Fri.Feb 12, 2021

article thumbnail

Medieval Security Techniques

Schneier on Security

Sonja Drummer describes (with photographs) two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second is for integrity: hashed lines written above and below a block of text ensure that no one can add additional text at a later date.

article thumbnail

US Court system demands massive changes to court documents after SolarWinds hack

Tech Republic Security

Multiple senators have demanded a hearing on what court officials know about the hackers' access to sensitive filings. The effects could make accessing documents harder for lawyers.

Hacking 184
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Attack against Florida Water Treatment Facility

Schneier on Security

A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.

article thumbnail

How micro-drilling can enhance your cybersecurity training

Tech Republic Security

Agile thinking is important in dealing with cyberattacks. Read one psychologist's tips for cybersecurity professionals on how to adapt and stop the attackers.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

Hot for Security

Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients Hackers bragged about the poor state of firm’s security. Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy ses

article thumbnail

Why cybersecurity insurance may be worth the cost

Tech Republic Security

Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?

Insurance 216

More Trending

article thumbnail

DDoS explained: How distributed denial of service attacks are evolving

CSO Magazine

What is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers, devices, services, networks, applications, and even specific transactions within applications. In a DoS attack, it’s one system that is sending the malicious data or requests; a DDoS attack comes from multiple systems.

DDOS 142
article thumbnail

Red Team / Blue Team Testing – The Big Picture

CyberSecurity Insiders

Ever since offensive security testing began, we have expected that the test or simulation will find something. Even if a pen tester doesn’t uncover an issue, the best ones can always achieve success through phishing or social engineering of your organization’s employees. In the same way, Red Team-Blue Team exercises highlight the near impossibility of foiling a motivated attacker – the odds of success heavily favor the attacker and make it extremely difficult for the defender.

article thumbnail

CISA Warns of Incoming Valentine’s Day Romance Scams

Hot for Security

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the upcoming Valentine’s Day, telling people to watch out for romance scams. If there’s money to be made, criminals will find a way to take advantage of any situation. Since Valentine’s Day is one of the year’s biggest celebrations, scammers, fraudsters, and criminals of all kinds come out of the woodwork with new tools.

Scams 137
article thumbnail

Artificial Intelligence to help against multi stage Cyber Attacks

CyberSecurity Insiders

Zero day attacks are a serious threat to computer networks, and a recent research says that the attacks can be curbed with the use of machine learning algorithms. In fact, security analysts say that the tool can prove as a cost effective solution to defend organizations from the present day cyber threats. A research carried out by Cisco Talos says that it takes approximately 15 days time for a victimized company to come out of the repercussions of cyber attacks.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Hackers Sell ‘Cyberpunk 2077’ Data and Source for Millions

Security Boulevard

Ransomware scrotes have followed through on their threat to auction off the data they stole from the maker of Cyberpunk 2077. The post Hackers Sell ‘Cyberpunk 2077’ Data and Source for Millions appeared first on Security Boulevard.

article thumbnail

How to make sure your digital transformation is secure

CyberSecurity Insiders

In our increasingly digital world, a greater proportion of businesses across different sectors are trying to integrate new technologies into their processes. In a recent study, 43% of companies surveyed said they were embracing digital transformation by either embedding digital capabilities that enable greater enterprise agility or aggressively disrupting markets they participate in.

article thumbnail

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts. The security incident was discovered during a routine screening by its internal security team, an internal investigation is still ongoing. “An internal investiga

article thumbnail

Who is to blame for the malicious Barcode Scanner that got on the Google Play store?

Malwarebytes

In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update , we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. All initial signs led us to believe that LavaBird LTD was the developer of this malware, but since then, a representative from LavaBird reached out to us.

Malware 121
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Vulnerabilities hit record high in 2020, topping 18,000

SC Magazine

Security teams were under siege last year, according to research analyzing 2020 NIST data on common vulnerabilities and exposures (CVEs) that found more security flaws – 18,103 – were disclosed in 2020 than in any other year to date. To understand the significance, there were far more “critical” and “high severity” vulnerabilities in 2020 (10,342) than the total number of all vulnerabilities recorded in 2010 (4,639), according to Redscan, which ran the analysis of NIST’s National Vulnerability D

article thumbnail

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

The Hacker News

Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020.

Media 125
article thumbnail

“Microosft”. Patch Tuesday goof points users to typo-bait website

Graham Cluley

Microsoft made an embarrassing goof in the release notes it published for the Patch Tuesday security updates it issued earlier this week.

144
144
article thumbnail

Florida Water Plant Hack: Leaked Credentials Found in Breach Database

Threatpost

Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.

Hacking 130
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Telegram Didn’t Destroy Multimedia Files Sent Through Secret Chat on macOS, Researcher Finds

Hot for Security

A security researcher discovered that one of Telegram’s features on macOS that should have guaranteed complete privacy by destroying the information sent by users wasn’t working as intended. Telegram is an instant messaging application with support for all major operating systems, including macOS. While the app developers don’t boast of default end-to-end encryption for messages, they do offer a feature called ‘secret chat.

article thumbnail

Yandex suffers data breach after sysadmin sold access to user emails

Bleeping Computer

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [.].

article thumbnail

Phone Company Insiders Helped Global Sim-Swapping Gang Steal Millions in Cryptocurrency

Security Boulevard

This week law enforcement agencies around the world made press releases about the arrest of SIM Swapping criminals. The UK's National Crime Agency says "eight men have been arrested in England and Scotland as part of an investigation into a series of SIM swapping attacks, in which criminals illegally gained access to the phones of high-profile victims in the US.

article thumbnail

Thales joins Google’s 5G Mobile Edge Cloud initiative

CyberSecurity Insiders

In March 2020, Google Cloud unveiled its telecom operator strategy called Global Mobile Edge Cloud (GMEC), aimed at helping Communications Service Providers (CSPs) digitally transform and harness the full potential of 5G. In parallel, Thales has deployed a large portfolio of its solutions onto Google Cloud to leverage cloud at the edge of its MNO customers’ infrastructure.

Mobile 119
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Five tips to ensure you’re not a victim of an online romance scam this Valentine’s Day

Quick Heal Antivirus

Valentine’s Day may be a day of love and romance, but if you’re not careful, you could end. The post Five tips to ensure you’re not a victim of an online romance scam this Valentine’s Day appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Scams 117
article thumbnail

Singtel Suffers Zero-Day Cyberattack, Damage Unknown

Threatpost

The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.

Hacking 125
article thumbnail

Water plant’s missteps illustrates need for critical infrastructure security controls

SC Magazine

A new advisory offering details on a remote hacker’s attempted sabotage of an Oldsmar, Florida city water treatment plant has revealed a disregard for certain basic cyber hygiene best practices among employees. Experts say it’s an indicator that operators of critical infrastructure could use a serious infusion of security controls. However, due to budget restrictions, these controls may first require a thorough risk assessment and prioritization exercise.

Risk 115
article thumbnail

Are There Really “Quick Wins” for Your Security Program?

Cisco Security

We’re always looking for the “quick wins” in security — whether it’s the magic blinky box that you drop into the right place in your network and it stops all the bad stuff (let me know if you find one of those), or the secret incantation that you can perform that doesn’t cost money but adds protection to your armor. The “one weird trick” sometimes leads to clicks; I once got the head of one of the biggest tech companies on the planet to click on my analy

Software 113
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Google: Gmail users from US most targeted by phishing attacks

Bleeping Computer

Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks. [.].

Phishing 138
article thumbnail

Friday Five 2/12

Digital Guardian

A hack of a water treatment plant, SIM swapping used on celebrities, and a popular barcode app turned into malware - catch up on all of the week's infosec news with the Friday Five!

InfoSec 111
article thumbnail

Nude photo theft offers lessons in selfie security

Malwarebytes

Two former college graduates are in a lot of trouble after breaking into other students’ accounts and stealing sensitive personal data. They’re facing some serious charges with restitution payments of $35,430, potential jail time, and the threat of very big fines thrown into the mix. What happened? A man from New York has pleaded guilty to one count of aggravated identity theft, and one count of computer intrusion causing damage.

article thumbnail

What Do White Chocolate Macadamia Nut Cookies Have to Do With Cybersecurity Posture?

Security Boulevard

Picture this. You walk into the kitchen. On the counter, is a beautiful charcoal gray plate. And right in the center of the plate is a perfectly round cookie. You are tempted, of course. You reach for the cookie, take a bite, and close your eyes in anticipation of a sweet, sinful burst of flavor, …. Read More. The post What Do White Chocolate Macadamia Nut Cookies Have to Do With Cybersecurity Posture?

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.