Troy Hunt

JULY 21, 2021

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in the breach which really shouldn't have been there; let me list off some headlines to illustrate the point: Ashley Madison Hack: 10,000 Gov’t Officials’ Email Addresses on Leaked Ashley

Accountability 363

Accountability Data breaches Government InfoSec 363

Daniel Miessler

JULY 21, 2021

There’s a paradox in information security where the community wants two things at once: High quality research and talks, and. Unbiased research and talks. I’ve personally been one of these affiliated speakers countless times. Many conference schedules, however, are full of talks from people who work at vendors. Conversely, people in the crowd at these conferences often have two complaints about the content.

Mobile 353

Mobile Marketing Information Security 353

Krebs on Security

JULY 21, 2021

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today. 60-year-old Mark Herring died of a heart attack after police surrounded his home in response to a swatting attack. Shane Sonderman , of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that’s been “swatting” and harassing people for months in a bid to coerce targe

Accountability 327

Accountability Media Wireless Passwords 327

The Last Watchdog

JULY 21, 2021

Most of us, by now, take electronic signatures for granted. Related: Why PKI will endure as the Internet’s secure core. Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations. That’s why “wet” signatures, i.e. signing in the presence of a notary, remains a requirement for some transactions involving high dollars or very sensitive rec

Computers and Electronics 249

Computers and Electronics Digital transformation Authentication Internet 249

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 21, 2021

About one-quarter of respondents do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security.

IoT 210

IoT Cybersecurity 210

Security Boulevard

JULY 21, 2021

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year. This data reflects something every forward-looking business leader already knows–digital transformation (DX) is the key to remaining competitive in 2021 and beyond. However, to fully reap the benefits of digital transformation, organizations must.

Digital transformation 145

Digital transformation CISO Security Awareness InfoSec 145

We Live Security

JULY 21, 2021

Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money. The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity.

DDOS 145

DDOS Phishing Ransomware Cybersecurity 145

Tech Republic Security

JULY 21, 2021

ICS systems managed via cloud software are open to exploits that could be destructive enough to cause physical damage to industrial systems. Here's how to protect your operational technology network.

Accountability 189

Accountability Risk Technology Software 189

CyberSecurity Insiders

JULY 21, 2021

By: Matt Lindley, COO and CISO at NINJIO. The ultimate goal of any effective cybersecurity platform is to make digital safety and awareness second nature to employees. This means companies have to be proactive and instill the right habits, which often means resisting the bad habits that lead to millions of successful cyberattacks every year – from the use of generic and easy-to-crack account credentials to the willingness to click on suspicious links and attachments in emails from untrusted sour

Social Engineering 145

Social Engineering Password Management Passwords Phishing 145

Tech Republic Security

JULY 21, 2021

Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser, but you must install and activate it first.

184

184

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

JULY 21, 2021

Users with low privileges can access sensitive Registry database files on Windows 10 and Windows 11, leaving them vulnerable to a local elevation of privilege vulnerability known as SeriousSAM or HiveNightmare. Doesn’t sound serious? Reassured that users must already have access to the system and be able to execute code on said system to use this vulnerability?

Authentication 144

Authentication Passwords Accountability Backups 144

Tech Republic Security

JULY 21, 2021

Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just that—a useful tool.

Artificial Intelligence 218

Artificial Intelligence Cybersecurity 218

CSO Magazine

JULY 21, 2021

The Department of Homeland Security's (DHS) Transportation Safety Administration (TSA) yesterday announced a second security directive that requires owners and operators of TSA-designated critical pipelines to implement cybersecurity measures that help protect against malicious digital incidents. This directive is a more expansive follow-up to an initial pipeline security directive issued on May 27, roughly two weeks after the highly disruptive ransomware attack against Colonial Pipeline.

Cybersecurity 142

Cybersecurity Ransomware 142

Tech Republic Security

JULY 21, 2021

There is even more to space innovation than the fledgling space tourism sector. Somewhat out of the public eye, there is a fast-growing space tech industry.

147

147

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JULY 21, 2021

The French national cyber-security agency today warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 cyberespionage group. [.].

142

142

CyberSecurity Insiders

JULY 21, 2021

Oil Company Saudi Aramco that produces oil and fossil fuel through drilling technologies has confirmed that a ransomware group infiltrated the servers of one of its contractors last month and got hold of over 1TB data that is now on the dark web for sale. The company spokesperson also disclosed that the ransomware gang was demanding $50 million in Monero cryptocurrency for deleting the data on its servers that will also terminate the sale of the data process on the dark web.

Ransomware 139

Ransomware Encryption Cryptocurrency Cyber Attacks 139

Bleeping Computer

JULY 21, 2021

Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. [.].

Phishing 140

Phishing 140

Anton on Security

JULY 21, 2021

New Paper: “Autonomic Security Operations?—?10X Transformation of the Security Operations Center” It is with much excitement that we announce a new paper about transforming your security operations ; it is published under the Office of the CISO at Google Cloud. This work is focused on our vision as well as our lessons in building effective security operations for the future.

System Administration 113

System Administration Engineering CISO Technology 113

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

JULY 21, 2021

In the last few years, the EMV payment card has become increasingly popular and familiar to us all. This is, in part, due to innovations such as contactless communications, different card bodies (such as metal or repurposed ocean plastic ) and biometric fingerprint authentication. Today around 3 billion cards are issued every year and the total number of cards in use exceeds seven billion.

Banking 137

Banking Mobile eCommerce Authentication 137

CSO Magazine

JULY 21, 2021

Often it just takes a defensive mindset to come up with effective options to protect and defend against today’s threats. The Mitre organization has recently released its D3FEND matrix that documents ways to harden the network, detect and isolate threats, and deceive and evict attackers from your network. I’m focusing on D3FEND guidance Windows admins can follow to harden their networks.

137

137

CyberSecurity Insiders

JULY 21, 2021

More than half of the mobile phones being operated in United Kingdom are at a risk of exploitation from hackers, says a survey conducted by Privacy advocacy firm Which? So, all those consumers who are buying a mobile phone through a network service provider, a retailer or a device manufacturer, you better be aware of such risks before it’s too late.

Cyber threats 135

Cyber threats Mobile Manufacturing Retail 135

Trend Micro

JULY 21, 2021

In our last update on the XCSSET campaign, we updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to steal information from various apps, a behavior that has been present since we first discussed XCSSET.

Malware 134

Malware Mobile 134

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JULY 21, 2021

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. [.].

Malware 133

Malware Antivirus Hacking Cybersecurity 133

eSecurity Planet

JULY 21, 2021

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal. Amnesty International and Forbidden Stories – a Paris-based nonprofit media group that works with journalists – said earlier this week that users of the Israeli-developed spyware were able to hack into iPhone 11 and iPhone 1

Spyware 123

Spyware Mobile Government Surveillance 123

Bleeping Computer

JULY 21, 2021

A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. [.].

Malware 129

Malware 129

Security Boulevard

JULY 21, 2021

Este tema es probablemente, el protagonista de la gran mayoría de discusiones sobre ciberseguridad en el mundo. Cada día hay más amenazas, más sofisticadas, con redes más complejas y más difíciles de detectar. Compartimos aquí las seis claves de Gartner …. The post 6 claves de Gartner contra el ransomware appeared first on ManageEngine Blog. The post 6 claves de Gartner contra el ransomware appeared first on Security Boulevard.

Ransomware 122

Ransomware 122

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

JULY 21, 2021

These days online businesses are faced with multiple challenges when it comes to fraudulent activities. To hinder these, one must implement the right prevention and detection measures into their business model. But that is easier said than done. Chargeback fraud is one of the fastest-growing types of fraud on the internet. Its impact may reduce company revenue, even lead to destructive effects.

Banking 122

Banking Retail Financial Services Authentication 122

Security Boulevard

JULY 21, 2021

Ermetic's new capabilities enable orgs to define & automatically know when custom security policies are violated in multi-cloud infrastructures. The post Ermetic Automates Identity Governance for Cloud Infrastructure appeared first on Ermetic. The post Ermetic Automates Identity Governance for Cloud Infrastructure appeared first on Security Boulevard.

Government 122

Government 122

Threatpost

JULY 21, 2021

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass.

Passwords 140

Passwords Accountability Software Malware 140

Bleeping Computer

JULY 21, 2021

New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access. [.].

Passwords 119

Passwords Malware Software 119

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.