Mon.Nov 15, 2021

article thumbnail

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

The Last Watchdog

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

article thumbnail

Securing Your Smartphone

Schneier on Security

This is part 3 of Sean Gallagher’s advice for “securing your digital life.

Phishing 274
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How organizations are beefing up their cybersecurity to combat ransomware

Tech Republic Security

Most organizations surveyed by Hitachi ID are moving partly to software-as-a-service. Less than half have adopted a Zero Trust strategy.

article thumbnail

Book Sale: Click Here to Kill Everybody and Data and Goliath

Schneier on Security

For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath , both in paperback, for just $6 each plus shipping. I have 500 copies of each book available. When they’re gone, the sale is over and the price will revert to normal. Order here and here. Please be patient on delivery. It’s a lot of work to sign and mail hundreds of books.

191
191
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cybersecurity is a growing field that can benefit from hiring veterans

Tech Republic Security

There is a real need for "boots-on-the-ground" cybersecurity professionals, so why not tap into a pool of trained and motivated veterans?

article thumbnail

Looking for security in the wrong places

Javvad Malik

It’s an old economists’ joke. A person out walking at night comes across a man scrabbling on the floor under a lamppost. The man on the floor says he lost his keys. When asked when he dropped them he then replies, “Oh, I dropped them over there, but the light’s better here.” It’s an apt metaphor for how cyber security sometimes operates.

133
133

More Trending

article thumbnail

How encryption can help address Cloud misconfiguration

Thales Cloud Protection & Licensing

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

article thumbnail

Malicious shopping websites surge in number in advance of Black Friday

Tech Republic Security

More than 5,300 malicious websites have popped up each week, the highest since the start of 2021, says Check Point Research.

192
192
article thumbnail

North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro

The Hacker News

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets.

article thumbnail

Fake emails exploited FBI email service to warn of phony cyberattacks

Tech Republic Security

A hacker has taken responsibility for the compromise, saying they did it to highlight a vulnerability in the FBI's system.

191
191
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

As ransomware attacks rise, US government advice to protect K-12 schools is “vastly outdated”

Graham Cluley

With so many in the educational sector under attack, it's never been more important to ensure schools are properly defended against ransomware - and not relying on advice that is 11 years old. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Don't fall for LinkedIn phishing: How to watch for this credential-stealing attack

Tech Republic Security

Cybercriminals are now using LinkedIn to find a way into your files. Learn how to detect phishing on LinkedIn and protect yourself from it.

Phishing 168
article thumbnail

Emotet malware is back and rebuilding its botnet via TrickBot

Bleeping Computer

The Emotet malware was considered the most widely spread malware in the past, using spam campaigns and malicious attachments to distribute the malware. [.].

Malware 145
article thumbnail

8 tips for a standout security analyst resume

CSO Magazine

You’ve got your computer science degree from a prestigious university, a couple of security certifications that you earned the summer after you graduated, and almost a year’s experience working with a set of alert monitoring tools for a small company. In your spare time, you volunteer at the local animal shelter. You like your job, but you’d prefer to work remotely, and you’d ultimately like to move into more of a compliance role.

CSO 134
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels

Trend Micro

A total of 13 suspects believed to be members of two prolific cybercrime rings were arrested as a global coalition across five continents involving law enforcement and private partners, including Trend Micro, sought to crack down on big ransomware operators.

article thumbnail

New Microsoft emergency updates fix Windows Server auth issues

Bleeping Computer

Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server. [.].

article thumbnail

Enhancing AT&T SASE with Palo Alto Networks ‘as a Service’

CyberSecurity Insiders

A few months ago, I wrote a blog on “SASE as a Service” that described how managed services providers (MSPs) can be a catalyzing force for transforming to SASE and bridging the gap between networking and security teams. Since then, AT&T has released a series of managed SASE offers that bring together intelligent networking and cloud-based security in support of our customers.

article thumbnail

SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts

The Hacker News

Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed "SharkBot" by Cleafy, the malware is designed to strike a total of 27 targets — counting 22 unnamed international banks in Italy and the U.K.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Vulnerability Intelligence: What’s the Word in Dark Web Forums?

Digital Shadows

Note: This blog is part of a three-blog series on Vulnerability Intelligence that accompanies the release of Digital Shadows’ latest. The post Vulnerability Intelligence: What’s the Word in Dark Web Forums? first appeared on Digital Shadows.

article thumbnail

FBI Email—‘Threat Actor in Systems’—is Spam

Security Boulevard

Mountains of email spam, from a legit FBI address, were sent to victims by a pseudonymous hacker, Pompompurin. The post FBI Email—‘Threat Actor in Systems’—is Spam appeared first on Security Boulevard.

article thumbnail

Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic

The Hacker News

A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users.

article thumbnail

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Security Affairs

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. The company announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked just below 2 terabytes per second (Tbps), which is the largest attack Cloudflare has seen to date.

DDOS 126
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

How Target's CISO balances customer security and customer experience

CSO Magazine

Protecting consumers and their data while providing a good shopping experience has always been a challenge for retailers. Security measures such as multifactor authentication or challenge questions create friction in the buying process, but a breach that results in the loss of sensitive customer data could have a much bigger business impact than a few abandoned shopping carts.

CISO 123
article thumbnail

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking trojan named SharkBot. The name comes after one of the domains used for its command and control servers.

Banking 124
article thumbnail

FBI systems compromised to send out fake attack alerts

We Live Security

Hackers break into the Bureau’s email systems to send out at least 100,000 emails warning recipients of imminent cyberattacks. The post FBI systems compromised to send out fake attack alerts appeared first on WeLiveSecurity.

article thumbnail

FBI Email Servers hacked

CyberSecurity Insiders

The so-called Federal Bureau of Investigation (FBI), America’s most prestigious law enforcement organization, is facing embarrassment as hackers somehow crept into its email servers and sent 100,000 fake emails to many recipients- mostly innocent civilians. In what is known to our Cybersecurity Insiders, the hack occurred because of a mis-configuration in the email server of the federal organizations that made many individuals receive spammed emails coming from departments such as Homeland Secur

Hacking 123
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Cybersecurity for Sports and Entertainment

Security Boulevard

As operations at sports stadiums become more dependent on data centers and online networks, and as the performance metrics and health data of athletes become more vulnerable to illicit exposure or alteration, the $80 billion industry of competitive sports has become increasingly vulnerable to cyberattacks. Much like many other businesses across industries, they are generating.

article thumbnail

Operation Reacharound – Emotet malware is back

Security Affairs

The Emotet botnet is still active, ten months after an international operation coordinated by Europol shut down its infrastructure. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation , named Operation Ladybird , which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. .

Malware 120
article thumbnail

3 reasons devops must integrate agile and ITSM tools

InfoWorld on Security

Many organizations follow devops principles and want to transform into devops cultures. Some of the key practices include version control , continuous integration and delivery ( CI/CD ), infrastructure as code ( IaC ), applying machine learning in operations ( AIops ), and continuous testing. More advanced teams also focus on continuous planning , architecting cloud-native applications , developing microservices , controlling code with feature flags , promoting shift-left security practices , es

120
120
article thumbnail

Post-pandemic growth starts with understanding risk

Trend Micro

The digital transformations that accompanied the pandemic are here to stay. To succeed in the post-pandemic era, organizations must come to a shared understanding about cybersecurity as a critical element of business risk.

Risk 114
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.