Tue.Dec 29, 2020

article thumbnail

Happy 11th Birthday, KrebsOnSecurity!

Krebs on Security

Today marks the 11th anniversary of KrebsOnSecurity! Thank you, Dear Readers, for your continued encouragement and support! With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. And it’s perhaps fitting that this was also a leap year, piling on an extra day to a solar rotation that most of us probably can’t wait to see in the rearview mirror.

Scams 257
article thumbnail

How companies can use automation to secure cloud data

Tech Republic Security

Data automation allows companies to conduct operations more consistently, securely, and reliably. Learn how one company tackled the challenges.

218
218
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Japanese Kawasaki Heavy Industries discloses security breach

Security Affairs

Japanese giant Kawasaki Heavy Industries discovered unauthorized access to a Japanese company server from multiple overseas offices. Kawasaki Heavy Industries disclosed a security breach, the company discovered unauthorized access to a Japanese company server from multiple overseas offices. Information from its overseas offices might have been stolen as a result of a security breach that took place earlier this year.

article thumbnail

Why stateful machine learning could help cybersecurity efforts

Tech Republic Security

AI and machine learning have the potential to take a bite out of cybercrime, but let's not forget the human factor.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ransomware Is Headed Down a Dire Path

WIRED Threat Level

2020 was a great year for ransomware gangs. For hospitals, schools, municipal governments, and everyone else, it’s going to get worse before it gets better.

article thumbnail

6 Questions Attackers Ask Before Choosing an Asset to Exploit

Threatpost

David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses.

InfoSec 129

More Trending

article thumbnail

CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA)’s Cloud Forensics team has released a PowerShell-based tool, dubbed Sparrow , that can that helps administrators to detect anomalies and potentially malicious activities in Azure/Microsoft 365 environments.

article thumbnail

Japanese Aerospace Firm Kawasaki Warns of Data Breach

Threatpost

The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data.

article thumbnail

SolarWinds hackers aimed at access to victims’ cloud assets

Security Affairs

Microsoft says that SolarWinds hackers aimed at compromising the victims’ cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The Microsoft 365 Defender Team revealed that the goal of the threat actors behind the SolarWinds supply chain attack was to move to the victims’ cloud infrastructure once infected their network with the Sunburst /Solorigate backdoor. “With this initial widespread foothold, the attackers can then pick and choose the specific orga

Hacking 103
article thumbnail

My 2021 cloud computing New Year’s resolutions

InfoWorld on Security

Typical New Year’s resolutions focus on personal and professional development—ways to improve. Although I certainly have personal goals of no interest to anyone but myself, I also have some related to the cloud computing profession. I’ll share them in hopes that a few of you will adopt these efforts as well. Teach more people about cloud computing.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Serious Privacy Podcast – The Best of 2020: When Privacy Got Serious

TrustArc

We look back to January 2020 – with no crystal ball for Serious Privacy with Paul Breitbarth and K Royal. With 47 episodes and over 25,000 downloads, Season 1 of Serious Privacy is complete. Thank you to our fans! Season 2 starts Global Privacy Day 2021. Our initial ideas were a little different, but K and Paul found their rhythm and a following. […].

98
article thumbnail

Reducing the Risk of Third-Party SaaS Apps to Your Organization

Dark Reading

Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.

Risk 112
article thumbnail

Bring on 2021!

McAfee

With 2021 approaching, it is a time to both reflect on the outstanding progress we have each made – personally and professionally, and warmly welcome a new chapter in 2021!? . 2020 has been one of the most unexpected years in our history. However, despite COVID-19, we had some amazing successes. . January brought McAfee our new CEO – Peter Leav.

article thumbnail

US Treasury warns of ransomware attacks on COVID-19 vaccine research

Security Affairs

The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns of ransomware attacks on COVID-19 vaccine research organizations. The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a noticed to warn financial institutions of ransomware attacks aimed at COVID-19 vaccine research organizations. “The Financial Crimes Enforcement Network (FinCEN) is issuing this Notice to alert financial institutions about the potential for fraud, ran

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Lawsuit Claims Flawed Facial Recognition Led to Man’s Wrongful Arrest

Threatpost

Black man sues police, saying he was falsely ID’d by facial recognition, joining other Black Americans falling victim to the technology’s racial bias.

Software 102
article thumbnail

India: A Growing Cybersecurity Threat

Dark Reading

Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.

article thumbnail

Infrastructure as Code: Is It as Secure as It Seems?

SecurityTrails

What is Infrastructure as Code, main advantages and risks of IAC, and find the best tools to detect IAC security vulnerabilities.

Risk 98
article thumbnail

Mac Attackers Remain Focused Mainly on Adware, Fooling Users

Dark Reading

Despite reports that Macs have encountered more threats than Windows systems, the platform still sees far fewer exploits and malware - including ransomware.

Adware 96
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

21 arrested after allegedly using stolen logins to commit fraud

We Live Security

UK police also give some food for thought to those on the verge of breaking the law. The post 21 arrested after allegedly using stolen logins to commit fraud appeared first on WeLiveSecurity.

article thumbnail

Security Awareness Training – Time for a Change in Philosophy?

Security Weekly

The post Security Awareness Training – Time for a Change in Philosophy? appeared first on Security Weekly.

article thumbnail

Hacking Christmas Gifts: Remote Control Cars

The State of Security

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye […]… Read More.

Hacking 69
article thumbnail

2020 Work-for-Home Shift: What We Learned

Threatpost

Threatpost explores 5 big takeaways from 2020 -- and what they mean for 2021.

Mobile 103
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Digital Footprint Intelligence Report

SecureList

Introduction. The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region: Bahrain, Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Sudan, Syria, Turkey, UAE, Yemen. The data presented in this report was collected through Kaspersky’s own threat research and analysis mechanism and various other open sources during Q3 2020.

Banking 72
article thumbnail

Feelings Have No Place in the World of Security

PerezBox Security

The quickest, and arguably most effective way, to compromise an organization is via social engineering. Social engineering in the digital sphere is almost always synonymous with some form of Phishing. Read More. The post Feelings Have No Place in the World of Security appeared first on PerezBox.

article thumbnail

Setting Up a New eCommerce Site? 5 Tips for Securing It

GlobalSign

Every day, hackers are looking at new ways to steal customer and corporate information for their own gain. Which is why you want to protect your eCommerce site now and in the future.

article thumbnail

A Holiday Message

ForAllSecure

Irrespective of what industry you’re in and where you’re located in this world, 2020 has been an unexpectedly eventful year. Ranging from the state of global health to national politics to social justice, the challenges we continue to face have rested heavy on our minds, hearts, and souls. Yet, in all of this, I also see the good that’s happened in 2020.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

How Can We Vaccinate Our Networks?

Security Weekly

The post How Can We Vaccinate Our Networks? appeared first on Security Weekly.

article thumbnail

A Holiday Message

ForAllSecure

Irrespective of what industry you’re in and where you’re located in this world, 2020 has been an unexpectedly eventful year. Ranging from the state of global health to national politics to social justice, the challenges we continue to face have rested heavy on our minds, hearts, and souls. Yet, in all of this, I also see the good that’s happened in 2020.

article thumbnail

Top 10 Data Breaches of All Time

SecureWorld News

One of the first hacks to get widespread public attention in the United States and Canada occurred on the night of April 27, 1986. Millions of HBO subscribers in the eastern time zone were watching the film Falcon and the Snowman when their screens suddenly displayed this message instead of the movie: "Captain Midnight" hacked the HBO signal and beamed his gripes about pricing to the world for 4 1/2 minutes.