Schneier on Security

APRIL 7, 2021

According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.” Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend Signal’s privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations

Cryptocurrency 327

Cryptocurrency Encryption Mobile Government 327

Tech Republic Security

APRIL 7, 2021

A majority of security pros said they're most concerned about malicious payloads sent to employees via file attachments, according to a survey from GreatHorn.

Malware 161

Malware 161

Bleeping Computer

APRIL 7, 2021

A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. [.].

VPN 144

VPN Ransomware Encryption 144

The Last Watchdog

APRIL 7, 2021

Passwordless authentication as a default parameter can’t arrive too soon. Related: Top execs call for facial recognition to be regulated. The good news is that passwordless technologies are not only ready for prime time, they appear to be gaining traction in ways that suggest we’re on the cusp of a period of wide-scale adoption. That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems.

Authentication 117

Authentication Digital transformation Passwords Password Management 117

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

APRIL 7, 2021

Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers. [.].

143

143

Graham Cluley

APRIL 7, 2021

Would it have been so hard for Facebook to apologise for allowing 533 million personal records - including users' phone numbers - to leak onto the internet? I don't think so. And yet sorry seems to be the hardest word.

Internet 136

Internet Internet Data breaches 136

Graham Cluley

APRIL 7, 2021

Cybercriminal extortionists have adopted a new tactic to to apply even more pressure on their corporate victims: contacting the victims' customers, and asking them to demand a ransom is paid to protect their own privacy. Read more in my article on the Tripwire State of Security blog.

Ransomware 135

Ransomware Data breaches Malware 135

Security Boulevard

APRIL 7, 2021

With geopolitical tension rising in certain parts of the world along with the ambitions of cyber attackers, coming up with a holistic strategy. The post Cyber Security for Critical Infrastructure: Challenges and Solutions appeared first on Kratikal Blog. The post Cyber Security for Critical Infrastructure: Challenges and Solutions appeared first on Security Boulevard.

Cyber Attacks 132

Cyber Attacks Cyber threats 132

We Live Security

APRIL 7, 2021

Easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground. The post $38 million worth of gift cards stolen and sold on dark web appeared first on WeLiveSecurity.

Cybercrime 132

Cybercrime 132

Bleeping Computer

APRIL 7, 2021

Facebook has now released a public statement clarifying the cause of and addressing some of the concerns related to the recent data leak. As reported last week, information of about 533 million Facebook profiles surfaced on a hacker forum. [.].

Hacking 127

Hacking 127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Hot for Security

APRIL 7, 2021

A group of United States senators from both sides of the aisle sent a strongly worded letter to a few major tech companies and advertisers, warning them about the dangers of collecting user data and sharing it with third parties. The fact that companies gather data about users and their online activities is no secret. Ads served on websites are often based on collected data, but many people don’t know that it happens in real-time.

Advertising 130

Advertising Risk 130

Bleeping Computer

APRIL 7, 2021

Cisco has released security updates to address a pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's user management function. [.].

Authentication 121

Authentication Software 121

Veracode Security

APRIL 7, 2021

This is the eighth entry in the blog series on using Java Cryptography securely. The first few entries talked about architectural details , Cryptographically Secure Random Number Generators , encryption/decryption , and message digests. Later we looked at What???s New in the latest Java version. All of this equipped us to talk in detail about some of the most common Cryptographic applications.

Passwords 123

Passwords Architecture Encryption Government 123

Bleeping Computer

APRIL 7, 2021

A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords. [.].

Passwords 125

Passwords Ransomware Encryption 125

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

APRIL 7, 2021

European CISOs are shifting how they spend on security in response to the COVID-19 pandemic and are having to adopt to a raft of new proposed EU cyber regulations.

CISO 113

CISO 113

CyberSecurity Insiders

APRIL 7, 2021

Mobile Security became worse during the lock-down initiated by COVID-19 across the world says Verizon. The conclusion was made after analyzing the fact that businesses compromised on its security tools to support remote working practices to keep the business continuity intact. But this trend backfired against few companies as many of their infrastructure was compromised as hackers exploited vulnerable points exposed by the workforce working remotely.

Mobile 115

Mobile Backups Cyber threats Education 115

Bleeping Computer

APRIL 7, 2021

Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack. [.].

Malware 108

Malware Hacking 108

The Hacker News

APRIL 7, 2021

Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages.

Malware 108

Malware Cybersecurity 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

APRIL 7, 2021

A new supply chain attack made the headlines, threat actors compromised at least one update server of smartphone maker Gigaset to deliver malware. The German device maker Gigaset was the victim of supply chain attack, threat actors compromised at least one server of the company to deliver malware. Gigaset AG , formerly known as Siemens Home and Office Communication Devices, is a multinational corporation based Germany.

Malware 111

Malware Adware Firmware Accountability 111

Malwarebytes

APRIL 7, 2021

Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. The app was available on Google Play and Apple’s App Store and also claimed to be from SatoshiLabs , the creators of Trezor. According to the Washington Post , the fake Trezor app, which was on the App Store for at least two weeks (from 22 January to 3 February), was downloaded 1,000 times before it was taken down.

Cryptocurrency 106

Cryptocurrency Scams Engineering Accountability 106

The Hacker News

APRIL 7, 2021

Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn some important AWS security tips.

Authentication 105

Authentication 105

Security Boulevard

APRIL 7, 2021

On 3rd April 2021, the personal data of more than 500 million Facebook users globally was published on a low-level hacking forum for. The post 533 Million Facebook Users Affected in a Massive Data Breach appeared first on Kratikal Blog. The post 533 Million Facebook Users Affected in a Massive Data Breach appeared first on Security Boulevard.

Data breaches 104

Data breaches Hacking Data privacy 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

APRIL 7, 2021

Newly discovered Android malware found on Google's Play Store disguised as a Netflix tool is designed to auto-spread to other devices using WhatsApp auto-replies to incoming messages. [.].

Malware 95

Malware 95

The Hacker News

APRIL 7, 2021

Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs.

104

104

CyberSecurity Insiders

APRIL 7, 2021

Hackers have set their eyes on mission critical SAP applications for stealing data and disrupting critical processes, mostly in manufacturing and operational sector. The highlight in the find is that the threat actors are exploiting a bug in the SAP application to deploy ransomware not before stealing data. Massachusetts based application security offering company Onapsis made this discovery in association with Germany-based SAP SE.

Cyber Attacks 102

Cyber Attacks Manufacturing Software Cybersecurity 102

The Hacker News

APRIL 7, 2021

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.

Hacking 104

Hacking Passwords 104

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

APRIL 7, 2021

The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators.

Media 101

Media 101

Bleeping Computer

APRIL 7, 2021

Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots. [.].

Phishing 85

Phishing 85

The Hacker News

APRIL 7, 2021

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.

Authentication 100

Authentication 100

SecureWorld News

APRIL 7, 2021

It is very likely that the COVID-19 pandemic forced your organization to accelerate its digital transformation (DX) strategies. Doing it successfully and securely has been a challenge. There are a lot of lingering questions: What do organizations do to transform their infrastructure to where it needs to be from a technology standpoint? What impact do your people have on the digital transformation process?

Digital transformation 99

Digital transformation Architecture Technology Engineering 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.