Schneier on Security

NOVEMBER 17, 2022

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all.

Authentication 335

Authentication Passwords Accountability Media 335

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand.

Ransomware 300

Ransomware Encryption Backups Healthcare 300

Bleeping Computer

NOVEMBER 17, 2022

Microsoft has released optional out-of-band (OOB) updates to fix a known issue triggering Kerberos sign-in failures and other authentication problems on enterprise Windows domain controllers after installing cumulative updates released during November's Patch Tuesday. [.].

Authentication 142

Authentication 142

Tech Republic Security

NOVEMBER 17, 2022

This week’s trending news features a primer on Industrial IoT, new and upcoming features for Windows users and the latest cybersecurity threats. The post Tech news you may have missed: Nov. 10 – 17 appeared first on TechRepublic.

IoT 122

IoT Cybersecurity Software 122

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

eSecurity Planet

NOVEMBER 17, 2022

Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. Members of Laminar Labs’ research team recently found that one in five public-facing cloud storage buckets contains personally identifiable information (PII) – and the majority of that data isn’t even supposed to be online in the first place.

Data privacy 131

Data privacy Risk Marketing Passwords 131

Dark Reading

NOVEMBER 17, 2022

Researchers find current data protections strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defense initiatives.

129

129

Anton on Security

NOVEMBER 17, 2022

As we discussed in our blogs, “ Achieving Autonomic Security Operations: Reducing toil ”, “ Achieving Autonomic Security Operations: Automation as a Force Multiplier ,” “Achieving Autonomic Security Operations: Why metrics matter (but not how you think)” , and the latest “More SRE Lessons for SOC: Release Engineering Ideas” your Security Operations Center (SOC) can learn a lot from what IT ops discovered during the Site Reliability Engineering (SRE) and DevOps revolution.

Engineering 100

Engineering Software Data collection Architecture 100

Bleeping Computer

NOVEMBER 17, 2022

The Federal Bureau of Investigation (FBI) said today that the notorious Hive ransomware gang has successfully extorted roughly $100 million from over a thousand companies since June 2021. [.].

Ransomware 123

Ransomware 123

CyberSecurity Insiders

NOVEMBER 17, 2022

Companies are nowadays showing more interest in moving their data and application assets onto Cloud. But are still concerned about how well the CSP will protect their data against hacks and data breaches, although it allows users to encrypt it to the core. Here’s what Microsharding Technology comes to their rescue. Speaking specifically, the technology isn’t new as businesses involved in the business of data storage have been using it since 2017 to mitigate performance issues.

Ransomware 120

Ransomware Encryption Technology Data breaches 120

Security Affairs

NOVEMBER 17, 2022

Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems. The public schools started experiencing a systems outage affecting critical operating systems on Monday, the outage occurred because they were victims of a ransomware attack detected over the weekend.

Ransomware 119

Ransomware Cybercrime Hacking Cybersecurity 119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

NOVEMBER 17, 2022

Everything you need to know to ensure accurate vendor risk management through understanding security questionnaires. The post What is a Security Questionnaire and Why is It Important? appeared first on Scytale. The post What is a Security Questionnaire and Why is It Important? appeared first on Security Boulevard.

Risk 113

Risk Government 113

Heimadal Security

NOVEMBER 17, 2022

MFA Fatigue seems to be hackers` favorite tool this fall, as we have lately witnessed an increase in numbers of this kind of cyber-attack. We are now at the point where it seems that an MFA Fatigue attack can happen to anyone. If you think that being a giant company with a strong IT security […]. The post MFA Fatigue Attacks Are on the Rise appeared first on Heimdal Security Blog.

Cyber Attacks 111

Cyber Attacks Cybersecurity 111

Security Boulevard

NOVEMBER 17, 2022

This post describes an abuse of hard matching synchronization in Azure AD Connect that can lead to Azure AD account takeover. These findings build on the research that Semperis published in August, which described abuse of soft matching (also known as SMTP matching). This SyncJacking vulnerability means that an attacker with certain privileges can abuse.

Accountability 113

Accountability 113

Bleeping Computer

NOVEMBER 17, 2022

Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. [.].

Phishing 110

Phishing Malware Software 110

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

NOVEMBER 17, 2022

Are your cybersecurity efforts sufficient for meeting the regulations and requirements for your industry? If not, you could face fines and fees — or worse, you could suffer the consequences of a severe data breach. . To ensure you maintain adequate data security measures, you need to conduct regular cybersecurity compliance audits. External agencies may require such an audit to ensure your efforts meet their requirements.

Cybersecurity 113

Cybersecurity Data breaches Risk Government 113

eSecurity Planet

NOVEMBER 17, 2022

Speakers at last week’s MITRE ResilienCyCon conference had a surprisingly candid message for attendees: You will likely be breached at some point so focus on the controls and response capabilities your organization needs to survive a cyber attack. The conference’s focus on cyber resilience doesn’t mean that organizations should abandon core security defenses like EDR , access control and firewalls , but they should be prepared for the advanced threats that will, at some point,

Backups 111

Backups CISO Encryption Ransomware 111

Security Boulevard

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things,… Read More ». The post Researchers Quietly Cracked Zeppelin Ransomware Keys appeared first on Security Boulevard.

Ransomware 112

Ransomware Manufacturing Technology Cybersecurity 112

Heimadal Security

NOVEMBER 17, 2022

A significant increase in “TrojanOrders” attacks against Magento 2 websites is being attributed to at least seven hacker groups. These attacks take advantage of a flaw that lets threat actors infiltrate unprotected servers. Hacking groups are fighting each other to take control of the infected sites. Almost 40% of the Magneto 2 websites are being […].

Hacking 108

Hacking Cybersecurity 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

NOVEMBER 17, 2022

Due to the COVID-19 pandemic, a large-scale and abrupt shift in employee work habits from in-office to home-based work produced unforeseen dangers to data privacy in addition to logistical and cybersecurity issues for enterprises. It’s crucial for organizations to reduce the data privacy threats that could harm their operations as they concentrate on being effective.

Data privacy 109

Data privacy Cybersecurity VPN Security Awareness 109

Security Affairs

NOVEMBER 17, 2022

Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide.

eCommerce 107

eCommerce Hacking Authentication Technology 107

Security Boulevard

NOVEMBER 17, 2022

Noname Security today added a Noname Recon module to its platform for securing application programming interfaces (APIs) that makes it possible to discover active patterns being employed by cybercriminals. Dor Dankner, head of research for Noname Security, said the company is now scanning public sources to surface threat intelligence concerning attacks being made against APIs.

Security Awareness 109

Security Awareness Malware Cybersecurity 109

Quick Heal Antivirus

NOVEMBER 17, 2022

Cybercrimes have been on the rise post-pandemic and are becoming even more sophisticated. Digitization and work from home. The post Quick Heal Launches an all new version 23 – Smart, Secure and Sustainable appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Cybercrime 105

Cybercrime Antivirus Internet Internet 105

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

NOVEMBER 17, 2022

Why do some companies fare so poorly with cybersecurity audits and with putting audit findings to good use? The post Cybersecurity Audits: What to Expect, How to Perform One, and What to Do With Your Findings appeared first on Hyperproof. The post Cybersecurity Audits: What to Expect, How to Perform One, and What to Do With Your Findings appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity 109

Security Affairs

NOVEMBER 17, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. The sophisticated phishing campaign exploits the reputation of international brands and targets businesses in multiple industries, including retail, banking, travel, and energy.

Phishing 103

Phishing Adware Retail Malware 103

Security Boulevard

NOVEMBER 17, 2022

Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and experts in the industry. The post Wicked Good Development: Key Takeaways From the State of the Software Supply Chain Report appeared first on Security Boulevard.

Software 104

Software 104

CSO Magazine

NOVEMBER 17, 2022

Google’s Android operating system dominates smartphone usage throughout the world — in every region except North America and Oceania, in fact. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile devices. Even in areas where Apple’s iPhone dominates or is comparable in market share, businesses are likely to support or issue Android devices at least as a secondary option.

CISO 103

CISO Mobile Marketing 103

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

NOVEMBER 17, 2022

F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints. [.].

100

100

Security Boulevard

NOVEMBER 17, 2022

Open source has a security problem, and that could have real-world impact when it affects critical infrastructure. According to research from Synopsis, 78% of code in codebases is open source, and 81% of the codebases have at least one vulnerability. That number goes up to 88% when the code sits untouched with no feature updates. The post Critical Infrastructure’s Open Source Problem appeared first on Security Boulevard.

IoT 98

IoT Risk Government Cybersecurity 98

Bleeping Computer

NOVEMBER 17, 2022

Microsoft has urged developers still using the long-term support (LTS) release of .NET Core 3.1 to migrate to the latest.NET Core versions until it reaches the end of support (EOS) next month. [.].

98

98

Security Boulevard

NOVEMBER 17, 2022

Dell Technologies today unveiled an integrated Dell PowerProtect Data Manager Appliance that increases cyberresilience by using machine learning algorithms to automatically discover assets—including VMware virtual machines—and then take snapshots to automatically back them up. Beginning in January, Dell is offering a Cyber Recovery Guarantee as part of the effort that will provide qualifying organizations with.

Technology 98

Technology Backups Ransomware Malware 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.