Daniel Miessler

MARCH 10, 2022

People are starting to get the fact that texts (SMS) are a weak form of multi-factor authentication (MFA). Fewer people know that there’s a big gap between the post-SMS MFA options as well. As I talked about in the original CASSM post , there are levels to this game. In that post we talked about 8 levels of password security, starting from using shared and weak passwords and going all the way up to passwordless.

Authentication 364

Authentication Phishing Passwords Accountability 364

Schneier on Security

MARCH 10, 2022

It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found and neutered. Near as I can tell, the only thing that worked was the disabling of regional KA-SAT SATCOM terminals. It’s probably too early to reach any conclusions, but people are starting to write about this, with varying theories.

277

277

Troy Hunt

MARCH 10, 2022

Somehow this week ended up being all about Russia and Cloudflare. Mostly as 2 completely separate topics, but also a little bit around Cloudflare's ongoing presence in Russia (with a very neutral view on that, TBH). Looking back on this video a few hours later, the thing that strikes me is the discussion around what appears to be a phishing page seeking donations for Ukraine.

Phishing 250

Phishing Scams Passwords Ransomware 250

Tech Republic Security

MARCH 10, 2022

The Financial Crimes Enforcement Network has issued a statement for financial institutions to be aware of suspicious activity. The post Russia may try to dodge sanctions using ransomware payments, warns US Treasury appeared first on TechRepublic.

Ransomware 171

Ransomware 171

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MARCH 10, 2022

Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. [.].

142

142

Tech Republic Security

MARCH 10, 2022

2021 saw an array of record-breaking DDoS attacks, many aimed at cloud companies and ransomware victims who resisted paying the ransom, says Radware. The post DDoS attacks expand as cybercriminals target cloud providers and ransomware victims appeared first on TechRepublic.

DDOS 144

DDOS Ransomware 144

Tech Republic Security

MARCH 10, 2022

Cisco Talos has illustrated the ways in which the Iranian backed hacker group has attempted countries for cyberattacks. The post MuddyWater targets Middle Eastern and Asian countries in phishing attacks appeared first on TechRepublic.

Phishing 138

Phishing 138

Security Affairs

MARCH 10, 2022

The U.S. CISA has updated the alert on Conti ransomware and added 98 domain names used by the criminal gang. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware operations, the agency added 100 domain names used by the group. The joint report published by CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) in September warned of an increased number of Conti ransomware attacks against US organizations.

Ransomware 134

Ransomware Cyber threats Hacking Cybersecurity 134

Tech Republic Security

MARCH 10, 2022

Find out how to mount a remote directory on a Rocky Linux server to a local directory with the help of SSHFS. The post How to use SSHFS to mount remote directories on Rocky Linux appeared first on TechRepublic.

Software 126

Software 126

CyberSecurity Insiders

MARCH 10, 2022

Ukraine’s critical infrastructure is being cyber-attacked by malware these days and highly placed sources state that the malicious software has compromised 13 computer networks operating for public utilities so far. In a statement released on March 7, 2022, the Computer Emergency Response Team (CERT-UA) has confirmed that its digital infrastructure was constantly being hit by malicious attacks and phishing emails were acting as a source for the infiltration.

Malware 134

Malware Government Cyber Attacks Phishing 134

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MARCH 10, 2022

Vendor marketing has long overused the term “zero trust” to imply improved security. Security and risk management leaders must move beyond the hype and implement two key projects to reduce risk with least privileged access and adaptive security. Security and risk management leaders should: Develop strategies to to address heterogeneous workloads spanning on-premises, hybrid, and.

Marketing 125

Marketing Risk Digital transformation 125

CyberSecurity Insiders

MARCH 10, 2022

Russian war has entered its third week and the leader of the nation seems to be in no mood to give up. However, reports are in that Putin is finding it hard to break the resistance of Ukrainians and is falling short of finances, fuel, water and food supplies essential to keep his military units alive on sea, air and on land. With strict sanctions placed by West and withdrawal of rubble currency usage at international markets, Vladimir Putin’s nation is left with no other choice rather than to la

Ransomware 127

Ransomware Cyber Attacks Cryptocurrency Banking 127

Tech Republic Security

MARCH 10, 2022

If you've been trying to decide which anti-malware tool is best for your needs, you've come to the right place. This resource summarizes two of the top anti-malware solutions: Malwarebytes and ESET. The post Malwarebytes vs. ESET: Which anti-malware solution is best for you? appeared first on TechRepublic.

Malware 108

Malware 108

The State of Security

MARCH 10, 2022

The FBI has warned that the Ragnar Locker gang has infected at least 52 critical infrastructure organisations across America with its ransomware. Read more in my article on the Tripwire State of Security blog.

Ransomware 121

Ransomware Malware 121

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

MARCH 10, 2022

HackerOne, a bug bounty platform provider, offered a blueprint for greater corporate security responsibility and called for a shift from secrecy to transparency when dealing with vulnerabilities in a report released Thursday. Organizations are increasingly scrutinizing the practices of their suppliers, basing procurement decisions on security credentials and switching suppliers should the company have experienced a security incident, the report noted.

120

120

CyberSecurity Insiders

MARCH 10, 2022

All these days, we have seen and heard of companies recruiting employees and paying salaries to them. But here’s a news piece that gives details of a ransomware group that paid $6 million in salaries last year and even tried to develop its cryptocurrency. Please note that the above-stated details were divulged by a malware analysis company VX-Underground after analyzing a leaked chat from a Ukrainian researcher working on a Russian project.

Cryptocurrency 119

Cryptocurrency Ransomware Banking Hacking 119

Cisco Security

MARCH 10, 2022

Today, we’re pleased to launch our annual Defending Against Critical Threats report. Inside, we cover the most significant vulnerabilities and incidents of 2021, with expert analysis, insights and predictions from our security and threat intelligence teams across Cisco Talos , Duo Security , Kenna Security , and Cisco Umbrella. It’s clear that 2021 – and, indeed, the start of 2022 – has been very challenging for security defenders.

Threat Reports 116

Threat Reports CISO Cyber Attacks Ransomware 116

CyberSecurity Insiders

MARCH 10, 2022

According to a study made by CrowdStrike, hackers are seen selling high-value targets from the United States for profits and the buyers on the dark web are preferring data related to targets from technology, government, and academics. Usually, such information selling takes place on the dark web in the initial days of every month and those who buy such data will use it to conduct malicious campaigns such as ransomware spread, malware spying, espionage-related tactics, and more.

Marketing 118

Marketing Ransomware Cyber Attacks Government 118

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

MARCH 10, 2022

SSE. What is it and why should I care? SSE can be a catalyst for change in an organisation by securing the business in a remarkably comprehensive way. But, not all solutions are created equal. IT leaders looking to adopt SSE must evaluate and select the right solution, to allow their organisation to simplify security. The post The 7 Pitfalls to Avoid When Selecting An SSE Solution appeared first on TechRepublic.

112

112

Security Boulevard

MARCH 10, 2022

Mainstream media has been full of stories about how the U.S. cleverly anticipated the Russian invasion of Ukraine and skilfully helped the country shore up its defences against Russian hacking. But scratch the surface and there’s not much of a There there. What looks like a coordinated PR campaign relies on “people familiar with the. The post US Helped Ukraine With Infosec—Story is ‘Dangerous Arrogance’ appeared first on Security Boulevard.

InfoSec 113

InfoSec Media Hacking Social Engineering 113

Heimadal Security

MARCH 10, 2022

Biometric information helps people access systems and secure devices more easily. However, it might become a target for threat actors. According to a new report, hackers start to become aware of the value of this kind of info like iris scans, fingerprint authentication, or facial recognition and might begin to exploit it. How Hackers Can […]. The post Your Biometric Data in Danger of Being Exploited by Hackers appeared first on Heimdal Security Blog.

Authentication 106

Authentication Cybersecurity 106

Security Boulevard

MARCH 10, 2022

Introduction to Continuous audits for public cloud Businesses have lost track of crucial control measures needed for their cloud infrastructure due to the rapid adoption of cloud computing, AWS, Azure, and Google cloud services are now more popular than ever due to the pace of innovation and customer expectations from the business. Gartner predicts that […].

113

113

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

TrustArc

MARCH 10, 2022

Organizations have been collecting information about people for as long as anyone can remember. Consumers and businesses have provided information to receive services, process orders, and conduct payments and rarely thought twice. However, in the past decade, the amount of Personally Identifiable Information (PII) being collected, and the number of organizations collecting it has significantly increased.

105

105

SecureBlitz

MARCH 10, 2022

This post will show you all you need to know about Low-code and No-code platform security. Since the trend for mobile app development is never-ending, the future prediction for app revenue is $808 billion in 2022 than the last year 2021, which was $581 billion. People worldwide are well-occupied with the latest gadgets around. The. The post Ultimate Guide To Low-code And No-code Platform Security appeared first on SecureBlitz Cybersecurity.

Mobile 105

Mobile Cybersecurity 105

CSO Magazine

MARCH 10, 2022

The US Securities and Exchange Commission today proposed legal changes that would require publicly traded companies to disclose material cybersecurity incidents within four days of such a breach. The SEC also wants to require "periodic disclosures" of the impact of ongoing cybersecurity threats in regularly scheduled quarterly 10-Q and annual 10-K reports filed by publicly traded firms, further increasing the mandate for transparency on cybersecurity issues.

Cybersecurity 104

Cybersecurity Risk 104

Tech Republic Security

MARCH 10, 2022

It’s never been more important to digitally transform your business. Whether you’re a CIO, CISO, head of networking, head of security, or an IT infrastructure leader, helping the business accelerate its transformation confidently and securely is a top priority, and will help your business in a myriad of ways, including: Help build a long-term competitive.

Digital transformation 99

Digital transformation CISO 99

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

MARCH 10, 2022

The US Securities and Exchange Commission (SEC) has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're determined as being a material incident (one that shareholders would likely consider important). [.].

Data breaches 102

Data breaches Cybersecurity Government 102

CSO Magazine

MARCH 10, 2022

The dangerous Linux privilege escalation flaw dubbed Dirty Pipe that was recently disclosed could also impact applications and systems that use containerization through tools such as Docker, researchers warn. This follows a different privilege escalation vulnerability that was patched last week and could lead to container escapes. Dirty Pipe "could enable an attacker to effectively modify containers that are running against a shared image, or to poison an image on a host so that new containers w

100

100

The Hacker News

MARCH 10, 2022

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.

99

99

Bleeping Computer

MARCH 10, 2022

The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack. [.].

Ransomware 99

Ransomware Government 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.