Fri.Feb 25, 2022

article thumbnail

Russia Sanctions May Spark Escalating Cyber Conflict

Krebs on Security

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.

article thumbnail

Privacy Violating COVID Tests

Schneier on Security

A good lesson in reading the fine print : Cignpost Diagnostics, which trades as ExpressTest and offers £35 tests for holidaymakers, said it holds the right to analyse samples from seals to “learn more about human health” — and sell information on to third parties. Individuals are required to give informed consent for their sensitive medical data to be used ­ but customers’ consent for their DNA to be sold now as buried in Cignpost’s online documents.

233
233
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Russia’s invasion of Ukraine will affect your cybersecurity

Tech Republic Security

The conflict we all feared is expected to bring an increase of cyberattacks, but experts agree that all hope isn’t lost. The post How Russia’s invasion of Ukraine will affect your cybersecurity appeared first on TechRepublic.

article thumbnail

Free CyberSecurity Advice For Journalists In Ukraine

Joseph Steinberg

For Journalists In Ukraine: I am happy to discuss cyber safety with you – at no cost to you. If you would like to speak with me, please either contact me via my website or message me on social media. Stay safe! Joseph. The post Free CyberSecurity Advice For Journalists In Ukraine appeared first on Joseph Steinberg: CyberSecurity Expert Witness, Privacy, Artificial Intelligence (AI) Advisor.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Top 5 things to know about consent phishing

Tech Republic Security

Just when you thought you knew what phishing perils to watch out for, along comes a new spin: consent phishing. Here’s a look at this latest cybersecurity threat. The post Top 5 things to know about consent phishing appeared first on TechRepublic.

Phishing 193
article thumbnail

Conti ransomware gang: You attack Russia, we’ll hack you back

Graham Cluley

The Conti ransomware gang says that it supports the Russian government's invasion of Ukraine. and if anyone launches a retaliatory cyber attack against Russia, they will hit back hard - launching attacks on critical infrastructure.

More Trending

article thumbnail

Hackers Wanted—Ukraine Government Calls up its ‘Cybercommunity’

Security Boulevard

The Ukranian Defense Ministry is calling up volunteers to join a “cyber force”—to defend against Russian attacks. The post Hackers Wanted—Ukraine Government Calls up its ‘Cybercommunity’ appeared first on Security Boulevard.

article thumbnail

Top 5 ways to combat smishing

Tech Republic Security

Smishing isn’t a new teen craze you aren’t aware of, or something on Urban Dictionary you might regret looking up. Here's what you need to know about smishing. The post Top 5 ways to combat smishing appeared first on TechRepublic.

122
122
article thumbnail

DevOps vs SRE (Site Reliability Engineer): Rivals or Companions?

Security Boulevard

The post DevOps vs SRE (Site Reliability Engineer): Rivals or Companions? appeared first on PeoplActive. The post DevOps vs SRE (Site Reliability Engineer): Rivals or Companions? appeared first on Security Boulevard.

article thumbnail

Conti gang says it's ready to hit critical infrastructure in support of Russian government

CSO Magazine

The infamous cybercriminal group behind the Conti ransomware has publicly announced its full support for the Russian government while the country's army is invading Ukraine and threatened to strike the critical infrastructure of anyone launching cyberattacks or war actions against Russia. The move comes after Twitter accounts claiming association with the Anonymous hacktivist collective declared "cyberwar" against the Russian government and took credit for distributed denial-of-service (DDoS) at

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Preparing enterprise networks for destructive Russian cyber attacks

Security Boulevard

Russia's invasion of Ukraine in full force very likely will topple the Ukrainian government and give Putin the option of putting in power a government and leader that he can control. Putin sees this invasion as a great opportunity to increase divisions within the NATO alliance and other European nations. . . The IronNet Threat Research Team is tracking daily updates and cyber implications in.

article thumbnail

Russian Cyber Threats: Practical Advice For Security Leaders

Digital Shadows

As I spent Wednesday night doom scrolling into the early hours of the morning, I felt pretty powerless as I. The post Russian Cyber Threats: Practical Advice For Security Leaders first appeared on Digital Shadows.

article thumbnail

Microsoft on Multi-Cloud: It’s the New Imperative But Cyberattacks Present Challenges

Security Boulevard

Microsoft on Multi-Cloud: It’s the New Imperative But Cyberattacks Present Challenges. brooke.crothers. Fri, 02/25/2022 - 12:23. 9 views. With its new multi-cloud strategy, Microsoft is stressing security. It’s “the mother of all problems,” Microsoft’s new security chief Charlie Bell said to the Wall Street Journal in an interview. “If you don’t solve it, all the other technology stuff just doesn’t happen.”.

article thumbnail

Microsoft: January Windows Server updates cause Netlogon issues

Bleeping Computer

Microsoft says Windows Server security updates released on and since the January 2022 Patch Tuesday might prevent applications and network appliances from creating Netlogon secure channels if installed on domain controllers. [.].

127
127
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Electron Bot Malware on Microsoft App Store and Cuba Ransomware on Exchange Servers

CyberSecurity Insiders

A malware that can take over social media accounts of victims is seen propelling on Microsoft App Store and reports are in that it has so far infected over 5,000 accounts in the disguise of fake Temple Run and Subway Surfer games. Interesting part of this malware spreading scheme is that it is being spread on the official app store of the Windows giant and the malware dubbed as Electron Bot has the capabilities of taking over full screens of its victims, there by stealing login credentials and c

Malware 121
article thumbnail

HSE to Pay a Huge Cost After Major 2021 Ransomware Attack

Heimadal Security

Conti ransomware is an extremely damaging malicious actor due to the speed with which it encrypts data and spreads to other systems. To penetrate a victim’s systems Conti ransomware operators will employ a wide variety of tactics. The hackers will usually begin by trying to persuade an employee to hand out credentials, usually using a […]. The post HSE to Pay a Huge Cost After Major 2021 Ransomware Attack appeared first on Heimdal Security Blog.

article thumbnail

BlackCat ransomware

CyberSecurity Insiders

This blog was jointly written with Santiago Cortes. Executive summary. AT&T Alien Labs™ is writing this report about recently created ransomware malware dubbed BlackCat which was used in a January 2022 campaign against two international oil companies headquartered in Germany, Oiltanking and Mabanaft. The attack had little impact on end customers, but it does serve to remind the cybersecurity community of the potential for threat actors to continue attacks against critical infrastructur

article thumbnail

Mandiant adds ransomware defense validation to XDR security platform

CSO Magazine

Cyberdefense and response company Mandiant is offering a new Ransomware Defense Validation service for its SaaS-based XDR (extended detection and response) platform, Mandiant Advantage, to help organizations measure the ability of their security systems to prevent ransomware attacks. The subscription service, now generally available, is designed to combine threat intelligence, ransomware reconfiguration capabilities, and an automated validation infrastructure to help security leaders understand

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Cybersecurity Incident Response Plans Need Far More Attention

CyberSecurity Insiders

By Robert Ackerman Jr. Late last summer, T-Mobile, a major cellphone service carrier, once again made negative headlines on the cybersecurity front. It announced that hackers had confiscated information under its wings from more than 50 million people, some not even current customers, including their names, Social Security numbers and driver’s license numbers.

article thumbnail

Doxing Attacks: From Hacker Tool to Societal Problem

eSecurity Planet

The malicious attack known as doxing has gone far beyond hacker tools, with the threat now extending to most social media platforms and making nearly anyone a target. Today, doxing continues to be an intimidating prospect for digital users and is a mainstream data security problem. Online users can have a great deal of anonymity, but the growth of digital platforms makes obtaining information more accessible than ever.

article thumbnail

GPU giant Nvidia is investigating a potential cyberattack

Bleeping Computer

US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days. [.].

134
134
article thumbnail

Countdown to PCI DSS v4.0

PCI perspectives

With PCI DSS v4.0 fast approaching, Lauren Holloway, Director, Data Security Standards, shares updates and reminders of what to expect in the coming months.

119
119
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Anonymous launched its offensive on Russia in response to the invasion of Ukraine

Security Affairs

The popular collective Anonymous declared war on Russia for the illegitimate invasion of Ukraine and announced a series of cyber attacks calling to action its members. The Anonymous collective is calling to action against Russia following the illegitimate invasion of Ukraine. The famous groups of hackivists is also calling for action Russian citizens inviting them to express their dissent to Putin. “The Anonymous collective is officially in” cyber war “against the Russian gover

article thumbnail

Ransomware gangs, hackers pick sides over Russia invading Ukraine

Bleeping Computer

Hacker crews are picking sides as the Russian invasion into Ukraine continues, issuing bans and threats for supporters of the opposite side. [.].

article thumbnail

Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT

Dark Reading

Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks.

Phishing 131
article thumbnail

Identity Attack Watch: February 2022

Security Boulevard

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

Malware 110
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

The past is present: Riffing on a cybersecurity­appropriate tune for Black History Month

We Live Security

What can social movements of the past teach you about the future – and about protecting your digital self? The post The past is present: Riffing on a cybersecurity­appropriate tune for Black History Month appeared first on WeLiveSecurity.

article thumbnail

How solving small problems helps you deliver big value

Security Boulevard

I’ve noticed a lot of teams that feel detached from the business take on work they perceive as sexy or fashionable, hoping to get recognized as valuable. They think these BHAGs (Big, Hairy A** Goals) will show their value. It’s a trap! Often the team overlooks deep seated friction and structural challenges when taking on […]. The post How solving small problems helps you deliver big value appeared first on Security Boulevard.

109
109
article thumbnail

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Security Affairs

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151.

Phishing 108
article thumbnail

7 Steps to Take Right Now to Prepare for Cyberattacks by Russia

Dark Reading

A lot of the recommended preparation involves measures organizations should have in place already.

143
143
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.