Tue.Jul 12, 2022

article thumbnail

Security Vulnerabilities in Honda’s Keyless Entry System

Schneier on Security

Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. […].

Software 313
article thumbnail

Microsoft Patch Tuesday, July 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.

Internet 212
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Rolling Pwn lets you drive a Honda without the keys!?

Javvad Malik

The Rolling Pwn vulnerability can be used against some keyless Honda’s to unlock, start and drive off. It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass). On Twitter, @RobDrivesCars replicated the bug in a nice video to confirm that yes, the bug definitely works. .

IoT 182
article thumbnail

Critical infrastructure IIoT/OT security projects suffer high rates of failure

Tech Republic Security

Barracuda found that 93% of organizations in the areas of IIoT/OT have experienced a failed security project. The post Critical infrastructure IIoT/OT security projects suffer high rates of failure appeared first on TechRepublic.

Internet 157
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Experian FAILs yet Again — Hackers can Change Your Email Address

Security Boulevard

Credit reporting agency Experian has a nasty vulnerability. Why do we put up with this? The post Experian FAILs yet Again — Hackers can Change Your Email Address appeared first on Security Boulevard.

article thumbnail

6 best Acronis integrations

Tech Republic Security

Choosing additional security functionality for your software has never been easier. Here are six of the best Acronis integrations for your solutions. The post 6 best Acronis integrations appeared first on TechRepublic.

Software 148

More Trending

article thumbnail

Cybersecurity, data protection and inadequate IT budgets are top of mind for IT professionals

Tech Republic Security

Outdated legacy systems is also on the list of challenges Kaseya’s annual IT operations benchmark report for 2022. The post Cybersecurity, data protection and inadequate IT budgets are top of mind for IT professionals appeared first on TechRepublic.

article thumbnail

How One Company Survived a Ransomware Attack Without Paying the Ransom

eSecurity Planet

The first signs of the ransomware attack at data storage vendor Spectra Logic were reports from a number of IT staffers about little things going wrong at the beginning of the day. Matters steadily worsened within a very short time and signs of a breach became apparent. Screens then started to display a ransom demand, which said files had been encrypted by the NetWalker ransomware virus.

article thumbnail

Reskilling heroes: Understanding the new opportunities for vets in America’s fast-growing cyber sector

Tech Republic Security

These nonprofit organizations can help veterans get started in the cybersecurity industry. The post Reskilling heroes: Understanding the new opportunities for vets in America’s fast-growing cyber sector appeared first on TechRepublic.

article thumbnail

Barracuda report: Almost everyone faced an industrial attack in the last year

CSO Magazine

A report commissioned by cloud security company Barracuda found that 94% of respondents have experienced some form of attack on their industrial IoT (IIoT) or operational technology (OT) systems during the last 12 months. The State of Industrial Security in 2022 report surveyed 800 senior IT and security officers responsible for these industrial systems.

IoT 125
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Acronis vs Backblaze: Backup service provider comparison

Tech Republic Security

Acronis and Backblaze are some of the most popular backup services available, but their ideal use cases differ. See which solution is the best fit for your business. The post Acronis vs Backblaze: Backup service provider comparison appeared first on TechRepublic.

Backups 142
article thumbnail

The Great Cybersecurity Resignation

The State of Security

In 2022, the buzz phrase of the year has to be “The Great Resignation”. What is it? It’s a term coined to describe the current rise in people leaving their employer to find work elsewhere. But people have always moved on, right? Of course they have. Staff retention rates have always been a target for […]… Read More. The post The Great Cybersecurity Resignation appeared first on The State of Security.

article thumbnail

How security vulnerabilities pose risks for healthcare organizations

Tech Republic Security

An analysis by Cyber SecurityWorks uncovered 624 vulnerabilities that cybercriminals could exploit to target healthcare facilities. The post How security vulnerabilities pose risks for healthcare organizations appeared first on TechRepublic.

article thumbnail

Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs

Bleeping Computer

Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks. [.].

Phishing 124
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Hackers targeting victims with Amazon Prime Day scams

CyberSecurity Insiders

Amazon Prime Day customers will be delighted to hear the news that their favorite discount festival that was long awaited is soon going to begin on July 16th this year. On one hand, the news seems to be delightful, but on the other it seems to disappoint as hackers often use such online shopping festivals to mint money from innocent victims. Avanan, a Cloud based Email Security firm from New York, issued a warning to Amazon shoppers that cyber criminals could easily target them through email cam

Scams 115
article thumbnail

Play it safe: 5 reasons not to download pirated games

We Live Security

It’s all fun and games until you get hacked – and this is just one risk of downloading cracked games. The post Play it safe: 5 reasons not to download pirated games appeared first on WeLiveSecurity.

Risk 114
article thumbnail

The Complete Guide to Mandatory Access Control (MAC)

Heimadal Security

A security method known as mandatory access control, or MAC, limits the capacity of individual resource owners to grant or deny access to resource objects inside a file system. This is done so as part of an effort to prevent unauthorized access. The amount of sensitivity of the information included in a resource and the […]. The post The Complete Guide to Mandatory Access Control (MAC) appeared first on Heimdal Security Blog.

111
111
article thumbnail

Digital Twins in Cybersecurity: Reducing Industry 4.0 Risks

Security Boulevard

Large-scale digital transformation initiatives over the last decade mean that cyber-physical systems are now intertwined with many manufacturing and industrial processes. These intelligent systems use computing, networking and sensors to help monitor, control and optimize physical environments. There are also IoT devices connecting IT and OT environments, and smart devices get created and sold to….

Risk 108
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Hackers Are Able to Unlock Honda Vehicles Remotely

Heimadal Security

A vulnerability known as rolling-PWN makes it possible to launch replay attacks. These attacks include a threat actor stealing the codes sent from a key fob to a vehicle and then using those codes to unlock or start the vehicle. What Happened? Researchers in the field of data security discovered that certain newer models of […]. The post Hackers Are Able to Unlock Honda Vehicles Remotely appeared first on Heimdal Security Blog.

article thumbnail

BazarCall Ransomware warning to all insurance firms

CyberSecurity Insiders

A Ransomware called BazarCall seems to target Insurance agents and clients and so Insurance specialist CFC has issued a warning to the companies into similar business and operating across the globe to step-up their defense-line against malware attacks, by proactively taking adequate measures. BazarCall has a peculiar habit of infecting its victims. As usual, it is being distributed by phishing emails, but tricks the victim into calling a call centre, instead of clicking on a malicious link.

Insurance 106
article thumbnail

Data Security – The Flip Side of Data Privacy

Security Boulevard

In the movie “The Truman Show,” Truman Burbank lived life in an almost perfect, if boring, setting. Arguably, his life is secure. Living your life as part of a carefully scripted reality TV show, watched by millions of people, is nothing if not secure. But privacy—that’s another matter altogether. In 1998, the movie was quite. The post Data Security – The Flip Side of Data Privacy appeared first on Security Boulevard.

article thumbnail

Microsoft announced the general availability of Windows Autopatch feature

Security Affairs

Microsoft announced the general availability of a feature called Autopatch that automatically updates Windows and Office software. Microsoft announced the general availability of a service called Autopatch that automates the process of managing and rolling out updates to Windows and Office software. The feature is available for Windows Enterprise E3 and E5 licenses, but Windows Education (A3) or Windows Front Line Worker (F3) licenses are not covered.

Education 101
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

VMware patches vCenter Server flaw disclosed in November

Bleeping Computer

Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA (Integrated Windows Authentication) mechanism, VMware has finally released a patch for one of the affected versions. [.].

article thumbnail

Software developers have a supply chain security problem

InfoWorld on Security

Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem. We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting under someone’s desk. We spend all this time protecting our runtimes, then deploy to them using amateur tooling. . [ Also on InfoWorld: Where software development is headed in 2022 ].

Software 103
article thumbnail

CISA orders agencies to patch new Windows zero-day used in attacks

Bleeping Computer

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild. [.].

99
article thumbnail

Fake streamed cricket matches knocks victims for six

Malwarebytes

An incredible scam which resembles hidden camera prank shows has been shut down by police. Four men were arrested last week in connection with the con-job involving fake cricket and online betting. It begins in Russia, takes a trip to India, and ends up back in Russia. Here’s how it unfolded: Setting the stage. People living in India who are interested in betting on sports tend to gravitate online.

Scams 93
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending

CSO Magazine

In late June, the House Armed Services Committee approved its version of the National Defense Authorization Act (NDAA) for the Fiscal Year 2023 with a $37 billion funding increase over what President Joe Biden requested. This week the whole House will debate the must-pass funding legislation. The NDAA, enacted every year to fund the U.S. military, has in previous years been a vehicle through which a wide swath of cybersecurity legislation has passed, given the struggles that standalone cybersecu

article thumbnail

Rise in Qakbot attacks traced to evolving threat techniques

Security Boulevard

Active since 2008, Qakbot, also known as QBot, QuackBot and Pinkslipbot, is a common trojan malware designed to steal passwords. This pervasive threat spreads using an email-driven botnet that inserts replies in active email threads. Qakbot threat actors are also known to target bank customers and use the access they gain through compromised credentials to spy on financial operations and gain valuable intel.

Malware 98
article thumbnail

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

The Hacker News

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity.

98
article thumbnail

Poor Firewall Implementations Pave Wave for DDoS Attacks

Security Boulevard

Organizations often tend to heavily and exclusively rely on firewalls, load balancers, and VPNs, among others, to prevent DDoS attacks, secure their mission-critical assets, and protect their IT infrastructure. But. The post Poor Firewall Implementations Pave Wave for DDoS Attacks appeared first on Indusface. The post Poor Firewall Implementations Pave Wave for DDoS Attacks appeared first on Security Boulevard.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.