Tue.Jul 12, 2022

article thumbnail

Security Vulnerabilities in Honda’s Keyless Entry System

Schneier on Security

Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. […].

Software 360
article thumbnail

Microsoft Patch Tuesday, July 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.

Internet 279
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Rolling Pwn lets you drive a Honda without the keys!?

Javvad Malik

The Rolling Pwn vulnerability can be used against some keyless Honda’s to unlock, start and drive off. It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass). On Twitter, @RobDrivesCars replicated the bug in a nice video to confirm that yes, the bug definitely works. .

IoT 182
article thumbnail

How security vulnerabilities pose risks for healthcare organizations

Tech Republic Security

An analysis by Cyber SecurityWorks uncovered 624 vulnerabilities that cybercriminals could exploit to target healthcare facilities. The post How security vulnerabilities pose risks for healthcare organizations appeared first on TechRepublic.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

How One Company Survived a Ransomware Attack Without Paying the Ransom

eSecurity Planet

The first signs of the ransomware attack at data storage vendor Spectra Logic were reports from a number of IT staffers about little things going wrong at the beginning of the day. Matters steadily worsened within a very short time and signs of a breach became apparent. Screens then started to display a ransom demand, which said files had been encrypted by the NetWalker ransomware virus.

article thumbnail

Critical infrastructure IIoT/OT security projects suffer high rates of failure

Tech Republic Security

Barracuda found that 93% of organizations in the areas of IIoT/OT have experienced a failed security project. The post Critical infrastructure IIoT/OT security projects suffer high rates of failure appeared first on TechRepublic.

Internet 167

LifeWorks

More Trending

article thumbnail

6 best Acronis integrations

Tech Republic Security

Choosing additional security functionality for your software has never been easier. Here are six of the best Acronis integrations for your solutions. The post 6 best Acronis integrations appeared first on TechRepublic.

Software 148
article thumbnail

Experian FAILs yet Again — Hackers can Change Your Email Address

Security Boulevard

Credit reporting agency Experian has a nasty vulnerability. Why do we put up with this? The post Experian FAILs yet Again — Hackers can Change Your Email Address appeared first on Security Boulevard.

article thumbnail

Cybersecurity, data protection and inadequate IT budgets are top of mind for IT professionals

Tech Republic Security

Outdated legacy systems is also on the list of challenges Kaseya’s annual IT operations benchmark report for 2022. The post Cybersecurity, data protection and inadequate IT budgets are top of mind for IT professionals appeared first on TechRepublic.

article thumbnail

The Complete Guide to Mandatory Access Control (MAC)

Heimadal Security

A security method known as mandatory access control, or MAC, limits the capacity of individual resource owners to grant or deny access to resource objects inside a file system. This is done so as part of an effort to prevent unauthorized access. The amount of sensitivity of the information included in a resource and the […]. The post The Complete Guide to Mandatory Access Control (MAC) appeared first on Heimdal Security Blog.

126
126
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Reskilling heroes: Understanding the new opportunities for vets in America’s fast-growing cyber sector

Tech Republic Security

These nonprofit organizations can help veterans get started in the cybersecurity industry. The post Reskilling heroes: Understanding the new opportunities for vets in America’s fast-growing cyber sector appeared first on TechRepublic.

article thumbnail

Barracuda report: Almost everyone faced an industrial attack in the last year

CSO Magazine

A report commissioned by cloud security company Barracuda found that 94% of respondents have experienced some form of attack on their industrial IoT (IIoT) or operational technology (OT) systems during the last 12 months. The State of Industrial Security in 2022 report surveyed 800 senior IT and security officers responsible for these industrial systems.

IoT 125
article thumbnail

Acronis vs Backblaze: Backup service provider comparison

Tech Republic Security

Acronis and Backblaze are some of the most popular backup services available, but their ideal use cases differ. See which solution is the best fit for your business. The post Acronis vs Backblaze: Backup service provider comparison appeared first on TechRepublic.

Backups 148
article thumbnail

Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs

Bleeping Computer

Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks. [.].

Phishing 125
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Play it safe: 5 reasons not to download pirated games

We Live Security

It’s all fun and games until you get hacked – and this is just one risk of downloading cracked games. The post Play it safe: 5 reasons not to download pirated games appeared first on WeLiveSecurity.

Hacking 124
article thumbnail

‘Callback’ Phishing Campaign Impersonates Security Firms

Threatpost

Victims instructed to make a phone call that will direct them to a link for downloading malware.

Phishing 124
article thumbnail

The Great Cybersecurity Resignation

The State of Security

In 2022, the buzz phrase of the year has to be “The Great Resignation”. What is it? It’s a term coined to describe the current rise in people leaving their employer to find work elsewhere. But people have always moved on, right? Of course they have. Staff retention rates have always been a target for […]… Read More. The post The Great Cybersecurity Resignation appeared first on The State of Security.

article thumbnail

Paying ransomware crooks won’t reduce your legal risk, warns regulator

Naked Security

"We paid the crooks to keep things under control and make a bad thing better". isn't a valid excuse. Who knew?

Risk 122
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

The President of European Central Bank Christine Lagarde targeted by hackers

Security Affairs

Christine Lagarde, the president of the European Central Bank, was the target of a failed hacking attempt. The European Central Bank confirmed that its President, Christine Lagarde, was the target of a failed hacking attempt. The European Central Bank revealed that the hacking attempt took place recently, but the good news it that its experts were able to detect and halt it. “The attempt took place “recently,” the Frankfurt-based central bank for the 19 countries that use the euro said in

Banking 121
article thumbnail

Fake streamed cricket matches knocks victims for six

Malwarebytes

An incredible scam which resembles hidden camera prank shows has been shut down by police. Four men were arrested last week in connection with the con-job involving fake cricket and online betting. It begins in Russia, takes a trip to India, and ends up back in Russia. Here’s how it unfolded: Setting the stage. People living in India who are interested in betting on sports tend to gravitate online.

Scams 117
article thumbnail

Hackers Are Able to Unlock Honda Vehicles Remotely

Heimadal Security

A vulnerability known as rolling-PWN makes it possible to launch replay attacks. These attacks include a threat actor stealing the codes sent from a key fob to a vehicle and then using those codes to unlock or start the vehicle. What Happened? Researchers in the field of data security discovered that certain newer models of […]. The post Hackers Are Able to Unlock Honda Vehicles Remotely appeared first on Heimdal Security Blog.

article thumbnail

Hackers targeting victims with Amazon Prime Day scams

CyberSecurity Insiders

Amazon Prime Day customers will be delighted to hear the news that their favorite discount festival that was long awaited is soon going to begin on July 16th this year. On one hand, the news seems to be delightful, but on the other it seems to disappoint as hackers often use such online shopping festivals to mint money from innocent victims. Avanan, a Cloud based Email Security firm from New York, issued a warning to Amazon shoppers that cyber criminals could easily target them through email cam

Scams 115
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

PyPI starts rolling out required 2FA for important projects

Malwarebytes

The Python Package Index (PyPI) says it has begun rolling out a two-factor authentication (2FA) requirement which enforces maintainers of critical projects to have 2FA enabled to publish, update, or modify them. PyPI plays an important role in the Python developers’ ecosystem. Python repository. PyPi is the repository of software for the Python programming language.

Software 113
article thumbnail

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Security Affairs

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. Threat actors are attempting to compromise a large number of cloud-based systems to mine cryptocurrency with a significant impact on target organizations in terms of resource consumption and cost.

article thumbnail

Digital Twins in Cybersecurity: Reducing Industry 4.0 Risks

Security Boulevard

Large-scale digital transformation initiatives over the last decade mean that cyber-physical systems are now intertwined with many manufacturing and industrial processes. These intelligent systems use computing, networking and sensors to help monitor, control and optimize physical environments. There are also IoT devices connecting IT and OT environments, and smart devices get created and sold to….

Risk 110
article thumbnail

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The Hacker News

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.

Malware 106
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

BazarCall Ransomware warning to all insurance firms

CyberSecurity Insiders

A Ransomware called BazarCall seems to target Insurance agents and clients and so Insurance specialist CFC has issued a warning to the companies into similar business and operating across the globe to step-up their defense-line against malware attacks, by proactively taking adequate measures. BazarCall has a peculiar habit of infecting its victims. As usual, it is being distributed by phishing emails, but tricks the victim into calling a call centre, instead of clicking on a malicious link.

Insurance 106
article thumbnail

Software developers have a supply chain security problem

InfoWorld on Security

Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem. We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting under someone’s desk. We spend all this time protecting our runtimes, then deploy to them using amateur tooling. . [ Also on InfoWorld: Where software development is headed in 2022 ].

Software 106
article thumbnail

Microsoft announced the general availability of Windows Autopatch feature

Security Affairs

Microsoft announced the general availability of a feature called Autopatch that automatically updates Windows and Office software. Microsoft announced the general availability of a service called Autopatch that automates the process of managing and rolling out updates to Windows and Office software. The feature is available for Windows Enterprise E3 and E5 licenses, but Windows Education (A3) or Windows Front Line Worker (F3) licenses are not covered.

Education 106
article thumbnail

Data Security – The Flip Side of Data Privacy

Security Boulevard

In the movie “The Truman Show,” Truman Burbank lived life in an almost perfect, if boring, setting. Arguably, his life is secure. Living your life as part of a carefully scripted reality TV show, watched by millions of people, is nothing if not secure. But privacy—that’s another matter altogether. In 1998, the movie was quite. The post Data Security – The Flip Side of Data Privacy appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!