Schneier on Security
OCTOBER 18, 2022
Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.
Krebs on Security
OCTOBER 18, 2022
When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do an
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 18, 2022
Mike Arrowsmith, chief trust officer at NinjaOne, makes the case for a permanent shift in the way businesses conduct remote security. The post Plugging holes remote work punched through security appeared first on TechRepublic.
Security Affairs
OCTOBER 18, 2022
Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party o
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CSO Magazine
OCTOBER 18, 2022
Humanitarian initiatives have always been of huge global importance, but perhaps never more so than over the past few years. The impacts of the COVID-19 pandemic, unprecedented shifts in weather patterns limiting resource availability and triggering mass migration, Russia’s invasion of Ukraine, and some of the largest rises in living costs for decades have all brought new urgency to the vital support humanitarian work (often led by nonprofits) provides those in need.
CyberSecurity Insiders
OCTOBER 18, 2022
Schools operating in all districts of Texas are issuing DNA Kits to families that will in-turn help identify children during emergencies, such as the one witnessed in Uvalde in May this year where over 19 people including 17 children were killed by a mentally unstable person. The process seems to be efficiently beneficial only if the digital data given to the school authorities by families remains secure and away from prying eyes.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
OCTOBER 18, 2022
As the United States nears the 2022 mid-term elections, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued two back-to-back public service announcements (PSAs) that address the state of play when it comes to election integrity. The first announcement , seemingly designed to enhance voters’ faith in the election process, said the two agencies “assess that any attempts by cyber actors to compromise election infrastructure are unlikely t
Security Boulevard
OCTOBER 18, 2022
Cryptocurrency is becoming mainstream—both as a digital currency and as a fraud target. More than 300 million people use crypto worldwide and 16% of Americans say they have invested in, traded or used cryptocurrency. Meanwhile, cryptocurrency hacks are on the rise, with more than $1 billion stolen so far this year. The cryptocurrency industry has. The post The Five Ws of Cryptocurrency Fraud — and How We Can Stop It appeared first on Security Boulevard.
CSO Magazine
OCTOBER 18, 2022
Millennials and Gen Z employees in the US are much less likely to prioritize or adhere to cybersecurity protocols than their older Gen X and Baby Boomer counterparts, according to a recent survey by EY Consulting. The survey suggests that despite understanding the need for security measures, younger, digitally native workers were significantly more likely to disregard mandatory IT updates for as long as possible (58% for Gen Z and 42% for millennials vs. 31% for Gen X and 15% for baby boomers).
Security Affairs
OCTOBER 18, 2022
A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft in Office 365 that can allow to access message contents due. The experts pointed out that Microsoft Office 365 Message Encryption (OME) relies on Electronic Codebook (ECB) mode of operation.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
OCTOBER 18, 2022
The pandemic sped up digitalization, increasing opportunities and risks. With more devices entering the digital space, interacting with one another or creating dependencies, IoT device connections became more complex and vulnerable. Predictions show that by 2025, over 85% of enterprises will have more smart edge devices on their network than laptops, tablets, desktops or smartphones.
Appknox
OCTOBER 18, 2022
As we are in the midst of the October Cybersecurity Awareness Month of 2022, all of us need to be more cautious than ever regarding the risks surrounding an increasingly complex and lethal cyber threat landscape.
Security Affairs
OCTOBER 18, 2022
China-linked threat actors APT41 (a.k.a. Winnti ) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.
Bleeping Computer
OCTOBER 18, 2022
Microsoft has released the long-awaited Windows 11 tabbed File Explorer, Suggested Actions, Taskbar Overflow features, and Task Manager quick-access features in a new preview cumulative update. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
OCTOBER 18, 2022
An email leak from an employee working in Google has confirmed that the so called ‘Incognito Mode’ offered by the web search giant on its Chrome browser is useless as it doesn’t serve the intended purpose. A consumer lawsuit has been filed on this note in Oakland, California and the judge will review it and might impose a hefty penalty accounting to billions on the internet juggernaut if/when found guilty.
Security Affairs
OCTOBER 18, 2022
HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed a critical remote code execution vulnerability, tracked as CVE-2022-42948, in its platform. The company released an out-of-band security update to address the remote code execution issue that can be exploited by an attacker to take control of targeted
CSO Magazine
OCTOBER 18, 2022
Today’s complex cybersecurity landscape regularly exposes the weaknesses of disconnected security solutions. In breach after breach, we see attackers taking advantage of gaps and vulnerabilities in legacy systems and devices, underscoring the reality that a pieced-together security infrastructure is woefully inadequate for stopping modern, sophisticated threats.
eSecurity Planet
OCTOBER 18, 2022
The vast majority of cybersecurity decision makers – 91 percent, in fact – find it difficult to select security products due to unclear marketing, according to the results of a survey of 800 cybersecurity and IT decision makers released today by email security company Egress. “IT Security buyers don’t have as much time as they’d like to research and choose security solutions – a situation exacerbated by vendors that exaggerate their capabilities and sell products that don’
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
OCTOBER 18, 2022
GitGuardian has added infrastructure-as-code (IaC) scanning to its code security platform to enhance the security of software development. The firm said the new feature will help security and development teams write, maintain, and run secure code, protecting the software development lifecycle (SDLC) against risks like tampering, code leakage and hardcoded credentials.
Heimadal Security
OCTOBER 18, 2022
Medibank, a health insurance company providing services for more than 3.9 million people in Australia, recently confirmed that a ransomware attack was the cause of last week’s cyberattack and interruption of online services. The company issued an official statement apologizing for the temporary outage and confirming that a ransomware attack had occurred, and informed customers […].
The Hacker News
OCTOBER 18, 2022
Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces for starting their relationship. Ransomware can be like a virtual car that works on all types of fuels, and crypto is the one that is currently most recommended.
eSecurity Planet
OCTOBER 18, 2022
SafeBreach Labs researchers recently uncovered a new fully undetectable (FUD) PowerShell backdoor that uses a novel approach to disguise itself as part of the Windows update process. “The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims,” SafeBreach director of security research Tomer Bar wrote in a blog post today detailing the findings.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
OCTOBER 18, 2022
Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. Zoom Client for Meetings for macOS (Standard and for IT Admin) is affected by a debugging port misconfiguration. The issue, tracked as CVE-2022-28762, received a CVSS severity score of 7.3. When the camera mode rendering context is enabled as part of the Zoom App Layers API by running specific Zoom Apps, a local debugging port is opened by the client.
Security Boulevard
OCTOBER 18, 2022
One of the most common tasks IT service and help desks carry out are resetting user passwords. Unfortunately, despite it being an easy task, it’s both tedious for IT staff and incredibly costly to a company. Passwords remain the core authentication method for many businesses, so this issue is a top priority. Why are account lockouts and password resets so.
Security Affairs
OCTOBER 18, 2022
An international law enforcement operation led by Europol disrupted a cybercrime ring focused on hacking wireless key fobs to steal cars. The French authorities in cooperation with their Spanish and Latvian peers, and with the support of Europol and Eurojust, have dismantled a cybercrime organization specializing in the theft of cars by hacking key fobs. .
Security Boulevard
OCTOBER 18, 2022
One number kept popping up at this year’s (ISC)2 Security Congress in Las Vegas: 98.5%. Attendees at this year’s event heard CEO Clar Rosso and other speakers share that number a few times. What is 98.5%? It is the percentage of small businesses without a cybersecurity professional on staff. While it wasn’t made clear if. The post How CISA Helps SMBs Address the Security Talent Gap appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
OCTOBER 18, 2022
Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 (a.k.a. Winnti) that breached government agencies in Hong Kong and remained undetected for a year in some cases. [.].
The Hacker News
OCTOBER 18, 2022
The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees.
Malwarebytes
OCTOBER 18, 2022
Earlier this month, security researchers from Meta found 400 malicious Android and iOS apps designed to steal user Facebook login credentials. Such mobile malware, which Malwarebytes detects typically as Android/Trojan.Spy.Facestealer , usually arrives as an app disguised as a useful or entertaining tool. But before the app can be fully used, it asks users to login to their accounts, at which point their usernames and passwords are sent to the fraudsters.
Security Boulevard
OCTOBER 18, 2022
Many utilize CASB for SaaS security, but these platforms have blindspots that SSCPs do not have. Learn about the alternatives to CASB. The post Alternatives to CASB for SaaS Security appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
315 
Let's personalize your content