Schneier on Security

OCTOBER 18, 2021

The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a state’s website, and then reported it to the state. The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state. […]. According to the Post-Dispatch, one of its reporters discovered the flaw in a web application allowing the public to search teacher certifications and credentials.

Education 279

Education Internet Internet Hacking 279

Tech Republic Security

OCTOBER 18, 2021

CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner's IT Symposium.

Technology 218

Technology Engineering 218

Security Boulevard

OCTOBER 18, 2021

Cybercriminals exploited a new remote code execution (RCE) zero-day, CVE-2021-40444, a week before a patch was released in September—that’s just one of the recent findings in a report by HP Wolf Security. On September 10, researchers discovered scripts on GitHub that automated the creation of the exploit, which ostensibly means that even less-savvy attackers can.

Security Awareness 143

Security Awareness Ransomware Malware Cybersecurity 143

CyberSecurity Insiders

OCTOBER 18, 2021

This blog was written by an independent guest blogger. Dealing with the massive architecture of client-server networks requires effective security measures. Everyone has become painfully aware of all dangerous fishes roaming around the pool of the network, trying to get access to the system. Having a weak password policy is a key vector for attackers to gain system access.

Passwords 136

Passwords Accountability Encryption Architecture 136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

eSecurity Planet

OCTOBER 18, 2021

Over the past quarter of a century, the open source movement has gone from strength to strength. But that success and the openness inherent in the community have led to a major challenge – security. The more software that is developed, the greater the likelihood there is for vulnerabilities. To make matters worse, the open source world prides itself on openness and transparency.

Penetration Testing 133

Penetration Testing Encryption Software Authentication 133

CyberSecurity Insiders

OCTOBER 18, 2021

Google, the business subsidiary of tech giant Alphabet Inc has released a security statement that reveals that over 50,000 users were warned about state funded attacks in this year 2021, so far. Ajax Bash, the Security Engineer of Google Threat Analysis Group (TAG) endorsed the statement and attributed a large global campaign to a group of threat actors belonging to Kremlin based Fancy Bear (APT28).

Cyber Attacks 131

Cyber Attacks Cyber threats Accountability Engineering 131

Approachable Cyber Threats

OCTOBER 18, 2021

Category Social Engineering, Awareness Risk Level. So you’re taking a huge leap and beginning the job search for a new career? Congratulations! Whatever your reason for a change, you’re most likely starting your job search on one of the big job search websites like Indeed, Monster, or even LinkedIn. You’ll likely start to find a couple of positions that interest you, and then you see the one.

Scams 130

Scams Social Engineering Engineering Banking 130

CSO Magazine

OCTOBER 18, 2021

So far, 2021 has proved to be somewhat of a security annus horribilis for tech giant Microsoft, with numerous vulnerabilities impacting several of its leading services, including Active Directory, Exchange, and Azure. Microsoft is no stranger to being targeted by attackers seeking to exploit known and zero-day vulnerabilities, but the rate and scale of the incidents it has faced since early March has put the tech giant on its back foot for at least a moment or two. [ Keep up with the best new Wi

CSO 128

CSO 128

Tech Republic Security

OCTOBER 18, 2021

Weather events and port issues have caused major disruptions in the global supply chain. Tom Merritt gives us five ways to deal with it.

129

129

CSO Magazine

OCTOBER 18, 2021

Interest in zero trust is surging, according to IDG’s 2020 Security Priorities Study, with 40% of survey respondents saying they are actively researching zero trust technologies, up from only 11% in 2019, and 18% of organizations indicating they already have zero trust solutions, more than double the 8% in 2018. Another 23% of respondents plan to deploy zero trust in the next 12 months.

CSO 126

CSO Marketing Technology 126

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

OCTOBER 18, 2021

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) published today an advisory with details about how the BlackMatter ransomware gang operates. [.].

Ransomware 120

Ransomware Cybersecurity 120

Malwarebytes

OCTOBER 18, 2021

Multiple vulnerabilities have been found in the popular WordPress plugin WP Fastest Cache during an internal audit by the Jetpack Scan team. Jetpack reports that it found an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue. WP Fastest Cache. WP Fastest cache is a plugin that is most useful for WordPress-based sites that attract a lot of visitors.

Social Engineering 120

Social Engineering Authentication Engineering Passwords 120

Bleeping Computer

OCTOBER 18, 2021

TV stations owned by the Sinclair Broadcast Group broadcast television company went down over the weekend across the US, with multiple sources telling BleepingComputer the downtime was caused by a ransomware attack. [.].

Ransomware 118

Ransomware 118

CyberSecurity Insiders

OCTOBER 18, 2021

A ransomware attack launched on the Hillel Yaffe Medical Center has shaken the National cyber directorate so much that it issued an economic warning to the healthcare sector operating across the country urging them to fix their cybersecurity defenses as early as possible. Statement released on a combined note by the Cybersecurity directorate and the Ministry of Health says that those involved in the business of medical treatment and service should start the review of their IT infrastructure befo

Ransomware 119

Ransomware Healthcare Cyber threats Education 119

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Heimadal Security

OCTOBER 18, 2021

A fresh variant of a phishing campaign has been recently detected. By its nickname MirrorBlast, its targets are finance enterprises. The attack methods it uses consist of malicious Excel documents that are almost untraceable. MirrorBlast: How Does It Work? The researchers who discovered this new phishing campaign were those from Morphisec Labs and according to […].

Phishing 116

Phishing Cybersecurity 116

The Hacker News

OCTOBER 18, 2021

Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences.

Ransomware 111

Ransomware Risk 111

Cisco Security

OCTOBER 18, 2021

“Left of Boom”. The allied military forces engaged in operations in Iraq and Afghanistan nearly 20 years ago were confronted with the challenge of Improvised Explosive Devices (IEDs), which were roadside bombs that detonated remotely and inflicted casualties and damage to military personnel and materiel. Major research efforts on how to detect these IEDs and detonate them harmlessly, or to infiltrate and disrupt bomb manufacturing, were referred by the idiom “Left of Boom.

Cybersecurity 111

Cybersecurity CISO Insurance Risk 111

Tech Republic Security

OCTOBER 18, 2021

While you're sipping that pumpkin spice latte, make sure to review your company's cybersecurity policies.

Cybersecurity 130

Cybersecurity 130

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

OCTOBER 18, 2021

Microsoft has fixed a known Windows 10 issue causing smartcard authentication to fail when trying to connect using Remote Desktop after installing the cumulative updates released during the September 2021 Patch Tuesday. [.].

Authentication 106

Authentication 106

eSecurity Planet

OCTOBER 18, 2021

Managing machine identities has never been more critical to an enterprise’s cybersecurity. Machine identities now outnumber humans in enterprises, according to Nathanael Coffing, co-founder and CSO of Cloudentity. Without thorough visibility and proper management of machine-to-machine communications, all those machines can become a huge security issue.

IoT 106

IoT Risk Architecture CSO 106

Bleeping Computer

OCTOBER 18, 2021

TV stations owned by the Sinclair Broadcast Group broadcast television company went down over the weekend across the US, with multiple sources telling BleepingComputer the downtime was caused by a ransomware attack. [.].

Ransomware 104

Ransomware 104

Heimadal Security

OCTOBER 18, 2021

Following the last week’s White House National Security Council’s virtual meetings on the Counter-Ransomware Initiative event, senior officials from the U.E. and 31 countries have issued a joint statement where they acknowledged their focus on cryptocurrency payment channels disruption, asserting that their governments will begin to take action in this sense.

Ransomware 107

Ransomware Cryptocurrency Government Cybersecurity 107

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

OCTOBER 18, 2021

Microsoft is working on a fix for a known issue impacting Windows 11 customers and causing a prompt for admin credentials before every attempt to print. [.].

108

108

The Hacker News

OCTOBER 18, 2021

Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China.

Hacking 101

Hacking Cybersecurity 101

Heimadal Security

OCTOBER 18, 2021

Accenture, an Irish-based multinational professional services company that specializes in IT services and consulting, confirmed it suffered a data breach as a result of a ransomware attack carried out by LockBit threat actors in August 2021. With more than 624,000 employees in 120 countries, Accenture is a Fortune 500 corporation and one of the world’s […].

Data breaches 103

Data breaches Ransomware Cybersecurity 103

Digital Guardian

OCTOBER 18, 2021

Companies that fail to follow required cybersecurity standards could soon be a target under the DOJ's new Civil Cyber-Fraud Initiative.

Accountability 116

Accountability Cybersecurity 116

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

OCTOBER 18, 2021

Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials. [.].

System Administration 98

System Administration 98

The Hacker News

OCTOBER 18, 2021

REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus.

Ransomware 98

Ransomware Cybercrime Hacking 98

Approachable Cyber Threats

OCTOBER 18, 2021

Category Cybersecurity Fundamentals Risk Level. In another ACT post we talked about a process in cybersecurity that we call “vulnerability management.” Remember, vulnerabilities are holes in your electronic devices’ code that when left unpatched, can allow hackers to use them to their advantage; like an open back door on your house. In the case of ice climbers, it’s about identifying where vulnerabilities exist in their climb, and addressing them accordingly - think safety harness, a buddy syste

Computers and Electronics 98

Computers and Electronics Risk Penetration Testing Accountability 98

The Security Ledger

OCTOBER 18, 2021

Eric Goldstein, Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA), says the agency is all about helping companies and local government to keep hackers at bay. But are organizations ready to ask for help? The post Episode 228: CISA’s Eric Goldstein on being Everyone’s Friend in Cyber. Read the whole entry. » Click the icon below to listen.

Government 98

Government Cyber Risk Cybersecurity CISO 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.