Sun.Mar 06, 2022

article thumbnail

Ukraine Situation Drives New Cyber Attack Reporting Mandates

Lohrman on Security

New mandated reporting of major cyber incidents for all owners and operators of U.S. critical infrastructure seems closer than ever, thanks to new bills that are supported by the White House.

article thumbnail

Conti ransomware gang, which leaked ransomware victims’ data, has its own data leaked

Graham Cluley

Oh how embarrassing for the criminal gang who extorted millions from businesses by threatening to leak their data, that someone leaked some 160,000 messages between their members as well as their malware source code.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!

The Hacker News

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.

Software 116
article thumbnail

The nation-state cyberattack playbook – what comes next?

Security Boulevard

With clashes expanding between Russia and Ukraine, questions are raised as to how far a battle like this can go. In the past warfare used to exclusively mean “boots on the ground”, but today there is a different type of battleground to be fought as well, the battle taking place every hour, of any day […]. The post The nation-state cyberattack playbook – what comes next?

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Episode 236: Cyberwar Takes A Back Seat In Ukraine (For Now)

The Security Ledger

we sit down with Christian Sorenson, the former lead of the international cyber warfare team at US Cyber Command and CEO of cybersecurity firm, SightGain, to talk about what we’ve learned so far from Russia’s war in Ukraine, and what may be coming next. The post Episode 236: Cyberwar Takes A Back Seat In Ukraine (For Now) appeared first on. Read the whole entry. » Click the icon below to listen.

article thumbnail

Munich Security Conference 2022 – MSC Townhall “Seed Change Needed: Ensuring Food Security”

Security Boulevard

Thanks are in order to the Munich Security Conference) for the yearly publishing of their terrific videos covering the Munich Security Conference on the organization’s YouTube channel. Permalink. The post Munich Security Conference 2022 – MSC Townhall “Seed Change Needed: Ensuring Food Security” appeared first on Security Boulevard.

More Trending

article thumbnail

What Is API Ownership and How Can It Help Your Team?

Security Boulevard

A guide about API ownership for leadership, senior engineers, security experts, and product managers to make/work better together. The post What Is API Ownership and How Can It Help Your Team? appeared first on Traceable App & API Security. The post What Is API Ownership and How Can It Help Your Team? appeared first on Security Boulevard.

article thumbnail

Adafruit discloses data leak from ex-employee's GitHub repo

Bleeping Computer

Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed "unauthorized access" to information about certain users on or before 2019. [.].

98
article thumbnail

Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers

Security Boulevard

This week we discuss some of the more interesting hacks of Russian assets, technology, and more. Scott discusses recent credential stuffing attacks on Microsoft 365 accounts, and a fascinating story about ice cream machine “hackers” that are suing McDonald’s for $900 million dollars in damages. ** Links mentioned on the show ** Round up of […]. The post Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers appeared first on The Shared Security Show.

Hacking 98
article thumbnail

SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store

The Hacker News

The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

I-4 2022 Talk: How do I get started? Easing your company into a quantitative cyber risk program

Security Boulevard

This is a companion post for my talk titled, “Baby Steps: Easing your. company into a quantitative cyber risk program.” This blog post contains. links and resources to many of the items and concepts mentioned in the. talk. Abstract: Risk managers tasked with integrating quantitative methods into their risk. programs - or even those just curious about it - may be wondering, Where do.

article thumbnail

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape

Security Affairs

A Linux kernel flaw, tracked as CVE-2022-0492 , can allow an attacker to escape a container to execute arbitrary commands on the container host. A now-patched high-severity Linux kernel vulnerability, tracked as CVE-2022-0492 (CVSS score: 7.0), can be exploited by an attacker to escape a container to execute arbitrary commands on the container host.

Hacking 94
article thumbnail

Munich Security Conference 2022 – MSC Townhall “Surfing the Wave(s): Preventing the Next Polypandemic”

Security Boulevard

Thanks are in order to the Munich Security Conference) for the yearly publishing of their terrific videos covering the Munich Security Conference on the organization’s YouTube channel. Permalink. The post Munich Security Conference 2022 – MSC Townhall “Surfing the Wave(s): Preventing the Next Polypandemic” appeared first on Security Boulevard.

article thumbnail

Anonymous offers $52,000 worth of Bitcoin to Russian troops for surrendered tank. Is it fake news?

Security Affairs

The popular hacker collective Anonymous is offering to Russian troops $52,000 in BTC for each surrendered tank. The popular hacker collective Anonymous will reportedly pay $52,000 in BTC for a tank surrendered by Russian troops. Ukrainian media reported that the hacker group claims to have collected over RUB 1 billion (worth £7.8 million at the time of writing) and is offering to Russian soldiers RUB 5 million ($52,000) for each surrendered tank.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

How to Conduct a Cloud Security Assessment for Azure

Security Boulevard

Cloud platforms like Microsoft Azure offer incredible benefits in terms of cost savings, efficiency, and performance. But migrating to the […]. The post How to Conduct a Cloud Security Assessment for Azure appeared first on Sonrai Security. The post How to Conduct a Cloud Security Assessment for Azure appeared first on Security Boulevard.

94
article thumbnail

Charities and NGOs providing support in Ukraine hit by malware

Security Affairs

Malware based attacks are targeting charities and non-governmental organizations (NGOs) providing support in Ukraine. Charities and non-governmental organizations (NGOs) that in these weeks are providing support in Ukraine are targeted by malware attacks aiming to disrupt their operations. The news was reported by Amazon that associates the attacks with state-sponsored hackers and confirmed that it is helping customers impacted by the attacks to adopt security best practices. “For several

Malware 94
article thumbnail

XKCD ‘Outlet Denier’

Security Boulevard

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink. The post XKCD ‘Outlet Denier’ appeared first on Security Boulevard.

article thumbnail

You lead, and Zscaler will guide you along the way

Tech Republic Security

Change is the one constant in the world. By embracing technologies that enable business agility and resilience, you can lead your organization through unprecedented challenges with minimal disruption. Zscaler is helping thousands of enterprises enable their employees to work from anywhere, and we can help you too. Find out more to get your work-from-anywhere initiatives.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Feb 27- Mar 05 Ukraine – Russia the silent cyber conflict

Security Affairs

This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. March 5 – Anonymous #OpRussia Thousands of sites hacked, data leaks and more. Anonymous and its affiliates continue to target Russia and Belarus, it is also targeting the Russian disinformation machine. March 5 – Thousands of satellite users offline in Europe following a cyberattack, is it a conflict spillover?

DDOS 90
article thumbnail

International Women's Day 2022: Is the Tech revolution being led by women?

GlobalSign

For international women's day 2022, Globalsign wanted to draw a portrait of the women in the tech industry. Is the future of the sector going to be lead by women? What is is to be a women working in this industry and what is it done to retain them?

93
article thumbnail

What Is CPS 234 and Who Needs to Comply with It?

The State of Security

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new Standard emerged as an […]… Read More.

Banking 80
article thumbnail

Mozilla addresses two actively exploited zero-day flaws in Firefox

Security Affairs

Mozilla fixed two critical actively exploited zero-day bugs in Firefox with the release of 97.0.2, ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0. Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to address a couple of critical zero-day vulnerabilities, tracked as CVE-2022-26485 and CVE-2022-26485 , actively exploited in attacks.

Hacking 81
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

OT Cybersecurity Concerns Are Increasing Across the Globe

Security Boulevard

2021 was the year that marked a major cyber-attack against a critical national infrastructure organization whose impact was felt by millions of Americans on the East Coast. However, the attack against the Colonial Pipeline Company was not the only incident that affected the Operational Technology (OT) systems of a critical sector for the U.S. national […]… Read More.

article thumbnail

Security Affairs newsletter Round 356

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Charities and NGOs providing support in Ukraine hit by malware Lapsus$ gang leaks data allegedly stolen from Samsung Electronics Anonymous #OpRussia Thousands of sites hacked, data leaks and more Thousands of satellite users offline in Europe follo

article thumbnail

What Is CPS 234 and Who Needs to Comply with It?

Security Boulevard

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new Standard emerged as an […]… Read More.

Banking 52