Krebs on Security

OCTOBER 7, 2022

When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule.

Banking 254

Banking Accountability Scams Passwords 254

Troy Hunt

OCTOBER 7, 2022

Geez it's nice to be home 😊 It's nice to live in a home that makes you feel that way when returning from a place as beautiful as Bali 😊 This week's video is dominated by the whole discussion around this tweet: I love that part of the Microsoft Security Score for Identity in Azure improves your score if you *don't* enforce password rotation, what a sign of the times!

Passwords 241

Passwords 241

Tech Republic Security

OCTOBER 7, 2022

SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.

Ransomware 202

Ransomware Malware Cybersecurity 202

SecureList

OCTOBER 7, 2022

Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse.

Malware 141

Malware Computers and Electronics Telecommunications Encryption 141

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

OCTOBER 7, 2022

Blockchain investigators have uncovered at least $4 million—and counting—in cryptocurrency fundraising has reached Russia's violent militia groups.

Cryptocurrency 144

Cryptocurrency 144

Tech Republic Security

OCTOBER 7, 2022

Dario Betti talks to TechRepublic about the stir-shaken concept, investing in the right tech and other issues. The post Mobile Ecosystem Forum CEO talks privacy, security and the future of the mobile industry appeared first on TechRepublic.

Mobile 117

Mobile 117

Dark Reading

OCTOBER 7, 2022

The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.

Software 124

Software Hacking 124

CSO Magazine

OCTOBER 7, 2022

We have witnessed increased cyberattacks on the Latin American region in recent days. Mexico’s President Obrador confirmed that its government has suffered what is perhaps a sensitive attack on its intelligence and armed forces. Chilean Armed Forces suffered a similar attack and its judiciary system was also compromised. The Colombian National Institute for Drug and Food Surveillance (INVIMA) was also attacked.

Surveillance 113

Surveillance Risk Government Ransomware 113

Dark Reading

OCTOBER 7, 2022

A boom in artificial intelligence-powered detection and remediation tools pushes security spending to the top of the AI market, according to Forrester.

Marketing 123

Marketing Artificial Intelligence Accountability Software 123

CSO Magazine

OCTOBER 7, 2022

Business leaders spend most of their time conducting risk/reward analyses of virtually every decision they make. Will expanding the sales staff generate enough profit to more than pay for the added costs? Can our new product launch hit the market before the competitors shift their own strategies? Do we know enough about the geopolitical climate in a new market to justify the added costs and hassles in compliance and governance?

Risk 113

Risk Cybersecurity Marketing Government 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

OCTOBER 7, 2022

Seems like Cyber fraudsters are increasingly targeting the UK populace in a hope of making easy money. Because from the past few weeks, some innocent victims are being receiving fraudulent SMSes that seek virtual purchase of products from reputable shopping platforms and get a commission for boosting sales, which is completely false. And as the shopping season fast approaching the said tactic of fake promotional campaign is said to surge by 50-60 percent in coming weeks.

Accountability 111

Accountability Scams Cyber threats Marketing 111

Cisco Security

OCTOBER 7, 2022

Whether or not you’ve heard the term “doxxing” before, you’re probably familiar with the problem it names: collecting personal information about someone online to track down and reveal their real-life identity. The motivations for doxxing are many, and mostly malicious: for some doxxers, the goal in tracking someone is identity theft. For others, it’s part of a pattern of stalking or online harassment to intimidate, silence or punish their victim – and overwhelmingly, victims are youth and youn

Media 107

Media Identity Theft Accountability Internet 107

CyberSecurity Insiders

OCTOBER 7, 2022

Paige Thompson, former Amazon software engineer, was sentenced to a limited time jail term and a 5-year probation for causing anxiety among millions of people who were concerned about the private data leak. Probably, Ms. Thompson, happens to be the first transgender to be found guilty in a digital attack case and will have to face extremely harsh time as she is suffering from mental issues.

Insurance 108

Insurance Engineering Banking Accountability 108

eSecurity Planet

OCTOBER 7, 2022

In a case that ups the stakes for CSOs dealing with data breaches, former Uber chief security officer Joe Sullivan was found guilty by a federal jury earlier this week of obstructing justice and of misprision (concealing) of a felony in connection with his coverup of a 2016 breach. United States Attorney Stephanie M. Hinds said in a statement that technology companies that collect and store vast amounts of user data must protect that data and alert customers and authorities if it’s stolen.

Data breaches 107

Data breaches Data privacy Cybersecurity CISO 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

OCTOBER 7, 2022

A Netscout Systems report concluded that the number of distributed denial-of-service (DDoS) attacks launched in the first half of this year exceeded six million. The Netscout report was based on statistics collected from internet service providers (ISPs) around the world. The research also noted that TCP-based flood attacks, which first appeared in early 2021, are.

DDOS 105

DDOS Internet Internet Security Awareness 105

Bleeping Computer

OCTOBER 7, 2022

Video game publisher 2K emailed users on Thursday to warn that some of their personal info was stolen and put up for sale online following a September 19 security breach. [.].

105

105

Security Boulevard

OCTOBER 7, 2022

Ferrari’s security posture may not be quite as bold as its cars after attackers—allegedly, the ransomware group RansomEXX—leaked 7GB of the company’s data online. An account of the leak first surfaced in Corriere della Sera, an Italian newspaper that apparently viewed the documents on the Red Hot Cyber website, according to a Reuters report. Among. The post RansomEXX Claims Credit, Ferrari Denies Data Leak appeared first on Security Boulevard.

Ransomware 105

Ransomware Accountability Data breaches Malware 105

Heimadal Security

OCTOBER 7, 2022

With more businesses experiencing a digital transformation, cybersecurity risks are becoming an increasing concern for companies. According to ZDNET, 90% of the security leaders participating in a survey consider that their organizations are not prepared enough to address cybersecurity risks. Cyberattacks are getting more sophisticated and companies seem to struggle with the rapid pace of […].

Digital transformation 103

Digital transformation Cybersecurity Risk 103

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

OCTOBER 7, 2022

Cryptojacking is turning into a security nightmare for consumers and enterprises alike. Malicious actors have used a variety of techniques to install cryptojackers on victims' computers and in a new development, cybersecurity software maker Bitdefender has detected a cryptojacking campaign that uses a Microsoft OneDrive vulnerability to gain persistence and run undetected on infected devices.

Cryptocurrency 101

Cryptocurrency Software Cybersecurity 101

Heimadal Security

OCTOBER 7, 2022

If we are talking about a modern business environment, the endpoints of your company’s network are getting more and more varied and numerous. The goal is to keep them all safe, in the meantime preserving the mobility and comfort of employees and being up to date with the latest wireless gadget, let’s say. Sure, you […]. The post What Is Unified Endpoint Security (UES)?

Wireless 99

Wireless Mobile Cybersecurity 99

Security Affairs

OCTOBER 7, 2022

VMware this week addressed a severe vulnerability in vCenter Server that could lead to arbitrary code execution. VMware on Thursday released security patches to address a code execution vulnerability, tracked as CVE-2022-31680 (CVSS score of 7.2), in vCenter Server. The security issue is an unsafe deserialization vulnerability that resides in the platform services controller (PSC).

Hacking 99

Hacking Information Security 99

Security Boulevard

OCTOBER 7, 2022

On September 10, an attack was reported in the Zimbra forums where a malicious actor was able to upload a JSP web shell into the /public directory to execute a command, generating a pre-authentication key to login to an existing account. The post What We Know About the Zero-Day Vulnerability Affecting Zimbra Collaboration and cpio appeared first on Flashpoint.

Authentication 98

Authentication Accountability Cyber threats 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

OCTOBER 7, 2022

Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. An attacker can exploit the vulnerability to log into vulnerable devices. “An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform

Authentication 98

Authentication Firewall Hacking Risk 98

Security Boulevard

OCTOBER 7, 2022

As organizations move to a more digital environment, their dependence on third-party vendors continues to increase risk. This digital transformation has dramatically changed the security landscape to one where best. The post Why Proactive Cybersecurity is a Business Essential appeared first on SecZetta. The post Why Proactive Cybersecurity is a Business Essential appeared first on Security Boulevard.

Digital transformation 98

Digital transformation Cybersecurity Risk 98

Bleeping Computer

OCTOBER 7, 2022

Microsoft has confirmed a new known issue causing customers to experience a significant performance hit when copying large files over SMB after installing the Windows 11 22H2 update. [.].

98

98

Security Boulevard

OCTOBER 7, 2022

A recent report prepared by the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response and the Office of Energy Efficiency and Renewable Energy highlights the cybersecurity considerations to be taken into account for distributed energy resources (DER), such as solar, storage, and other clean energy technologies.

Cybersecurity 98

Cybersecurity Technology Accountability 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

OCTOBER 7, 2022

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications.

Phishing 98

Phishing 98

Security Boulevard

OCTOBER 7, 2022

This week in malware, we discovered and analyzed more than 100 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries. The post This Week in Malware – Over 100 Packages Discovered appeared first on Security Boulevard.

Malware 98

Malware 98

Bleeping Computer

OCTOBER 7, 2022

Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability. [.].

Firewall 98

Firewall 98

The Hacker News

OCTOBER 7, 2022

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices.

Firewall 96

Firewall Authentication 96

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.