Krebs on Security

APRIL 12, 2021

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. KrebsOnSecurity first heard about the breach from Gemini Advisory , a New York City based threat intelligence firm that keeps a close eye on the cybercrime forums.

Mobile 347

Mobile Passwords Accountability Cybercrime 347

Tech Republic Security

APRIL 12, 2021

The cybersecurity poverty line is a term that can help companies understand security gaps and build better awareness. Learn more about it and how it applies to your organization.

Cybersecurity 205

Cybersecurity 205

CSO Magazine

APRIL 12, 2021

Machine learning adoption exploded over the past decade, driven in part by the rise of cloud computing, which has made high performance computing and storage more accessible to all businesses. As vendors integrate machine learning into products across industries, and users rely on the output of its algorithms in their decision making, security experts warn of adversarial attacks designed to abuse the technology.

Engineering 145

Engineering Technology 145

Tech Republic Security

APRIL 12, 2021

DuckDuckGo has launched a new browser extension for Chrome that will prevent FLoC, a new tracking technique used by Google to support web advertising without identifying users.

Advertising 175

Advertising 175

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

APRIL 12, 2021

Many of us who read the news daily encounter a regular drum beat of ransomware stories that are both worrying and heartbreaking. And what many of us don’t realize is that they are often interconnected. Some of the gangs behind the ransomware campaigns that we read about have established a relationship among each other that can be described as “being in league with each other”, yet they lack certain elements that might cement their status as a true cartel in the digital underground world.

Ransomware 138

Ransomware Malware Media Cybersecurity 138

Tech Republic Security

APRIL 12, 2021

These bots grab some of the limited stock of the PS5 and Xbox on eBay and Amazon and then resell them at huge markups, says PerimeterX.

182

182

The Hacker News

APRIL 12, 2021

An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers.

Engineering 134

Engineering 134

Bleeping Computer

APRIL 12, 2021

?In future versions of Windows 10, Microsoft has removed the venerable 'Administrative Tools' and added a new 'Windows Tools' control panel with almost double the number of tools promoted within it. [.].

133

133

Trend Micro

APRIL 12, 2021

We provide the technical details of a supply chain attack on an improperly configured Azure DevOps Server 2020, specifically in the continuous integration and continuous delivery (CI/CD) Pipeline Agent communicating without TLS.

127

127

Bleeping Computer

APRIL 12, 2021

A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets. [.].

Ransomware 143

Ransomware 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

APRIL 12, 2021

Reports of another trove of scraped user data add to the recent woes of popular social media platforms. The post Clubhouse in the spotlight after user records posted online appeared first on WeLiveSecurity.

Media 123

Media 123

Bleeping Computer

APRIL 12, 2021

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge. [.].

Software 135

Software 135

Security Boulevard

APRIL 12, 2021

Earlier this month, our team wrote about the latest Facebook data breach and offered suggestions on how to improve your account security. Let's now walk through the steps you can take to enable two-factor authentication on your accounts. The post Facebook and Google Account Authentication | Avast appeared first on Security Boulevard.

Authentication 122

Authentication Accountability Data breaches Account Security 122

Bleeping Computer

APRIL 12, 2021

A group of security researchers known as the Secret Club took it to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players. [.].

Hacking 122

Hacking Engineering 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SC Magazine

APRIL 12, 2021

There has been an uptick in sophisticated ransomware intrusions where the Active Directory is compromised, according to a recent panel discussion. (“ “Active Directory” by arrayexception is licensed under CC BY-SA 2.0 ). The cybersecurity community paid close attention to ransomware actors’ escalation of business tactics in the last year, including double extortion, forming cartels and contacting individual victims directly.

Ransomware 120

Ransomware Media Encryption Risk 120

CyberSecurity Insiders

APRIL 12, 2021

This blog was written by an independent guest blogger. You’ve just been breached. What do you do next? Depending on personality, preparation, and ability under crisis, there are a variety of responses to choose from, some effective and some not. Hopefully, you’re the rare breed who plans in advance how to respond. Even better if this planning includes how to prevent them.

Data breaches 119

Data breaches Risk Cybersecurity Cyber threats 119

Tech Republic Security

APRIL 12, 2021

Use cases can make life easier for IT departments managing connectivity and access for thousands of home offices.

141

141

CSO Magazine

APRIL 12, 2021

Zero day definition. A zero day is a security flaw for which the vendor of the flawed system has yet to make a patch available to affected users. The name ultimately derives from the world of digital content piracy: if pirates were able to distribute a bootleg copy of a movie or album on the same day it went on sale legitimately (or maybe even before), it was dubbed a "zero day.

InfoSec 118

InfoSec Software Cybersecurity 118

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

APRIL 12, 2021

This blog was written by an independent guest blogger. “AI is likely to be either the best or worst thing to happen to humanity.” ~Stephen Hawking. Cyber-attacks are commonly viewed as one of the most severe risks to worldwide security. Cyber-attacks are not the same as they were five years back in aspects of availability and efficiency.

Cyber Attacks 115

Cyber Attacks Artificial Intelligence Technology Risk 115

Malwarebytes

APRIL 12, 2021

An Italian citizen’s apparent attempt to hire a hitman on the Dark Web has been undone by clever analysis of his Bitcoin transactions. The man, who is reported to be an IT worker employed by a major corporation, is alleged to have paid the hitman to assassinate his former girlfriend. What happened? According to a news article published by European policing entity Europol on April 7, they assisted Italian communications crime law enforcement Polizia Postale e Delle Comunicazioni in arrestin

Big data 114

Big data Cryptocurrency Cybercrime Marketing 114

Naked Security

APRIL 12, 2021

UK coronavirus app update apparently included "feature creep" that's explicitly prohibited by Apple's and Google's programming rules.

129

129

CyberSecurity Insiders

APRIL 12, 2021

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.

Education 109

Education Cybersecurity Technology Information Security 109

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SC Magazine

APRIL 12, 2021

( Forescout booth at #RSAC “ by sfoskett is licensed under CC BY-NC-SA 2.0 ). Forescout and JSOF on Tuesday announced “Name:Wreck,” a set of nine vulnerabilities in four popular TCP/IP stacks, including FreeBSD. The findings are the latest research to show how complexities in the TCP/IP standards can ultimately leads to vulnerable products. .

DNS 108

DNS Internet Internet Media 108

Security Boulevard

APRIL 12, 2021

Remote work is now ingrained into the fabric of how companies operate. Many have already realized this new working paradigm optimizes productivity. So much so, that an ever-growing list of companies – Salesforce, Facebook, Dropbox and more – have converted offices into “work studios,” allowing permanent remote work for 50% or more of their workforces.

Big data 107

Big data CISO Cybersecurity Network Security 107

Malwarebytes

APRIL 12, 2021

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Point3 Security chief strategist Chloé Messdaghi, HaveIBeenPwned founder Troy Hunt, and We Hack Purple founder and CEO Tanya Janca about security fatigue. Security fatigue is exactly what it sounds like. It’s the limit we all reach when security best practices become overbearing.

Scams 106

Scams Passwords Hacking Accountability 106

TrustArc

APRIL 12, 2021

In Part 1 of this blog series, we explored the consumer consent lessons that can be learned from sectors that have long grappled with consent. Our “hypothesis” is a simple one: specific industries that existed well in advance of the hyper digitalized world we live in today are well-practiced at working through consent issues. In […]. The post Cookie Consent and Privacy: Informed Consent Best Practices (Part 3) appeared first on TrustArc Privacy Blog.

106

106

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Hot for Security

APRIL 12, 2021

Online habits have changed dramatically over the past year, and adults are not the only ones spending more time online. Since the pandemic hit, limits on screen time for kids were tossed out as they turned to online platforms for school classes, activities, games and entertainment. This increased digital time helped spawn new cyber threats that put their online and physical safety at risk.

Identity Theft 105

Identity Theft Accountability Internet Internet 105

Bleeping Computer

APRIL 12, 2021

Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. [.].

DNS 103

DNS 103

The Hacker News

APRIL 12, 2021

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI).

Hacking 103

Hacking 103

CSO Magazine

APRIL 12, 2021

You can't navigate business challenges without the right instruments. Done right, analytics initiatives deliver the essential insights you need, as these five articles explore.

108

108

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.