Troy Hunt

JUNE 7, 2021

This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy. They are now the 2nd Latin American country and 20th country worldwide to have free and easy API level access to all their government domains. I'm going to continue onboarding governments as they reach out and ask for access, my hope being that greater visibility to the impact of data breaches helps minimise the disruption they cause t

Government 326

Government Data breaches 326

Schneier on Security

JUNE 7, 2021

In a 6-3 ruling , the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act : In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction. In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the “exceeds authorized access” language was, indeed, too broad.

Technology 175

Technology 175

Adam Shostack

JUNE 7, 2021

Finally! A Cybersecurity Safety Review Board is a new article by Steve Bellovin and myself at Lawfare. One element of President Biden’s executive order on cybersecurity establishes a board to investigate major incidents involving government computers in somewhat the way that the National Transportation Safety Board investigates aviation disasters. The two of us, among many others, have been advocating for such a board for many years.

Government 130

Government Cybersecurity Risk 130

Tech Republic Security

JUNE 7, 2021

Apple is once again demonstrating that it's all in on privacy with new user-protecting features for Mail, Siri, iCloud and additional app-tracking metrics.

161

161

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Hot for Security

JUNE 7, 2021

US authorities charged Alla Witte for helping build TrickBot, a type of malware that was active for many years in a worldwide campaign, defrauding numerous people. Taking down much of TrickBot was a group effort involving multiple countries and coordination that doesn’t usually happen with similar threats. While all of Trickbot’s infrastructure was eventually primarily dismantled, a few servers are still active in various countries where the law enforcement agencies had no jurisdiction.

Malware 145

Malware Identity Theft Banking Ransomware 145

We Live Security

JUNE 7, 2021

Hacking an orbiting satellite is not light years away – here’s how things can go wrong in outer space. The post Hacking space: How to pwn a satellite appeared first on WeLiveSecurity.

Hacking 145

Hacking Cybersecurity 145

Malwarebytes

JUNE 7, 2021

Amazon smart device owners only have until June 8 to opt out of a new program that will group their Echo speakers and Ring doorbells into a shared wireless network with their neighbors, a new feature that the shopping giant claims will provide better stability for smart devices during initial setup and through possible Internet connectivity problems.

Wireless 144

Wireless Internet Internet Encryption 144

Bleeping Computer

JUNE 7, 2021

The French competition authority has fined Google €220 million for abusing its dominant position in online advertising and favoring its services to the disadvantage of its publishers and competitors. [.].

Advertising 141

Advertising 141

Digital Shadows

JUNE 7, 2021

It’s been a pretty big year so far for cryptocurrency. After it reached an all-time high in April 2021, new. The post Cryptocurrency Attacks to be Aware of in 2021 first appeared on Digital Shadows.

Cryptocurrency 138

Cryptocurrency Marketing Cybercrime 138

Bleeping Computer

JUNE 7, 2021

The latest released version of Notepad++ is removing support for Bing search from the app after the "tank man" fiasco Microsoft had to deal with on Friday afternoon. [.].

Software 141

Software 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JUNE 7, 2021

AWS may seem like a black box to many compliance managers and auditors. After all, AWS has over. Read More. The post AWS Security Compliance Cheat Sheet appeared first on Hyperproof. The post AWS Security Compliance Cheat Sheet appeared first on Security Boulevard.

Cybersecurity 138

Cybersecurity 138

Bleeping Computer

JUNE 7, 2021

The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation. [.].

Ransomware 145

Ransomware 145

SecureList

JUNE 7, 2021

Gootkit is complex multi-stage banking malware that was discovered for the first time by Doctor Web in 2014. Initially it was distributed via spam and exploits kits such as Spelevo and RIG. In conjunction with spam campaigns, the adversaries later switched to compromised websites where the visitors are tricked into downloading the malware. Gootkit is capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious action

Malware 129

Malware Encryption Spyware Internet 129

Security Affairs

JUNE 7, 2021

Cybercriminals in Russian underground forums have been invited to take part in competitions for hacking cryptocurrency and NFT. Several Russian underground forums have launched competitions for hacking cryptocurrency schema and Non-fungible token (NFT). “Over the past month, operators of one of the top Russian-language cybercrime forums have been running a “contest,” calling for the community to submit papers that examine how to target cryptocurrency-related technology.” reads a post

Cryptocurrency 128

Cryptocurrency Cybercrime Hacking Technology 128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

JUNE 7, 2021

The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new, human-led direction. ?

Software 127

Software 127

Security Boulevard

JUNE 7, 2021

Roughly 2% of the top-grossing apps in Apple’s store are, in some way, “scams,” claims the Daily Bezos. The post Is Apple’s App Store ‘Teeming’ with Scams? appeared first on Security Boulevard.

Scams 125

Scams Social Engineering Security Awareness Engineering 125

CSO Magazine

JUNE 7, 2021

The bug bounty program landscape has undergone significant evolution in the last few years. Organizations of varying sizes and across industries commonly invest in some form of bug bounty model as the available options become more diverse, customizable, and affordable.

124

124

Bleeping Computer

JUNE 7, 2021

Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered at the end of last month. [.].

Data breaches 122

Data breaches Cybersecurity 122

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 7, 2021

AI is a hot buzzword in cybersecurity, but just because a security tool is labeled “AI-enabled” or “AI-powered” doesn’t mean the technology will translate easily to your cybersecurity system. There is still a lot to learn about AI, said Anne Townsend, department manager with MITRE, during the RSA session “AI-Powered Or Is It Just Hype?”. The post Choosing the Right AI Components in Your Security Tools appeared first on Security Boulevard.

Technology 119

Technology Cybersecurity CISO Risk 119

SecurityTrails

JUNE 7, 2021

Find out the community recommendations for best bug bounty courses and training programs that can help any beginner kickstart their hunting career.

131

131

Bleeping Computer

JUNE 7, 2021

Last week, NortonLifelock announced that the Norton 360 antivirus suite would soon be able to mine Ethereum cryptocurrency while the computer is idle. In this article, we go hands-on with the new 'Norton Crypto' feature to show what's good about it and what's bad. [.].

Antivirus 117

Antivirus Cryptocurrency Software 117

CyberSecurity Insiders

JUNE 7, 2021

This blog was written by an independent guest blogger. Cybersecurity is a leading concern for any business today. While this trend has made IT security a secure and potentially lucrative field, modern cybersecurity professionals also face growing challenges. If you hope to keep your business safe amid rising threats, you’ll have to overcome these obstacles.

Cybersecurity 111

Cybersecurity Cyber threats 111

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Identity IQ

JUNE 7, 2021

The recent Verizon Data Breach Investigations report shows that global cybercrime is on the rise. It’s a frightening prospect at first glance, but the good news is that the best line of defense may not be as complicated as you think. The Verizon report, which gathers information on 5,358 breaches from around the world, highlights how the COVID-19 pandemic moved many business operations into the cloud and the remote work environment provided the ideal platform for cybercriminals to exploit.

Cybercrime 110

Cybercrime Social Engineering Data breaches Antivirus 110

CyberSecurity Insiders

JUNE 7, 2021

Financial tech offering giant Delloite has made it official that it is going to acquire Cloud Security specialist CloudQuest for an undisclosed amount. And trade analysts state that the deal will help Delloite improve its Cloud Security Posture Management (CSPM) by integrating the Cloud Security Orchestration Automation and Response technology from CloudQuest. .

Cyber threats 110

Cyber threats Threat Detection Technology Risk 110

Security Affairs

JUNE 7, 2021

RockYou2021, the largest password compilation of all time has been leaked on a popular hacker forum, it contains 8.4 billion entries of passwords. . Original post at: [link]. What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.

Passwords 109

Passwords Data breaches Accountability Password Management 109

Security Boulevard

JUNE 7, 2021

As a security leader, you feel confident in your organization’s security stance. Your team worked hard to build. Read More. The post Defending Against Software Supply Chain Attacks: Recommendations From NIST appeared first on Hyperproof. The post Defending Against Software Supply Chain Attacks: Recommendations From NIST appeared first on Security Boulevard.

Software 109

Software CISO Risk Government 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

JUNE 7, 2021

Cybercriminals are scanning for VMware vCenter servers vulnerable to severe remote code execution (RCE) bug affecting all vCenter deployments and patched by VMware ten days ago. Last week, the threat intelligence company Bad Packets was the first to see the ongoing scanning activity, later corroborated by cybersecurity specialist Kevin Beaumont. The flaw, tracked as CVE-2021-21985, is situated in […].

Cybersecurity 109

Cybersecurity 109

WIRED Threat Level

JUNE 7, 2021

LineStar Integrity Services was hacked around the same time as Colonial Pipeline, but radical transparency activists have brought the attack to light.

Ransomware 119

Ransomware Hacking 119

Security Boulevard

JUNE 7, 2021

Passwords, the first line of defense, are often also the weakest links in the overall security posture of an organization. Therefore, it is in the interest of consumers and businesses, alike, to use strong and unique passwords to minimize exposure to evolving cyber threats. The digital-first world has led to the emergence of millions of […]. The post Strong and Unique Passwords Can Help Reduce Account Vulnerability appeared first on Security Boulevard.

Passwords 108

Passwords Accountability Cyber threats Network Security 108

ImmuniWeb

JUNE 7, 2021

Organizations will spend $327.5 billion in 2021 for AI systems according to the IDC report, but not all AI and Machine Leaning investments will bring the desired outcomes.

108

108

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.