Schneier on Security

APRIL 15, 2021

The office of the Director of National Intelligence released its “ Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity.

Surveillance 335

Surveillance Cyber threats Government Software 335

Tech Republic Security

APRIL 15, 2021

The banks are being exploited in attacks targeting people filing taxes, getting stimulus checks and ordering home deliveries, says Check Point.

Phishing 200

Phishing Banking 200

CSO Magazine

APRIL 15, 2021

Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d be close. “Qwerty” is another contender for the dubious distinction, but the champion is the most basic, obvious password imaginable: “123456.” Yes, tons of people still use “123456” as a password, according to NordPass's 200 most common passwords of the year for 2020, which is based on analysis of passwords exposed by data breaches.

Passwords 145

Passwords Data breaches 145

Tech Republic Security

APRIL 15, 2021

Targeting global companies, the attackers are likely seeking confidential data on the distribution and storage of the coronavirus vaccines, says IBM Security X-Force.

Phishing 169

Phishing 169

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

APRIL 15, 2021

There hasn’t been much good news in cybersecurity lately. In the first three months of 2021, organizations have been exposed by zero-days in Microsoft Exchange and Accellion’s secure file transfer appliance, and there have been revelations of three more malware strains related to the SolarWinds Orion product. This brings the total number of malware related.

Cybersecurity 145

Cybersecurity Malware Cryptocurrency Risk 145

Malwarebytes

APRIL 15, 2021

Two weeks after Google launched a trial to replace run-of-the-mill online user tracking with new-fangled online user tracking, several companies and organizations have pushed back, criticizing the new technology—called FLoC —which is designed to respect people’s privacy more, as a detriment to user privacy. The good news is that, if you want to escape Google’s silent experiment into how it thinks you should be tracked across websites , you now have several options.

Technology 145

Technology Advertising Internet Internet 145

Webroot

APRIL 15, 2021

At Webroot, we could go on and on about user experience (UX) design. The study of the way we interact with the tools we use has spawned entire industries, university programs and professions. A Google Scholar search of the term returns over 300 thousand results. Feng Shui, Leonardo Davinci and Walt Disney are all described as important precedents for modern UX.

Software 145

Software Engineering Cybersecurity 145

We Live Security

APRIL 15, 2021

Other common and easily hackable password choices include the names of relatives and sports teams, a UK study reveals. The post One in six people use pet’s name as password appeared first on WeLiveSecurity.

Passwords 144

Passwords 144

Google Security

APRIL 15, 2021

Posted by Brooke Davis and Eugene Liderman, Android Security and Privacy Team With all of the challenges from this past year, users have become increasingly dependent on their mobile devices to create fitness routines, stay connected with loved ones, work remotely, and order things like groceries with ease. According to eMarketer , in 2020 users spent over three and a half hours per day using mobile apps.

Mobile 141

Mobile VPN IoT Internet 141

CyberSecurity Insiders

APRIL 15, 2021

In 2020, ransomware was the most widely-used method of delivering cyber attacks, accounting for 23% of security events handled by the IBM Security X-Force. One attack alone scored profits of more than $123 million for the perpetrators, according to an IBM report. A distant second to ransomware, the report says, was data theft (13%), followed by server access (10%).

Ransomware 140

Ransomware Manufacturing Phishing Insurance 140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Adam Shostack

APRIL 15, 2021

A bunch of people recently asked me about Robert Reichel’s post “ How We Threat Model ,” and I wanted to use it to pick up on Threat Model Thursdays, where I talk about process and practices. My goal is always to build, and sometimes that involves criticism. So let me start by saying I like the way that they frame it: “At GitHub, threat modeling isn’t necessarily a specific tool or set of deliverables—it’s a process to help foster ongoing discussions between security and

Engineering 113

Engineering 113

Hot for Security

APRIL 15, 2021

Users of the employment-oriented online service are being targeted with an assortment of phishing emails and scams in an attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads. According to Bitdefender Antispam Lab telemetry, ramifications of the LinkedIn data leak incident seem to have already manifested through new spam campaigns targeting inboxes of hundreds of thousands of users.

Scams 134

Scams Phishing Passwords Accountability 134

Security Boulevard

APRIL 15, 2021

The post Streaming app security: why you should protect code as well as content appeared first on Intertrust Technologies. The post Streaming app security: why you should protect code as well as content appeared first on Security Boulevard.

Technology 134

Technology 134

The Hacker News

APRIL 15, 2021

A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts.

Malware 129

Malware Cybersecurity 129

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

APRIL 15, 2021

2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven by growth in sectors such as identity management , zero trust , managed security services, DevSecOps and cloud security.

Cybersecurity 125

Cybersecurity 125

Bleeping Computer

APRIL 15, 2021

?Nothing attracts a scammer more than money, and with the NFT craze generating a ton of sales, threat actors are trying to capitalize on it. [.].

Malware 135

Malware 135

The State of Security

APRIL 15, 2021

The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. Read more in my article on the Tripwire State of Security blog.

Cyber Attacks 120

Cyber Attacks Hacking Malware 120

CyberSecurity Insiders

APRIL 15, 2021

The Threat Intelligence team at CloudPassage is in a continuous ARR (Anticipate, Research, Respond) loop. Our Real-Time Vulnerability Alerting Engine harnesses public data and applies proprietary data analytics to cut through the noise and get real-time alerts for highly seismic cloud vulnerability exposures and misconfigurations—making vulnerability fatigue a thing of the past.

Engineering 120

Engineering Software Cybersecurity 120

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

APRIL 15, 2021

A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests. [.].

Cybersecurity 117

Cybersecurity 117

Security Boulevard

APRIL 15, 2021

Here are my unvarnished thoughts on this week of security news…in 60 second snippets. Many thanks to Steve Prentice, CISO Series and Cyber Security Headlines for having me on and asking the hard questions! The post Cyber Security Headlines – Week in Review – April 12-16, 2021 appeared first on Security Boulevard.

CISO 118

CISO Network Security 118

Dark Reading

APRIL 15, 2021

Security 101: In the wake of an incident, it's important to cover all your bases -- and treat your IR plan as a constantly evolving work in progress.

125

125

Security Boulevard

APRIL 15, 2021

There’s a certain irony that an invitation-only social media platform would find a hacker posted data on 1.3 million of its users on an online forum. But that’s exactly where Clubhouse found itself over the weekend; proffering by way of explanation that user profile data is accessible by virtually anyone using its app or through. The post Clubhouse Exclusivity Applies to Membership, Not Data appeared first on Security Boulevard.

Media 112

Media Data breaches Data privacy Cybersecurity 112

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CyberSecurity Insiders

APRIL 15, 2021

This blog was jointly written with Ofer Caspi. Some of the links in this blog require an OTX account, and the QakBot infrastructure tracker will require readers to be customers with access to the Threat Intel subscription. Thanks to the following researchers and the MalwareBazaar Project: @0verfl0w_. @_alex_il_. @malware_traffic. @lazyactivist192. @JAMESWT_MHT.

Cybercrime 112

Cybercrime Accountability Malware Cybersecurity 112

Security Affairs

APRIL 15, 2021

Over $760 million worth of Bitcoin that were stolen from cryptocurrency exchange Bitfinex in 2016 were moved to new accounts. More than $760 million worth of Bitcoin, stolen from Asian cryptocurrency exchange Bitfinex in 2016 , were moved on Wednesday to new accounts. On August 2016, the Asian Bitfinex suffered a security breach that resulted in the theft of 120,000 Bitcoin, the incident had serious repercussions on the Bitcoin value that significantly dropped after the security breach (-20% dec

Cryptocurrency 113

Cryptocurrency Hacking Accountability Marketing 113

Security Boulevard

APRIL 15, 2021

Dating apps and online dating have become the only options for finding love during the COVID-19 pandemic. However, while some users are finding love online, others are finding heartbreak and an unlucky few are finding something much worse. Just as the use of dating apps and websites has found their way into the hearts of. The post Heartbreak and Hacking: Dating Apps in the Pandemic appeared first on Security Boulevard.

Hacking 110

Hacking Cybersecurity 110

Bleeping Computer

APRIL 15, 2021

The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies. [.].

Government 109

Government Hacking 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

APRIL 15, 2021

Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems.

Engineering 110

Engineering 110

Cisco Security

APRIL 15, 2021

CRN has released its list of the Ten Hottest New Cloud Security Tools of 2020 and I am incredibly proud to say that Cloud Mailbox is featured on the list. After all of the work I’ve seen poured into the project in the lead-up to the launch, it is wonderful to see industry recognition and to share it with the talented group of Cisco folks who made it happen.

Marketing 104

Marketing Engineering Technology 104

Security Boulevard

APRIL 15, 2021

Cybercrime is on the rise across all levels of industry and government. Nowhere is that more apparent than in financial services, where firms like banks and credit unions experience attacks nearly 300x more often than other industries. This is even accounting for the increased risk of cyberattack that schools and healthcare organizations faced as targets of opportunity in the COVID-19 pandemic. .

Banking 105

Banking Cybersecurity Financial Services Healthcare 105

Security Affairs

APRIL 15, 2021

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released ones, among the issues addressed by the software giant there is a critical flaw in SAP Commerce. “Similar to SAP’s February Patch Day, the only HotNews note besides the regularly recurring SAP Business Client note #2622660 and the minor

Engineering 106

Engineering Software Hacking Information Security 106

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.