Krebs on Security

JUNE 10, 2022

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email. In October 2018, prosecutors in the Southern District of California named four Adconion employees — Jacob Bychak , Mark Manoogian , Petr Pacas , and Mohammed Abdul Qayyum

Government 245

Government Marketing Internet Internet 245

Anton on Security

JUNE 10, 2022

One of the things I do every year at the RSA conference is to wander the expo halls trying to deduce themes and trends for the industry. Before I go into my specific observations, I wanted to share what impressed me the most this time. My first reaction was the normalcy of it all?—?it came as a shock as this was my first big event after, well, RSA 2020.

VPN 189

VPN Marketing Firewall Passwords 189

Tech Republic Security

JUNE 10, 2022

If you’re like most people, you may become overwhelmed by the number of passwords created, used and remembered in your everyday life. Password managers like Bitwarden and LastPass make those tasks easier. The post Bitwarden vs LastPass: Compare top password managers appeared first on TechRepublic.

Password Management 159

Password Management Passwords Software 159

Dark Reading

JUNE 10, 2022

Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.

Artificial Intelligence 145

Artificial Intelligence 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JUNE 10, 2022

Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time. The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Boulevard.

Software 141

Software Social Engineering Security Awareness Engineering 141

Bleeping Computer

JUNE 10, 2022

A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. [.].

Authentication 144

Authentication 144

Bleeping Computer

JUNE 10, 2022

The Iranian Lycaeum APT hacking group uses a new.NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors. [.].

DNS 144

DNS Telecommunications Hacking 144

Security Affairs

JUNE 10, 2022

The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. The ransomware encrypts files on the targeted systems using the “.cuba” extension.

Ransomware 118

Ransomware Malware Encryption Hacking 118

The Hacker News

JUNE 10, 2022

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals).

Manufacturing 116

Manufacturing 116

Bleeping Computer

JUNE 10, 2022

It has been relatively quiet this week with many companies and researchers at the RSA conference. However, we still had some interesting ransomware reports released this week. [.].

Ransomware 119

Ransomware 119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JUNE 10, 2022

Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked

Cryptocurrency 113

Cryptocurrency Malware Hacking Cybersecurity 113

Security Boulevard

JUNE 10, 2022

One of the things I do every year at the RSA conference is to wander the expo halls trying to deduce themes and trends for the industry. Before I go into my specific observations, I wanted to share what impressed me the most this time. My first reaction was the normalcy of it all?—?it came as a shock as this was my first big event after, well, RSA 2020.

VPN 113

VPN Marketing Firewall Passwords 113

CSO Magazine

JUNE 10, 2022

GitHub is making available a new IAM (identity and access management) tool, dubbed Entitlements, which leverages the company's own Git framework to parse, track and approve access to a business' systems. The basic idea of Entitlements is to use a dedicated Git repository as a way to provide a centralized clearinghouse for identity management data and using pull requests to make any changes—new approvals, reverifications and any other changes can be made to a given repository for a given system.

113

113

Malwarebytes

JUNE 10, 2022

Father’s Day in the UK (June 19) is almost upon us, and scammers are taking advantage of it—and the fractional possibility of some nice weather—using a barbeque-themed lure. A mysterious WhatsApp message. The barbeque bait arrives out of the blue, from a somebody who has your number, as a random message bringing word of a supposed “B&Q Father’s Day Contest” with what looks like a very nice barbeque set up for grabs.

Mobile 107

Mobile Retail Advertising Scams 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

JUNE 10, 2022

So-called Symbiote malware, first found targeting financial institutions, contains stealthy rootkit capabilities.

Malware 135

Malware 135

Security Boulevard

JUNE 10, 2022

How seriously do you take the email threat? Cyber criminals often use email as a way to start an attack. According to many sources email is by far the most common way that attackers try to gain access to your business and personal systems. The UK government’s Cyber Security Breaches Survey 2022 reported that email […]. The post Scoring Email Security Services appeared first on SE Labs Blog.

Small Business 106

Small Business Security Awareness Cybersecurity 106

Dark Reading

JUNE 10, 2022

In 1985, a group of klezmer musicians from the US rendezvoused with underground dissidents in Tbilisi, Georgia. This is the story of how they pulled it off with homebrew cryptography.

Hacking 105

Hacking 105

Security Boulevard

JUNE 10, 2022

A report published by Radware this week indicated the number of malicious distributed denial-of-service (DDoS) attacks rose nearly 75% in the first quarter of 2022. The increase is mainly due to an increase in so-called “micro floods” that are classified as low-throughput attack vectors with throughput between 10Mbps and 1Gbps. Pascal Geenens, director of threat.

DDOS 104

DDOS Malware Cybersecurity Network Security 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

JUNE 10, 2022

The human mind loves to categorize things, and malware is no exception. We here at CSO have done our part: our malware explainer breaks down malware based on how it spreads (self-propagating worms , viruses piggybacking on other code, or sneakily disguised Trojans ) as well as by what it does to infected machines ( rootkits , adware , ransomware , cryptojacking , and malvertising , oh my).

Adware 104

Adware CSO Malware Ransomware 104

Security Affairs

JUNE 10, 2022

The Vice Society group has claimed responsibility for the ransomware attack that hit the Italian city of Palermo forcing the IT admins to shut down its infrastructure. The Vice Society ransomware group has claimed responsibility for the recent cyber attack that hit the city of Palermo in the South of Italy. In response to the security breach, the IT infrastructure of the city was shut down.

Ransomware 103

Ransomware Data breaches Cyber Attacks Surveillance 103

We Live Security

JUNE 10, 2022

Here are three themes that stood out at the world's largest gathering of cybersecurity professionals. The post 3 takeaways from RSA Conference 2022 – Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Cybersecurity 102

Cybersecurity 102

Bleeping Computer

JUNE 10, 2022

A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. [.].

Hacking 99

Hacking Cryptocurrency 99

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

JUNE 10, 2022

As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities.

Healthcare 98

Healthcare Education Government 98

Heimadal Security

JUNE 10, 2022

The Vice Society ransomware gang declared that it had been behind the recent attack that targeted the capital of the Italian island of Sicily, Palermo. The incident has caused a large-scale service outage. The cyberattack took place last Friday, and all internet-based services are still down, affecting 1.3 million people and tourists who are there […].

Ransomware 102

Ransomware Internet Internet Cybersecurity 102

Security Boulevard

JUNE 10, 2022

Cybersecurity has become one of the main concerns of this digital era. Every day we come across news of ransomware, phishing, scamming, and other cybercrimes. It’s true that we can’t change the mindsets of cybercriminals, but we can take preventive measures to avert different types of cyberattacks. So, here we’ll discuss the SQL injection—a common […].

Scams 97

Scams Cybercrime Phishing Ransomware 97

The Hacker News

JUNE 10, 2022

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds.

Cryptocurrency 94

Cryptocurrency 94

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Hacker Combat

JUNE 10, 2022

Owl Labs, an organization that deals in video conferencing, has announced severe exposure to its devices, including the Whiteboard Owl and Meeting Owl Pro. These two softwares allow people to set up important meetings regardless of where their team is located. Users can share documents, e-mails, chat and even conduct real-time polls. They can also record sessions.

Penetration Testing 94

Penetration Testing Software Wireless Risk 94

WIRED Threat Level

JUNE 10, 2022

The House committee's televised hearings interrogate the Capitol attack with damning new evidence. Whether it's enough to prevent another one is uncertain.

96

96

CyberSecurity Insiders

JUNE 10, 2022

Elon Musk, the Chief of Tesla and Starlink Satellite Internet, offered a $44 billion deal to Twitter. But the only thing he requested was that the company should come clean and take down fake accounts that were bots and generating fake tweets and might also be in use to spread misinformation, blasphemy content, fake likes, and whatnot. Twitter denied having any fake accounts and assured Musk that they could provide raw data to his team for analysis, including millions of tweets generated on a da

Accountability 89

Accountability Data privacy Media Internet 89

Dark Reading

JUNE 10, 2022

The commission argues that legislative action is needed to ensure a well-functioning market for AI systems that balances benefits and risks.

Risk 101

Risk Marketing 101

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.