Thu.Jul 21, 2022

article thumbnail

“Cybersecurity For Dummies” Second Edition Now Available

Joseph Steinberg

The second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available. Like its first-edition counterpart, CyberSecurity For Dummies: Second Edition is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of their technical skillsets.

article thumbnail

Critical Vulnerabilities in GPS Trackers

Schneier on Security

This is a dangerous vulnerability: An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720 , a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 305

Troy Hunt

I broke Yoda's stick! 3D printing woes, and somehow I managed to get through the explanation without reverting to a chorus of My Stick by a Bad Lip Reading (and now you'd got that song stuck in your head). Loads of data breaches this week and whilst "legacy", still managed to demonstrate how bad some practices remain today (hi Shadi.com 👋).

article thumbnail

How to create an effective incident report

Tech Republic Security

Learn what incident report templates are, eight steps on how to write an incident report and five software solutions for creating effective incident reports. The post How to create an effective incident report appeared first on TechRepublic.

Software 168
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Radware Employs Blockchain Technologies to Thwart Bots

Security Boulevard

Radware this week revealed it added blockchain technologies to its Bot Manager platform to thwart attacks designed to evade completely automated public Turing tests to tell computers and humans apart—better known as CAPTCHA challenges. Dr. David Aviv, CTO for Radware, said that while a CAPTCHA challenge can be an effective way to determine if an. The post Radware Employs Blockchain Technologies to Thwart Bots appeared first on Security Boulevard.

article thumbnail

Raytheon highlights its role in cybersecurity

Tech Republic Security

Company officials discussed wide-ranging issues including the talent shortage, quantum computing and implementing zero trust during a webinar with reporters Wednesday. The post Raytheon highlights its role in cybersecurity appeared first on TechRepublic.

More Trending

article thumbnail

9 Best Security Practices for E-Commerce App Developers

Appknox

Smartphones have become a central part of our lives, surpassing the popularity of desktops and laptops. That's why brands and companies these days need to take on a mobile approach when designing and creating applications.

Mobile 135
article thumbnail

Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene

Dark Reading

The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.

Spyware 129
article thumbnail

NSO Group’s Pegasus crashes as Apple initiates Dignity and Justice Fund

CSO Magazine

Much has been written about NSO Group’s collision with government reality when the Israeli firm found itself on the wrong side of a business decision to sell their technologies to entities that used it to target human rights activists, political leaders, journalists, and a bevy of U.S. persons. The collision came in the form of the U.S. government blacklisting the company , effectively drying up a great percentage of their clients to the point where bankruptcy was seen on the horizon.

article thumbnail

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous

Security Boulevard

An add-on vehicle tracker is incredibly insecure—to the point it’s dangerous to use. The MV720 and other products sold by MiCODUS are full of easily exploited bugs. The post MiCODUS Car Trackers are SUPER Vulnerable and Dangerous appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Cybersecurity is a constant fire drill—that’s not just bad, it’s dangerous

CSO Magazine

As part of my job as an industry analyst, I do lots of quantitative research with security professionals. One question we often pose to security professionals is around their biggest challenges. The research results often include issues like coping with alert storms, addressing the dangerous threat landscape, managing a multitude of point tools, scaling manual processes, and staffing shortages, along with one.

article thumbnail

Apple iPhone has over 36 vulnerabilities

CyberSecurity Insiders

All Apple iPhone users are being requested to download the new iOS 15.6 update as it offers patches to almost 39 vulnerabilities, out of which 17 are serious enough to expose users to critical hacks such as access to sensitive data in the iCloud Photo Library. In what’s known to our Cybersecurity Insiders, most of the patches are related to memory safety flaws that could expose users to threat actors launching remote code execution attacks.

article thumbnail

The Kronos Ransomware Attack: What You Need to Know So Your Business Isn't Next

Dark Reading

Identify your business's security posture and head off ransomware attacks with third-party risk management and vendor security assessments.

article thumbnail

What Is A Cost Sheet: Everything Explained

SecureBlitz

A cost sheet is a statement that lists the different parts of a product’s total cost and shows data from. Read more. The post What Is A Cost Sheet: Everything Explained appeared first on SecureBlitz Cybersecurity.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

BrandPost: Identity-first Security: How to Keep Your Security Team Strategic

CSO Magazine

The technological arc as we knew it pre-COVID is moving toward a new perimeter. How we work, where we work, and who we work with have all drastically changed in the last three years. Security teams across the globe have been forced to adapt to that change at an incredible pace just to keep up, prioritizing security approaches that align with the evolving threat landscape.

article thumbnail

The Future of Executive Protection is Digital

Security Boulevard

This article was originally written for, and published in, Threatpost. As threats to an executive’s safety and security increase, organizations should look to digital executive protection to help reduce risks manifesting in both the physical and digital worlds. Physical threats against executives are on the rise. Intensified by unprecedented societal tension, pandemic fatigue, and the […].

Risk 115
article thumbnail

Google blocks site of largest computing society for being ‘harmful’

Bleeping Computer

Google Search and Drive are erroneously flagging links to Association for Computing Machinery (ACM) research papers and websites as malware. BleepingComputer has successfully reproduced the issue, first reported by researcher Maximilian Golla. [.].

Malware 115
article thumbnail

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

Security Boulevard

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation. brooke.crothers. Thu, 07/21/2022 - 15:03. 8 views. What SHA-1 history can teach us? Can the cybersecurity industry learn anything from the problems encountered with the move from the deprecated SHA-1 to the stronger and safer SHA-2 hashing algorithm? Since 2005, SHA-1 has been regarded as unsafe against well-funded adversaries.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Chrome zero-day used to infect journalists with Candiru spyware

Bleeping Computer

The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware. [.].

Spyware 117
article thumbnail

Ransomware attacks slowing as 2022 wears on

CSO Magazine

Total ransomware attacks for the second quarter of 2022 totaled 574, representing a 34% slowdown compared to the first quarter of the year, according to a report released Thursday by GuidePoint Research. The most impacted industries were manufacturing and construction, GuidePoint’s report said, accounting for 18.3% of all claimed attacks during the quarter.

article thumbnail

Microsoft Teams outage also takes down Microsoft 365 services

Bleeping Computer

What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online. [.].

111
111
article thumbnail

Atlassian patched a critical Confluence vulnerability

Security Affairs

Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Ex-Coinbase manager charged in first crypto insider-trading case

Bleeping Computer

The U.S. Department of Justice has charged a former Coinbase manager and two co-conspirators with wire fraud conspiracy and scheme to commit insider trading in cryptocurrency assets. [.].

article thumbnail

BrandPost: Why Proactive DDoS Defense Makes Sense

CSO Magazine

At Netscout we continuously work with customers to discover the impact our offerings to prevent distributed denial-of-service (DDoS) are having on their ongoing security concerns and challenges. Because it is difficult to get customers to commit to providing the input for a long-term analysis of their DDoS protection efficiency, we decided to conduct a Forrester Total Economic Impact (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Netscout’

DDOS 108
article thumbnail

How Conti ransomware hacked and encrypted the Costa Rican government

Bleeping Computer

Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack's precision and the speed of moving from initial access to the final stage of encrypting devices. [.].

article thumbnail

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

Threatpost

Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP.

DDOS 107
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Vulnerabilities in GPS tracker could have “life-threatening” implications

Malwarebytes

Researchers at BitSight have discovered six vulnerabilities in the MiCODUS MV720 GPS tracker, a popular vehicle tracking device. The vulnerabilities are severe enough for the Cybersecurity & Infrastructure Security Agency (CISA) to publish a Security Advisory titled ICSA-22-200-01: MiCODUS MV720 GPS Tracker. What’s happened? The MiCODUS MV720 is a hardwired GPS tracker that offers anti-theft, fuel cut off, remote control and geofencing capabilities.

article thumbnail

New ‘Lightning Framework’ Linux malware installs rootkits, backdoors

Bleeping Computer

A new and previously undetected malware dubbed 'Lightning Framework' targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. [.].

Malware 112
article thumbnail

CCPA: Aiming for a Moving Target

TrustArc

Enforcement of the CCPA (California Consumer Privacy Act) began July 1 2020: TrustArc Privacy Intelligence explains what it means for data privacy compliance.

article thumbnail

Passwordless vs. MFA: What’s the Difference?

Security Boulevard

Enterprise cybersecurity is under assault from unprecedented threats, exacerbated by the expanded attack surfaces brought about by remote work. For example, research from HP shows there was a 238% increase in cyberattack volume over the pandemic, with those numbers continuing to rise today. . The post Passwordless vs. MFA: What’s the Difference?

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.