Fri.Mar 03, 2023

article thumbnail

Nick Weaver on Regulating Cryptocurrency

Schneier on Security

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space—with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space has grown over the past decade with very little regulatory oversight.

article thumbnail

Top 10 open-source security and operational risks of 2023

Tech Republic Security

Many software companies rely on open-source code but lack consistency in how they measure and handle risks and vulnerabilities associated with open-source software, according to a new report. The post Top 10 open-source security and operational risks of 2023 appeared first on TechRepublic.

Risk 202
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Actions You Can Take To Support Women In Cybersecurity On And Beyond IWD 2023

Jane Frankland

International Women’s Day is a global day of celebration and recognition for the social, economic, cultural, and political achievements of women. It is celebrated on March 8th every year and originated in Europe during the early 1900s. The day provides an opportunity to come together to support and honor female contributions around the world. The theme for this year is “Embrace Equity” – which encourages everyone to focus on gender equity and get the world talking about Why equal opp

article thumbnail

Organizations Struggle With CCPA, CPRA, GDPR Compliance

Security Boulevard

The vast majority—92% of companies across all verticals, states and business sizes—are still unprepared for compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), while a similar percentage (91%) are unprepared for GDPR compliance. A report from Cytrio revealed these organizations are still using time-consuming and error-prone manual processes to.

IoT 139
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cybersecurity headlines trending on Google

CyberSecurity Insiders

CISA of the United States has issued a warning to all public and private entities to stay away from the Royal Ransomware group. They issued an advisory as a part of StopRansomware Campaign and issued some tips that help raise the defense-line against such cyber threats. Royal Ransomware gang has been active since September 2022 and demands a sum ranging between $1m to $11 million that needs to be paid in Bitcoins.

article thumbnail

National Cybersecurity Strategy | Contrast Security

Security Boulevard

Time for the gloves to come off, the U.S. government said on Thursday in a newly aggressive policy on cybersecurity that has — mostly — thrilled cybersecurity experts. The post National Cybersecurity Strategy | Contrast Security appeared first on Security Boulevard.

More Trending

article thumbnail

Microsoft FAIL: ‘BlackLotus’ Bootkit Breaks Secure Boot

Security Boulevard

The BlackLotus malware targets UEFI Secure Boot. For a mere $5000, you too can own it. The post Microsoft FAIL: ‘BlackLotus’ Bootkit Breaks Secure Boot appeared first on Security Boulevard.

Malware 124
article thumbnail

BidenCash market leaks over 2 million stolen credit cards for free

Bleeping Computer

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. [.

Marketing 132
article thumbnail

Cowbell Adds Free Cybersecurity Services for Insurance Policy Holders

Security Boulevard

Cowbell this week added a free 24/7 managed security service for organizations that take out a cyberinsurance policy to help reduce the cost of a cybersecurity breach. Manu Singh, vice president of risk engineering at Cowbell, said Cowbell 365 spans everything from working with policyholders to improve their overall cybersecurity posture management to responding to.

Insurance 115
article thumbnail

BrandPost: It’s Time to Create More Opportunities for Women in Cybersecurity

CSO Magazine

Undoubtedly, our industry needs to create more initiatives to attract a more diverse group of professionals—including women—to STEM-focused careers like cybersecurity. While we’ve collectively made some progress on this front, a great deal of work still needs to be done to bring women into cybersecurity-focused roles and create meaningful career paths for them to grow and progress within the industry.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 3/3

Security Boulevard

Insight #1 " June 11 th , 2023 is getting closer. Have you started pulling together information for the government’s requirement of self-attestation as to the security practices you follow in your SDLC for any software used or purchased by the U.S. federal government? What about SBOMs, are you in the process to be able to provide those if requested?

CISO 113
article thumbnail

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

eSecurity Planet

The White House’s National Cybersecurity Strategy unveiled yesterday is an ambitious blueprint for improving U.S. cybersecurity and threat response, but some of the more ambitious items will take time to implement, and could face opposition from Congress. President Biden came into office around the time of the SolarWinds and Colonial Pipeline cyber attacks, so cybersecurity has been a major focus of the Administration from the beginning.

article thumbnail

Known Vulnerabilities Drove Most Cyberattacks in 2022

Security Boulevard

New research revealed an all-too-familiar theme: Known vulnerabilities for which patches have been issued were the main way threat actors executed cyberattacks in 2022. “The data highlights that long-known vulnerabilities frequently cause more destruction than the shiny new ones,” Bob Huber, CSO and head of research, Tenable, said in a release detailing the findings in.

CSO 111
article thumbnail

The Week in Ransomware - March 3rd 2023 - Wide impact attacks

Bleeping Computer

This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile. [.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Death By Social Media: Are TikTok and WeChat Easy Marks for Attackers?

Security Boulevard

Most corporations understand the crucial need for efficient access management systems to protect the business from data loss and security breaches through unauthorized access. However, even large companies are in danger of ignoring or misjudging the emerging risks of social media platforms. Social media platforms are being used by billions worldwide daily.

Media 105
article thumbnail

Friday Five: Biden’s Cybersecurity Strategy, CISA’s Warnings, & Chinese Cyber Threats

Digital Guardian

In this week’s Friday Five, catch up on the latest warnings from CISA, the Biden Administration’s new cybersecurity strategy, the actions of Chinese-backed hackers, and much more.

article thumbnail

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Security Affairs

Two vulnerabilities affecting the Trusted Platform Module ( TPM ) 2.0 library could potentially lead to information disclosure or privilege escalation. The Trusted Computing Group (TCG) is warning of two vulnerabilities affecting the implementations of the Trusted Platform Module ( TPM ) 2.0 that could potentially lead to information disclosure or privilege escalation.

article thumbnail

Wading Back Into the Software Liability Cesspool

Security Boulevard

Time must be a flat circle—it seems that every couple of years, someone brings up the topic of software liability. Just stay in one place, and soon enough, the train will come back around with folks screaming that software companies are liable for security breaches. This time, it’s Jen Easterly, the impressive head of CISA, The post Wading Back Into the Software Liability Cesspool appeared first on Security Boulevard.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

The Hacker News

A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read.

IoT 100
article thumbnail

How Royal Ransomware Could Wreak Havoc on the U.S. Digital Economy

Heimadal Security

Earlier this year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an advisory regarding the Royal Ransomware gang. The Royal Ransomware group first appeared in the United States in September 2022—the U.S. Health and Human Services Cybersecurity Coordination Center issued a security alert to all healthcare organizations. Healthcare is one of Royal’s primary ransomware […] The post How Royal Ransomware Could Wreak Havoc on the U.S.

article thumbnail

Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

The Hacker News

The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," ESET researcher Alexandre Côté Cyr said in a new report.

article thumbnail

Rapid7 Brings Threat Intel Data to USF Cybersecurity Lab

Dark Reading

The Rapid7 Cyber Threat Intelligence Laboratory at the University of South Florida will provide data on real-world threats for faculty and students to use in their research.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Cyberattack on British Retailer WH Smith Exposes Employees` Data

Heimadal Security

Threat actors breached WH Smith, the 1,700 locations UK retailer, and exposed data belonging to current and former employees. WH Smith has more than 12,500 employees and reported a revenue of $1.67 billion in 2022. What Kind of Data Was Exposed The targeted company launched an investigation and notified the authorities. According to them, the […] The post Cyberattack on British Retailer WH Smith Exposes Employees` Data appeared first on Heimdal Security Blog.

Retail 85
article thumbnail

FBI and CISA warn of increasing Royal ransomware attack risks

Bleeping Computer

CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education. [.

article thumbnail

Pegasus spyware used to spy on a Polish mayor

Security Affairs

The phone of an opposition-linked Polish mayor was infected with the powerful Pegasus spyware, local media reported. Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware 92
article thumbnail

Chick-fil-A Gives Customers a Bone to Pick After Data Breach

Dark Reading

A two-month-long automated credential-stuffing campaign exposed personal information of Chick-fil-A customers, including birthdays, phone numbers, and membership details.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of the capabilities of the recently emerged Royal ransomware. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. Unlike other ransomware operations, Royal doesn’t offer Ransomware-as-a-Service, it appears to be a private group without a network of affiliates.

article thumbnail

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Naked Security

Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?

article thumbnail

LockBit ransomware demands $2 million for Pierce Transit data

Malwarebytes

The Pierce County Public Transportation Benefit Area Corporation (Pierce Transit) has fallen victim to a cyberattack using LockBit ransomware. Pierce Transit is a public transit operator in Washington state. The attack began on February 14, 2023, and required Pierce Transit to implement temporary workarounds, to maintain the service of the transit system which transports around 18,000 people every day.

article thumbnail

Iron Tiger updates malware to target Linux platform

CSO Magazine

Iron Tiger, an advanced persistent threat ( APT ) group, has updated their SysUpdate malware to include new features and add malware infection support for the Linux platform, according to a report by Trend Micro. The earliest sample of this version was observed in July 2022 and after finding multiple similar payloads in late October 2022, Trend Micro researchers started looking into it and found similarities with the SysUpdate malware family.

Malware 83
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.