hitting a volcano…And that’s ok! Your threat modeling should be focused on the threats that are likely to impact your systems. So unless your system is your evil supervillain volcano lair, a meteor is likely out of scope. And unless you have giant space lasers, there’s not a lot you can do about that meteor.

100

100

Threatpost

JUNE 15, 2021

SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware.

Passwords 127

Passwords Malware 127

CyberSecurity Insiders

JUNE 15, 2021

Remote workforces accessing applications and data that are located anywhere is the “new normal.” Across the globe, organizations of all sizes are struggling to modernize their infrastructures to accommodate this new reality while accelerating their digital transformation initiatives. As a result, today’s overly fragmented environments and markets make this transformation complicated, leaving many organizations unable to address the secure access needs of their customers or empl

Digital transformation 122

Digital transformation Architecture Firewall Marketing 122

The Hacker News

JUNE 15, 2021

Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. "This bug could have allowed a malicious user to view targeted media on Instagram," Mayur Fartade said in a Medium post today.

Accountability 119

Accountability Media 119

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Identity IQ

JUNE 15, 2021

Volkswagen Group of America has revealed a data breach impacting more than 3.3 million customers after a vendor exposed unsecured data online. The automaker said an unauthorized third party obtained personal information about customers and interested buyers from a vendor used for digital sales and marketing by its Audi Volkswagen brands and some U.S. and Canadian dealers.

Cybercrime 119

Cybercrime Identity Theft Data breaches Hacking 119

Security Affairs

JUNE 15, 2021

The MASQ tool could be used by attackers to emulate device fingerprints thus allowing them to bypass fraud protection controls. The Resecurity® HUNTER unit has identified a new tool available for sale in the Dark Web called MASQ , enabling bad actors to emulate device fingerprints thus allowing them to bypass fraud protection controls, including authentication mechanisms.

Mobile 116

Mobile Authentication Accountability Cyber threats 116

SecureList

JUNE 15, 2021

Executive summary. In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. While we were doing our research into these findings, Malwarebytes published a nice report with technical details about the same series of attacks, which they attributed to the Lazarus group.

Ransomware 116

Ransomware Encryption Malware Software 116

Malwarebytes

JUNE 15, 2021

Apple has fixed two vulnerabilities in Safari’s WebKit component, announcing it is aware of a report that they may have been actively exploited. Both vulnerabilities could be abused by maliciously crafted web content that could lead to arbitrary code execution: In other words, the bugs let rogue websites do things on your phone without your permission.

Engineering 115

Engineering Software Hacking 115

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

IT Security Central

JUNE 15, 2021

Businesses need to act now to survey their supply chain, developing the capacity to anticipate and respond to supply chain risks, minimizing the impact and optimizing opportunity. In March, the world witnessed a curious scene. A container ship longer than the Empire State Building became lodged in Egypt’s Suez Canal, creating an incredible spectacle as […].

Risk 116

Risk Threat Detection Cyber Risk Cyber Attacks 116

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. The news of the availability of the source code was first reported by Tom Malka , a senior threat intelligence analyst for security firm Security, that reported it to BleepingComputer and The Rec

Ransomware 115

Ransomware Hacking Encryption Malware 115

Security Boulevard

JUNE 15, 2021

Research from Lightspin indicates that AWS S3 Buckets are not as secure as many users may think. Lightspin, which specializes in cloud security services, inspected more than 40,000 Amazon S3 buckets and found that improperly configured AWS permissions exposed, on average, 42% of an organization’s AWS S3 buckets. While misconfigured permissions are not a new.

Cybersecurity 111

Cybersecurity 111

Security Affairs

JUNE 15, 2021

A new variant of the Mirai botnet, tracked as Moobot, was spotted scanning the Internet for vulnerable Tenda routers. Researchers from AT&T Alien Lab have spotted a new variant of the Mirai botnet, tracked asu Moobot, which was scanning the Internet for the CVE-2020-10987 remote code-execution (RCE) issue in Tenda routers. The botnet was linked to a new malware hosting domain that has been serving Mirai variants for several different botnets over the past year.

Malware 109

Malware Internet Internet DDOS 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JUNE 15, 2021

Our thanks to BSides Tampa for publishing their outstanding videos on the organization's YouTube channel. Enjoy the Education! Permalink. The post BSides Tampa 2021 – Buddy Smith’s ‘Mobile Penetration Testing Hybrid’ appeared first on Security Boulevard.

Penetration Testing 109

Penetration Testing Mobile Education InfoSec 109

Bleeping Computer

JUNE 15, 2021

A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. [.].

109

109

CSO Magazine

JUNE 15, 2021

No one expects trust to be broken when they engage trusted individuals and companies to safeguard that which requires security, such as protected health information (PHI) and personally identifiable information ( PII ). Yet that is what happened to Gwinnett Medical Center (GMC) and its Lawrenceville and Duluth, Georgia, hospitals when Vikas Singla, chief operating officer of Securolytics, broke the bond of trust.

107

107

Threatpost

JUNE 15, 2021

Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.

Software 112

Software 112

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.