Tech Republic Security

DECEMBER 28, 2021

If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.

211

211

Bleeping Computer

DECEMBER 28, 2021

Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. [.].

Passwords 145

Passwords Accountability 145

Security Boulevard

DECEMBER 28, 2021

The post Top DevOps Trends That Will Dominate in 2022 appeared first on PeoplActive. The post Top DevOps Trends That Will Dominate in 2022 appeared first on Security Boulevard.

144

144

Bleeping Computer

DECEMBER 28, 2021

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved. [.].

145

145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

DECEMBER 28, 2021

Many employees at businesses worldwide have been forced to work from home because of COVID-19 related social distancing mandates. The security of employee home networks, and of the devices connected to them, are becoming increasingly important considerations for organizations that need to continue to support a large remote workforce for the foreseeable future.

Technology 144

Technology 144

Bleeping Computer

DECEMBER 28, 2021

The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. [.].

Passwords 145

Passwords Malware 145

Bleeping Computer

DECEMBER 28, 2021

An Amazon Echo owner was left shocked after Alexa proposed a dangerous challenge to her 10-year old child. AI-powered virtual assistants like Alexa that power smart devices and speakers such as Echo, Echo Dot, and Amazon Tap, come with a plethora of capabilities, including playing verbal games. [.].

Technology 141

Technology 141

Dark Reading

DECEMBER 28, 2021

Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.

134

134

CSO Magazine

DECEMBER 28, 2021

I wrote previously of what the key ingredients are for a successful travel program might include, as it was a topic which had not garnered much attention over the course of the past couple of years as pandemic took hold. What most entities have experienced since early 2020 is the IT scramble to accommodate the migration by employees from onsite and in their seat, to off-site and sitting wherever they could find internet access.

CISO 133

CISO Internet Internet 133

CyberSecurity Insiders

DECEMBER 28, 2021

T Mobile that suffered a massive data breach in August this year has again fallen prey to a similar hack in December 2021 that saw information leak of a small set of the telecom company customers. According to those reporting to our Cybersecurity Insiders, the attack took place in three forms, with the first targeting the customer proprietary network info(cpni), and second related to SIM swap and third involving customers targeted with both the said forms of incidents.

Data breaches 131

Data breaches Mobile Accountability Cyber Attacks 131

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

DECEMBER 28, 2021

The cyber-espionage APT (advanced persistent threat) group tracked as 'BlackTech' was spotted using a novel malware called 'Flagpro' in attacks against Japanese firms. [.].

Malware 127

Malware 127

CyberSecurity Insiders

DECEMBER 28, 2021

All those using cryptocurrency wallets, you better be aware of this crypto scam that is being spread through Telegram. Information is out that some hackers in the name of ‘Smokes Night’ are stealing cryptocurrency from the users’ wallets by spreading Echelon Malware on Telegram. Technically, Echelon is a malicious software that is into the tactic of stealing information of those using Telegram messaging services.

Malware 130

Malware Cryptocurrency Scams Mobile 130

The Hacker News

DECEMBER 28, 2021

The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.

Software 123

Software 123

Security Boulevard

DECEMBER 28, 2021

This week brought news of Chinese hackers attacking Microsoft Exchange. But why did Microsoft wait eight weeks to tell anyone? The post Best of 2021 – Chinese Exchange Hack: At Best, Microsoft is Incompetent appeared first on Security Boulevard.

Hacking 122

Hacking Cybersecurity Network Security 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

DECEMBER 28, 2021

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.

IoT 121

IoT Mobile 121

CyberSecurity Insiders

DECEMBER 28, 2021

McMenamins, a family owned company of crafted breweries in Oregon & Washington, has reportedly suffered a ransomware attack, blocking down several of its digital services like hotel room booking and such. The employees of the company have been asked to use other digital services to stay in touch with each other and were given a hint that it might take at least 10 days for the business to recover from the incident.

Ransomware 114

Ransomware Encryption Manufacturing Cryptocurrency 114

Security Boulevard

DECEMBER 28, 2021

In this article, we’ll take a look back at the changes to the OWASP Top 10 this past year. Photo by Anna Tarazevich from Pexels. It’s been four years since OWASP updated its Top 10 list , but this year we got three brand new categories along with a reshuffling of the rest. As we head into 2022, we’ll take a look at the generalization of the guidance offered by OWASP, changes in how the team determined which issues were included/excluded, and how some things never change.

Software 113

Software Risk Authentication 113

The Hacker News

DECEMBER 28, 2021

Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.

Malware 112

Malware Hacking Cybersecurity 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

DECEMBER 28, 2021

Experts warn of malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised systems. Security expert from Morphus Labs recently observed several malicious campaigns abusing Microsoft Build Engine ( MSBuild ) to execute a Cobalt Strike payload on compromised machines. MSBuild is a free and open-source build toolset for managed code as well as native C++ code and was part of.NET Framework.

Engineering 110

Engineering Encryption Malware Internet 110

Dark Reading

DECEMBER 28, 2021

Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021.

117

117

Security Affairs

DECEMBER 28, 2021

Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving emails warning them that someone tried to use them to access their accounts. “Someone just used your master password to try to

Password Management 106

Password Management Passwords Accountability Authentication 106

Security Boulevard

DECEMBER 28, 2021

The City of Keizer is a beautiful community in the Willamette Valley of Oregon. The city offers an ideal environment, delivering a range of services to citizens, from parks and public works to police protection. However, even from its earliest days, there have been hazards to overcome. As a settlement in the 1800s, floods forced the community to rebuild on.

Passwords 104

Passwords Cybersecurity Ransomware 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Heimadal Security

DECEMBER 28, 2021

A jump in the number of eCh0raix ransomware attacks on the systems of QNAP NAS devices has been reported by users. The ransomware is also known under the name of QNAPCrypt. It seems that the cybercriminals behind eCh0raix started to increase their activity a week before the Christmas holidays. They are targeting devices with admin […]. The post An Increased Wave of eCh0raix Ransomware Attacks Hits QNAP NAS Devices appeared first on Heimdal Security Blog.

Ransomware 104

Ransomware Cybersecurity 104

Security Boulevard

DECEMBER 28, 2021

The cybersecurity market offers excellent solutions and services to combat the threats that are exploited by cybercriminals. However, are these tools enough to fully protect an organization? It is clear that human error is a strong attack vector for many popular cybercrimes, so the best way to augment any security program is to create a cyber-aware workforce.

Cybersecurity 103

Cybersecurity Cybercrime Marketing Security Awareness 103

Bleeping Computer

DECEMBER 28, 2021

Samsung's official Android app store, called the Galaxy Store, has had an infiltration of riskware apps that triggered multiple Play Protect warnings on people's devices. [.].

Mobile 99

Mobile 99

Security Boulevard

DECEMBER 28, 2021

The post Top 10 Challenges of DevOps Adoption in 2022 appeared first on PeoplActive. The post Top 10 Challenges of DevOps Adoption in 2022 appeared first on Security Boulevard.

98

98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Appknox

DECEMBER 28, 2021

Cybersecurity incidents aren’t rare for businesses now. In fact, in the first 6 months of 2021, around 1767 data breach incidents rocked the business world and exposed more than 18 billion records. And one of the hardest-hit industry verticals from threatening cyber-attacks is the financial industry.

Cybersecurity 98

Cybersecurity Data breaches Cyber Attacks 98

Security Boulevard

DECEMBER 28, 2021

It’s been another chaotic year in cybersecurity, as protecting web applications and stopping sensitive data breaches remain top-of-mind issues and continue to generate headline news. As 2021 comes to a close, cybersecurity and all the industries it serves is dealing with an unprecedented zero-day vulnerability in the form of CVE-2021-44228 – just 12 months after […].

Cybersecurity 98

Cybersecurity Data breaches Data privacy DDOS 98

Security Affairs

DECEMBER 28, 2021

Researchers analyzed the DoubleFeature logging tool of DanderSpritz Framework that was used by the Equation Group APT group. Check Point researchers have published a detailed analysis of the DoubleFeature tool used to log post-exploitation activities in attacks conducted by the Equation Group and involving the DanderSpritz malware framework. DanderSpritz made the headlines on April 14, 2017, when it was leaked by the Shadow Broker hacking group along with other tools and exploits belonging to NS

Antivirus 92

Antivirus Malware Hacking Engineering 92

Dark Reading

DECEMBER 28, 2021

To comply with the updated COPPA Rule, online ad platforms need to change how they handle viewers who might be children.

112

112

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.