Krebs on Security
MARCH 5, 2021
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity.
Schneier on Security
MARCH 5, 2021
I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method, and its abstract ends with the provocative sentence: “This destroys the RSA cryptosystem.” It does not. At best, it’s an improvement in factoring — and I’m not sure it’s even that.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
MARCH 5, 2021
Data breaches all over the place this week! Not just data breaches, but noteworthy data breaches; the VPN ones for being pretty shady, Oxfam because it included my data which was posted to a hacking forum, Ticketcounter because of the interactions I had with them during the disclosure process and Gab because, well, everything about Gab is always weird.
Tech Republic Security
MARCH 5, 2021
A lack of confidence in companies' defenses is prompting 91% of organizations to boost 2021 budgets, according to a new IDG/Insight Enterprises study.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
MARCH 5, 2021
Today, the United States Attorney for the Southern District of New York, William F. Sweeney, announced the unsealing of a seven count indictment charging John David McAfee, founder of McAfee, and Jimmy Gale Watson, an executive advisor to McAfee, with pump-and-dump schemes, as well as initial coin offering (ICO) touting schemes. Watson was arrested on.
We Live Security
MARCH 5, 2021
For over a decade, ESET and the San Diego Police Foundation have been working together to help keep children safe from online threats. The post How ESET’s work on SafetyNet® helps protect children online appeared first on WeLiveSecurity.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
MARCH 5, 2021
US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its operations, experts believe it was a ransomware attack. US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its services and some of its operations. Even if the company initially did not provide technical details about the attack, security experts speculated the involvement of ransomware due to the observed effects.
Bleeping Computer
MARCH 5, 2021
US federal prosecutors have charged John McAfee, founder of cybersecurity firm McAfee, and his executive advisor Jimmy Gale Watson Jr for cryptocurrency fraud and money laundering. [.].
Malwarebytes
MARCH 5, 2021
This blog post was authored by Hossein Jazi. Threat actors often vary their techniques to thwart security defenses and increase the efficiency of their attacks. One of the tricks they use is known as steganography and consists of hiding content within images. We recently observed a malicious Word file that uses this technique to drop a Remote Administration Trojan (RAT) that was new to us.
Hot for Security
MARCH 5, 2021
Fraudsters aiming to steal login credentials from AOL users are sending phishing emails that threaten recipients with account closures unless they confirm their email addresses and passwords. The AOL phishing campaign was noticed on February 23, according to Bitdefender Antispam Lab. Like previous email-based phishing campaigns, cybercriminals use scare tactics and subject lines ranging from “account shutdown” and”final warning” notifications.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
MARCH 5, 2021
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users.
Threatpost
MARCH 5, 2021
A new variant of the Gafgyt botnet - that's actively targeting vulnerable D-Link and Internet of Things devices - is the first variant of the malware to rely on Tor communications, researchers say.
Security Boulevard
MARCH 5, 2021
Reblaze this week made generally available a managed cloud service, dubbed Curiefense, through which it provides a web application firewall, application programming interface (API) security, bot management, traffic control and distributed denial of service (DDoS) capabilities, among others. Tzury Bar Yochay, Reblaze CTO, said Curiefense, at its core, is a managed reverse proxy service designed.
Bleeping Computer
MARCH 5, 2021
Due to the critical nature of recently issued Microsoft Exchange security updates, admins need to know that the updates may have installation issues on servers where User Account Control (UAC) is enabled. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
MARCH 5, 2021
In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year.
Malwarebytes
MARCH 5, 2021
RedEcho, an advanced persistent threat (APT) group from China, has attempted to infiltrate the systems behind India’s power grids, according to a threat analysis report from Recorded Future [PDF]. It appears that what triggered this attempt to gain a foothold in India’s critical power generation and transmission infrastructure, was a tense standoff at Pangong Tso lake in May 2020.
Bleeping Computer
MARCH 5, 2021
A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
MARCH 5, 2021
The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers.
Security Boulevard
MARCH 5, 2021
People are right to be concerned about cloud security risks. The agility, flexibility, scalability and affordability of cloud, while addressing many IT infrastructure challenges, also introduces a host of security risks and potential vulnerabilities. And, as it turns out, cyberattacks on cloud services have soared during the pandemic. An analysis of data from more than.
The Hacker News
MARCH 5, 2021
FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.
Security Boulevard
MARCH 5, 2021
At least 30,000 organizations across the United States -- including a significant number of small businesses, towns, cities and local governments -- have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that's focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim or
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
MARCH 5, 2021
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
Bleeping Computer
MARCH 5, 2021
This week we have seen ransomware attacks targeting online service providers and MSPs to not only encrypt the victim but also cause significant outages for their customers. [.].
Security Boulevard
MARCH 5, 2021
The Microsoft Exchange Zero-day exploit drop this week is a big one for 2021. The actions everyone needs to take when these exploits are being used in the wild is: 1. Take inventory Do you host an on-prem exchange server? Is the exchange server vulnerable? Most likely unless you applied the latest out-of-band patches released…. The post HAFNIUM Exchange Zero-Day Scanning appeared first on Infocyte.
Bleeping Computer
MARCH 5, 2021
?A new AI-powered Google Chrome extension will automatically turn on YouTube extensions if it detects you are eating noisy chips. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
MARCH 5, 2021
A primary challenge for any Managed Security Service Provider (MSSP) is being able to accommodate a wide range of customers while maintaining high standards — “to ensure we deliver superior cybersecurity outcomes for our customers,” says Arno Robbertse, CEO of ITC Secure. This global MSSP serves organizations in more than 180 countries and strives to create greater efficiencies, automation, and effectiveness in its 24/7 security operations center. .
Security Affairs
MARCH 5, 2021
SITA, a multinational IT company that provides services to the air transport industry was the victim of cyberattack that impacted multiple airlines. SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. The company provides its services to around 400 members and 2,800 customers worldwide, which it claims is about 90% of the world’s airline business.
The Hacker News
MARCH 5, 2021
As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions. However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams.
SC Magazine
MARCH 5, 2021
Publicly traded companies must start disclosing more “actionable” information to shareholders and regulators around their cyber risks and vulnerabilities. Authors of a new report argue that in the wake of the 2020 SolarWinds breach and increased regulatory fervor on Capitol Hill and the Securities and Exchange Commission, public companies “should be explaining to investors the specific risks they face from cybersecurity threats, including operational disruption, intellectual property theft, loss
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
363 
Let's personalize your content