Mon.Jul 11, 2022

article thumbnail

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

The Last Watchdog

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised. Related: VPNs vs ZTNA. Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark , a supplier of VPN services aimed at the consumer and SMB markets.

VPN 225
article thumbnail

Nigerian Prison Break

Schneier on Security

There was a massive prison break in Abuja, Nigeria: Armed with bombs, Rocket Propelled Grenade (RPGs) and General Purpose Machine Guns (GPMG), the attackers, who arrived at about 10:05 p.m. local time, gained access through the back of the prison, using dynamites to destroy the heavily fortified facility, freeing 600 out of the prison’s 994 inmates, according to the country’s defense minister, Bashir Magashi… What’s interesting to me is how the defenders got the threat mo

191
191
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Apple to tackle the cybersurveillance industry with new Lockdown mode

Tech Republic Security

The optional feature will be launched next fall to protect users who are particularly at risk of being targeted by advanced cyberattacks. The post Apple to tackle the cybersurveillance industry with new Lockdown mode appeared first on TechRepublic.

Risk 157
article thumbnail

New Highly-Evasive Linux Malware Infects All Running Processes

eSecurity Planet

Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit , the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” and “remote capabilities over SSH.”.

Malware 140
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

China Mind-Reading AI Tech can detect political deflectors early

CyberSecurity Insiders

China has finally developed a mind-reading technology related to Artificial Intelligence that can detect political deflectors early. Comprehensive National Science Centre in Hefei claims it has produced software that can not only measure the political loyalty of Chinese voters towards parties like the Communist Party but can also read the mind of politicians and catch them before they deflect to other parties.

article thumbnail

Europe threatens to ban Facebook over data transfers to the US

Malwarebytes

If regulators have their way, data transfers from Facebook and Instagram between Europe and the United States could stop this summer. (WhatsApp, another Meta service, will not be affected by the decision as it has a different data controller within Meta.) This could force Meta, Facebook’s parent company, to undergo some radical changes with the way it handles data from Europe, such as setting up local data centers.

More Trending

article thumbnail

Microsoft stops Windows 10 and 11 updates in Russia

CyberSecurity Insiders

Russia might soon start facing a lot of cyber troubles as most of the computers operating in the region are not been able to grasp updates, as the technology giant from America has chosen to skip up the entire region from now on, regarding software patches. In March 2022, as soon as Russian started an invasion of Ukraine, the Satya Nadella’s company announced a business withdrawal from the Russian Federation in retaliation for the war that is killing innocent Ukrainians.

Software 121
article thumbnail

How Honeypots Help IT Teams Defend against Cyber Attacks

Heimadal Security

Honeypots are designed to trick attackers into thinking they’ve found a real machine. The goal is to deceive them into committing attacks against a fake system, thereby uncovering their tactics and network behaviors. Many organizations use honeypots alongside website security software to improve their intrusion prevention and detection systems (IDPS).

article thumbnail

France Virtual Mobile Operator La Poste Mobile targeted by ransomware attack

CyberSecurity Insiders

France-based virtual mobile operator ‘La Poste Mobile’ has made a public announcement through its website admitting to have become a victim to ransomware attack. And preliminary inquiries state that the attack could be of LockBit variant that targeted the systems on July 4th of this year. As of now, news is out that the file encrypting malware attack only affected the systems related to administration and management and did not affect the customer-base.

Mobile 119
article thumbnail

Text-based fraud: from 419 scams to vishing

SecureList

E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. But there is a specific class of attacks that is technically stuck somewhere in the late 90s/early 00s, in the era of CRT monitors and sluggish internet: we are talking about text-based fraud. Attackers of this kind do not carefully imitate the appearance of e-mails from major companies, do not redirect the victim to a fake site, do not obfuscate links and do not

Scams 103
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Ransomware news trending on Google

CyberSecurity Insiders

1. A Financial service offering company to healthcare industry has admitted that a ransomware attack on its data firm could have led to a data breach affecting over 600 healthcare establishments. The firm that is being discussed is Professional Finance Company Inc (PFC) and was founded in the year 1904 and allows customers of various government organizations, utility firms and healthcare to pay their bills on time.

article thumbnail

Experts warn of the new 0mega ransomware operation

Security Affairs

BleepingComputer reported a new ransomware operation named 0mega that is targeting organizations worldwide. 0mega is a new ransomware operation that is targeting organizations worldwide using a double-extortion model, BleepingComputer reported. The ransomware operation has been active at least since May 2022 and already claimed to have breached multiple organizations.

article thumbnail

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

1.) Samsung has issued a public statement that it treats the data generated by its customers as a state secret and protects it with chip-level security to safeguard sensitive information. Reacting to the news on the government spyware like NSO Group Pegasus and Android affecting Hermit malware, the Mobile Giant of Korea said that it offers a firm commitment to safeguarding the personal and sensitive information of its users.

article thumbnail

Microsoft appears to be rolling back Office Macro blocking

Malwarebytes

We’re seeing several reports indicating that Microsoft may have rolled back its decision to block Macros in Office. Currently no official statement exists—the reports rely on a post by a Microsoft employee in the replies of the original article where the plan to block macros was announced. Earlier this year, Microsoft decided to disable macros downloaded from the Internet in five Office apps, by default.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Anubis Networks is back with new C2 server

Security Affairs

A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Anubis Network is a C2 portal developed to control fake portals and aims to steal credentials to fully access the real systems. This C2 server is controlled by a group of operators that come from the previous analysis in 2022, the various brands being divided among the operators of

Phishing 100
article thumbnail

Microsoft: Windows Autopatch is now generally available

Bleeping Computer

Microsoft says that Windows Autopatch, an enterprise service that automatically keeps Windows and Microsoft 365 software up to date, is generally available starting today. [.].

article thumbnail

US Gov’t Flip-Flops on NSO Group Sale to L3Harris

Security Boulevard

NSO Group, notorious makers of the notorious Pegasus spyware, has been in acquisition talks with huge defense contractor L3Harris. The post US Gov’t Flip-Flops on NSO Group Sale to L3Harris appeared first on Security Boulevard.

Spyware 98
article thumbnail

Mangatoon Sufferes Major Data Breach

Heimadal Security

Mangatoon is a comic book, manhua, manhwa, and manga reading app that is completely free to use. The program is very well-liked on both iOS and Android, and it is used by millions of individuals in order to view manga comics online. What Happened? Following the theft of user account information from an unprotected Elasticsearch […]. The post Mangatoon Sufferes Major Data Breach appeared first on Heimdal Security Blog.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Upskilling IT Security Talent a Smart Bet 

Security Boulevard

With demand for cybersecurity professionals at an all-time high and companies facing acute staffing shortages, organizations should look to upskilling young cybersecurity workers as an employee retention strategy, according to a report from (ISC)². The study, which polled 1,250 hiring managers at small, mid-sized and large organizations in the United States, Canada, United Kingdom and.

article thumbnail

Companies Are Targeted in Double-Extortion Attacks Launched by 0mega Ransomware

Heimadal Security

‘0mega,’ a brand-new ransomware group, targets businesses all over the world with double-extortion attacks and asks for millions of dollars in ransom. 0mega made its debut in May 2022, and since then, the novel ransomware campaign has targeted an impressive number of victims. More on 0mega Ransomware According to BleepingComputer, no ransomware sample for the […].

article thumbnail

Safe Security Provides Free Cybersecurity Cost Benchmarking Tool

Security Boulevard

Safe Security has made available a free cybersecurity benchmarking tool for predicting cyberattack risk within vertical industry segments and can be tuned by organizations to better assess their own chances of being attacked. Saket Modi, Safe Security CEO, said the CRQ Calculator combines cybersecurity threat intelligence and telemetry data it collects to ascertain attack costs.

article thumbnail

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

The Hacker News

Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

The Next Frontier for Identity Governance: Intelligent IGA

Security Boulevard

When we think about the future, we think of autonomous vehicles, artificial intelligence (AI) and an interconnected metaverse. AI often invokes the dystopian worlds of movies like The Terminator or The Matrix, where machines are displacing humans at every turn. But we see the future as slightly more harmonious than in those movies, with less. The post The Next Frontier for Identity Governance: Intelligent IGA appeared first on Security Boulevard.

article thumbnail

Hackers can unlock Honda cars remotely in Rolling-PWN attacks

Bleeping Computer

A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely. [.].

article thumbnail

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

Security Boulevard

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised. Related: VPNs vs ZTNA. Now comes hard metrics quantifying the scope of this … (more…). The post Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs appeared first on Security Boulevard.

article thumbnail

What It Takes to Tackle Your SaaS Security

The Hacker News

It's not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc., are amazing for enabling the hybrid workforce and hyper-productivity in businesses today.

96
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Can Behavioral Analytics Help Secure APIs?

Security Boulevard

A security team intending to enhance API security might start with a traditional tool set such as: The post Can Behavioral Analytics Help Secure APIs? appeared first on Security Boulevard.

98
article thumbnail

Rethinking Vulnerability Management in a Heightened Threat Landscape

Threatpost

Find out why a vital component of vulnerability management needs to be the capacity to prioritize from Mariano Nunez, CEO of Onapsis and Threatpost Infosec Insiders columnist.

InfoSec 89
article thumbnail

Zero Trust is Emerging as a Leading Security Strategy

Security Boulevard

Whilst the concepts of Zero Trust were articulated more than a decade ago, with rapid shift to remote working, digital transformation and demand for Cloud services, Zero Trust is finally gaining the attention it deserves and emerging as a leading…. The post Zero Trust is Emerging as a Leading Security Strategy appeared first on LogRhythm. The post Zero Trust is Emerging as a Leading Security Strategy appeared first on Security Boulevard.

article thumbnail

Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better

Dark Reading

Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.