Fri.Jun 11, 2021

article thumbnail

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announced 800 arrests based on text messages sent over the app.

article thumbnail

Weekly Update 247

Troy Hunt

Lots of stuff going on this week, beginning with me losing my mind try to get local control of IoT devices. I'm writing up a much more extensive blog post on this, suffice to say it's a complete mess and all of the suggestions I've had have been well-intentioned, but infeasible for various reasons. But as I say in the video, it has all been worth it and I do get a lot of enjoyment from playing with it all ??

IoT 223
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Fallout of EA source code breach could be severe, cybersecurity experts say

Tech Republic Security

Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA's death knell in the process.

article thumbnail

Tracking ransomware cryptocurrency payments: What now for Bitcoin?

We Live Security

Should we expect cybercriminals to ditch the pseudonymous cryptocurrency for other forms of payment that may be better at throwing law enforcement off the scent? The post Tracking ransomware cryptocurrency payments: What now for Bitcoin? appeared first on WeLiveSecurity.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

McDonald's suffers cyberattack in US, South Korea and Taiwan

Tech Republic Security

The restaurant chain reportedly said no U.S. customer data was exposed and the attack did not involve ransomware.

article thumbnail

Linux system service bug lets you get root on most modern distros

Bleeping Computer

Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. [.].

More Trending

article thumbnail

Nefilim Ransomware: Everything You Need to Know

Heimadal Security

It’s clear that ransomware is one of the biggest threats of today’s cyberscape and the only way to combat it is through information and better choices when it comes to how we use our endpoints and the Internet. For this article, we’ll have a closer look at the Nefilim ransomware strain. Nefilim Ransomware: History By […]. The post Nefilim Ransomware: Everything You Need to Know appeared first on Heimdal Security Blog.

article thumbnail

Cyber Resilience and Its Importance for Your Business

Security Boulevard

Cyber resilience helps businesses better defend against cyber crimes, mitigate risks and severity of attacks, and enables business continuity. Learn more. The post Cyber Resilience and Its Importance for Your Business appeared first on Security Boulevard.

Risk 139
article thumbnail

McDonald's discloses data breach after theft of customer, employee info

Bleeping Computer

McDonald's, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan. [.].

article thumbnail

EA’s Source: It’s in the Game (and in Hackers’ Hands)

Security Boulevard

Electronic Arts got hacked, and its source code stolen. Hackers took hundreds of gigabytes of game source code and tools. The post EA’s Source: It’s in the Game (and in Hackers’ Hands) appeared first on Security Boulevard.

Hacking 138
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Avaddon ransomware gang shuts down their operations and releases decryption keys

Security Affairs

The Avaddon ransomware gang has shut down its operations and released the decryption keys to allow victims to recover their files for free. Good news for the victims of the Avaddon ransomware gang , the cybercrime group has shut down its operations and provided the decryption keys to BleepingComputer website. The group has also shut down its servers and deleted profiles on hacking forums, they also shut down their leak site.

article thumbnail

Why Freelancers Should Prioritise Cybersecurity

Security Boulevard

Article by Beau Peters. As a freelancer in any industry, you are likely more susceptible to hackers and cybercrime than many other professions. Not only are you pulling in a constant stream of customer data, but as a worker on the go, you likely work exclusively in the digital realm with all of your information in the online space. That means that you are basically presenting data on a silver platter for cybercriminals to find and use for malicious purposes.

article thumbnail

Cyber Attack news trending on Google

CyberSecurity Insiders

First, a gaming company named Electronic Arts is trending on Google news headlines for becoming a victim of a cyberattack that leaked source codes and tools belonging to several of its popular games such as FIFA 21, Battlefield, Frostbite Engine, and Battle Tanks. Sources reporting to our Cybersecurity Insiders say that the hackers managed to gain access to nearly 750GB of data and stole it; only to post it on the dark web after few days.

article thumbnail

New DDoS extortion attacks detected as Fancy Lazarus group returns

CSO Magazine

Security researchers are tracking new DDoS extortion activity by threat actor group Fancy Lazarus. The attacks have been primarily targeting US and global organizations from a range of sectors including energy, financial, insurance, manufacturing, public utilities and retail. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ].

DDOS 128
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Reclaim Your Online Privacy | Avast

Security Boulevard

Millennials are the first “digital natives,'' people born into a world of digital tools. Every generation that follows will also grow up with touch screens, apps, and internet-connected devices as regular parts of life, but Millennials were the first to experience this new reality. The post Reclaim Your Online Privacy | Avast appeared first on Security Boulevard.

Internet 126
article thumbnail

REvil Hits US Nuclear Weapons Contractor: Report

Threatpost

"We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote.

article thumbnail

Al Jazeera detected and blocked disruptive cyberattacks

Security Affairs

Qatari government-funded international Arabic news channel Al Jazeera announced to have blocked a series of disruptive cyberattacks aimed at its news publishing platform. Qatari government-funded international Arabic news channel Al Jazeera announced to have blocked this week a series of cyberattacks that attempted to disrupt and take over some components of its news publishing platform. “Al Jazeera Media Network was subjected to a series of cyber hacking attempts to penetrate some of its

article thumbnail

New Cyber Espionage Group Targeting Ministries of Foreign Affairs

The Hacker News

Cybersecurity researchers on Thursday took the wraps off a new cyberespionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

An Eye-opener For Modern CISOs!

Security Boulevard

Every day a CISO spends their time almost entirely in protecting people, assets, and IT infrastructure. However, are they missing anything? Let’s find out! Don’t jump to any conclusion that CISOs are completely blind to the cyber threats surrounding them after reading the title of the blog. Let me remind you a CISO is doing […]. The post An Eye-opener For Modern CISOs!

CISO 124
article thumbnail

ALPACA – the wacky TLS security vulnerability with a funky name

Naked Security

Don't panic - this isn't another Heartbleed. But it's a fascinating reminder of why doing things the easy way isn't always the best way.

142
142
article thumbnail

Avaddon ransomware shuts down and releases decryption keys

Bleeping Computer

The Avaddon ransomware gang has shut down operation and released the decryption keys for their victims to BleepingComputer.com. [.].

article thumbnail

How to deactivate or delete your Facebook account

Malwarebytes

People worldwide use Facebook to connect with friends and family, and to engage in pointless debates with strangers over moderately amusing cat videos. But while some feel that the social media platform is an essential part of life, others find the data scandals and privacy issues disconcerting. For those who wish to take a break from Facebook either temporarily or permanently, instructions for deleting or deactivating your account are below.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

BrandPost: Nation States, Cyberconflict, and the Web of Profit.

CSO Magazine

HP recently announced the findings of a new study – Nation States, Cyberconflict, and the Web of Profit – showing that nation state cyberattacks are becoming more frequent, varied, and open, moving us closer to a point of “advanced cyberconflict” than at any time since the inception of the internet. The research – which was conducted by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and sponsored by HP – highlights there has been a 100% rise in “significant” nati

Media 120
article thumbnail

The Week in Ransomware - June 11th 2021 - Under Pressure

Bleeping Computer

It has been quite the week when it comes to ransomware, with ransoms being paid, ransoms being taken back, and a ransomware gang shutting down. [.].

article thumbnail

CEO-Level Guide to Prevent Data Hacking Technologies & Incidents

Security Affairs

The current era, where all data is digital, the threats of fraud, breach and data sprawl are more of a reality than ever. In these times, organizations not only take a hit because of the breached data and cyber threats, but also are heavily fined under global privacy regulations. These privacy regulations are in place to encourage security operations within organizations to protect their data from malicious intent.

article thumbnail

Week in security with Tony Anscombe

We Live Security

ESET Research dissects campaigns by the Gelsemium and BackdoorDiplomacy APT groups – Hacking an orbiting satellite isn't necessarily the stuff of Hollywood. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Hacking 114
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Network security firm COO charged with medical center cyberattack

Bleeping Computer

The former chief operating officer of Securolytics, a network security company providing services for the health care industry, was charged with allegedly conducting a cyberattack on Georgia-based Gwinnett Medical Center (GMC). [.].

article thumbnail

Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users

The Hacker News

Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices.

111
111
article thumbnail

DoJ announced to have shut down Slilpp marketplace in international operation

Security Affairs

The US Department of Justice seized the servers and domains of the popular cybercrime marketplace SlilPP. The US Department of Justice announced to have seized the infrastructure of SlilPP , a popular marketplace used by cybercriminals to buy and sell stolen login credentials. The seizure is the result of a multinational operation involving law enforcement agencies in the United States, Germany, the Netherlands, and Romania.

article thumbnail

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

The Hacker News

A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as CVE-2021-3560 (CVSS score: 7.8), the flaw affects polkit versions between 0.113 and 0.

106
106
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.