Krebs on Security

OCTOBER 1, 2020

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock. In its advisory (PDF), the Treasury’s Office of Foreign Assets Control (OFAC) said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial in

Ransomware 358

Ransomware Cyber Insurance Insurance Cybercrime 358

Schneier on Security

OCTOBER 1, 2020

Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these changes would be too minute to detect merely from a video, but viewing videos that have been enhanced to exaggerate these color shifts will quickly disabuse you of that notion.

Software 298

Software 298

Tech Republic Security

OCTOBER 1, 2020

This October looks quite different from previous years, as IT oversees staff who are no longer centrally located, creating a larger attack surface for bad actors. Awareness is key, experts say.

Cybersecurity 205

Cybersecurity 205

Security Affairs

OCTOBER 1, 2020

Cyber security firm launches a new service that allows users to check if an email domain or address was part of an Emotet spam campaign. Experts worldwide warn about a surge in the Emotet activity, recently Microsoft along Italy and the Netherlands CERT/CSIRT agencies reported a significant increase of Emotet attacks targeting the private sector and public administration entities.

Malware 136

Malware Advertising Banking Passwords 136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 1, 2020

In an effort to make IT pros' jobs easier, Jack Wallen offers cybersecurity tips to end users--in particular, what not to do to keep company networks, equipment, and data secure.

Cybersecurity 203

Cybersecurity 203

Security Affairs

OCTOBER 1, 2020

K-Electric, Pakistan’s largest private power company, did not pay the ransom and the Netwalker ransomware operators have leaked the stolen data. In early September, K-Electric (KE), the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services. K-Electric is the largest power supplier in the country with 2.5 million customers and around 10,000 people.

Ransomware 136

Ransomware Advertising Engineering VPN 136

Security Affairs

OCTOBER 1, 2020

Twitter removed around 130 Iranian accounts for attempting to disrupt the public recent US Presidential Debate. The social media giant Twitter announced to have removed around 130 Iranian Twitter accounts that attempted to disrupt the public conversation during the recent first Presidential Debate for the US 2020 Presidential Election. The company confirmed that it discovered the activity of the accounts following an alert from the FBI.

Accountability 134

Accountability Advertising Media Hacking 134

Tech Republic Security

OCTOBER 1, 2020

Passwordless authentication can be an effective option, though introducing such a method poses its own challenges, says LastPass.

Passwords 148

Passwords Authentication 148

Dark Reading

OCTOBER 1, 2020

From WarGames, to Aaron Swartz, to bug bounties, to Van Buren, here's what cybersecurity researchers should know about the US's primary anti-hacking law before it gets its day in the Supreme Court.

InfoSec 121

InfoSec Hacking Cybersecurity 121

WIRED Threat Level

OCTOBER 1, 2020

New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week.

Hacking 145

Hacking 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

OCTOBER 1, 2020

Experts found critical security flaws in two popular industrial remote access systems that could be exploited by threat actors for malicious purposes. Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets.

Advertising 106

Advertising Authentication VPN Firewall 106

Threatpost

OCTOBER 1, 2020

What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.

Mobile 129

Mobile InfoSec Malware 129

Dark Reading

OCTOBER 1, 2020

With twice as much malware now targeting Macs, IT pros need to scramble to adapt to a large, and likely permanent, work-from-home population, experts say.

Cybersecurity 132

Cybersecurity Malware 132

Threatpost

OCTOBER 1, 2020

In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices.

Malware 116

Malware Internet Internet IoT 116

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

OCTOBER 1, 2020

A researcher reverse engineered an internet-connected coffee maker to see what kinds of hacks he could do with it. The answer: quite a lot.

IoT 95

IoT Engineering Internet Internet 95

eSecurity Planet

OCTOBER 1, 2020

October is cybersecurity awareness month, and securing employees and your data against emerging threats is a good place to start.

Backups 138

Backups Cybersecurity 138

Dark Reading

OCTOBER 1, 2020

Mining malware ebbs and flows with the price of cryptocurrencies, and given the momentum on price is upward, cryptojacking is a very present threat.

Cryptocurrency 97

Cryptocurrency Malware 97

Tech Republic Security

OCTOBER 1, 2020

Graylog makes it easy to send syslog information from clients to the hosting server. Jack Wallen shows you how.

88

88

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

OCTOBER 1, 2020

An executive from Singapore's Cyber Security Agency examines the role of security in a nation increasingly dependent on technology.

Cybersecurity 102

Cybersecurity Technology 102

Threatpost

OCTOBER 1, 2020

Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page.

Phishing 89

Phishing Scams Hacking 89

Dark Reading

OCTOBER 1, 2020

To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.

Cybersecurity 90

Cybersecurity 90

NSTIC

OCTOBER 1, 2020

Recently, NIST published a significant update to its flagship security and privacy controls catalog, Special Publication 800-53, Revision 5. This update created a set of next generation controls to help protect organizations, assets, and the privacy of individuals—and equally important—manage cybersecurity and privacy risks. So now that the publication is here, how should you use this extensive catalog of controls that covers everything from multifactor authentication to incident response?

Authentication 77

Authentication Risk Cybersecurity 77

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

OCTOBER 1, 2020

White-hat hackers will receive $10,000 for each security bug they discover plus a base fee, under this invitation-only initiative.

99

99

Threatpost

OCTOBER 1, 2020

Researchers say that the campaign sidesteps end user detection and security solutions.

Malware 102

Malware 102

WIRED Threat Level

OCTOBER 1, 2020

Hackers spent $4 million of victims’ money to buy ads for diet pills, fake designer handbags, and more.

Accountability 89

Accountability Malware Hacking 89

Dark Reading

OCTOBER 1, 2020

An alarming new advisory issued today by the federal government could upend ransomware response.

Ransomware 88

Ransomware Government 88

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

SecureWorld News

OCTOBER 1, 2020

The SecureWorld Sessions podcast just hit the one-year mark, and our listening audience continues to grow. Have you listened yet? Here's a great opportunity to start with our most downloaded episodes from year one. You can click the play arrow to start an episode right here in your browser, or check your phone or tablet for its podcast app including Apple Podcasts, Google Podcasts, Spotify, Stitcher, and many others.

Cybersecurity 52

Cybersecurity CSO Cyber threats Cyber Attacks 52

Dark Reading

OCTOBER 1, 2020

Yevgeniy Nikulin received an 88-month sentence for breaking into LinkedIn, Dropbox, and the now-defunct social platform Formspring.

Hacking 70

Hacking 70

Veracode Security

OCTOBER 1, 2020

Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.

Data breaches 52

Data breaches Software 52

Herjavec Group

OCTOBER 1, 2020

Cybersecurity Awareness Month (CSAM) is a global initiative created by the Department of Homeland Security 17 years ago to recognize the importance of digital security for consumers and organizations alike. Now an internationally recognized campaign, CSAM aims to inform the public about the importance of cybersecurity. As the rate of cybercrime continues to rise, everyone can benefit from being informed.

Cybersecurity 52

Cybersecurity Education Cybercrime Security Awareness 52

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.