The Last Watchdog

MAY 13, 2021

In a day and age when the prime directive for many organizations is to seek digital agility above all else, cool new apps get conceived, assembled and deployed at breakneck speed. Related: DHS instigates 60-day cybersecurity sprints. Software developers are king of the hill; they are the deeply-committed disciples pursuing wide open, highly dynamic creative processes set forth in the gospels of DevOps and CI/CD.

Penetration Testing 140

Penetration Testing Digital transformation Software Architecture 140

Bleeping Computer

MAY 13, 2021

Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data. [.].

Ransomware 145

Ransomware Encryption 145

Security Boulevard

MAY 13, 2021

Every effective PII protection effort addresses three critical imperatives – data discovery, access governance and risk mitigation. IT teams grappling with privacy mandates need to consider these factors across their unstructured and structured data contexts. And while regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) outline expectations.

Unstructured Data 127

Unstructured Data Government Risk Cybersecurity 127

Bleeping Computer

MAY 13, 2021

US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular Codecov code coverage tool. [.].

Cybersecurity 144

Cybersecurity 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 13, 2021

Canonical has made it easy for admins to join Ubuntu Desktop to Active Directory domains. Jack Wallen walks you through the steps.

136

136

Bleeping Computer

MAY 13, 2021

President Biden signed an executive order Wednesday to modernize the country's defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations. [.].

Cybersecurity 143

Cybersecurity Government 143

Bleeping Computer

MAY 13, 2021

Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. [.].

VPN 133

VPN Mobile Software 133

We Live Security

MAY 13, 2021

The operation was carried out against an organized group that used online trading platforms to swindle victims out of US$36 million. The post European police bust major online investment fraud ring appeared first on WeLiveSecurity.

Cybercrime 123

Cybercrime 123

Bleeping Computer

MAY 13, 2021

Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that hits its network during late March and disrupted online services and business operations. [.].

Insurance 132

Insurance Ransomware 132

CSO Magazine

MAY 13, 2021

DarkSide is a ransomware threat that has been in operation since at least August 2020 and was used in a cyberattack against Georgia-based Colonial Pipeline , leading to a major fuel supply disruption along the East Coast of the US. The malware is offered as a service to different cybercriminals through an affiliate program and, like other prolific ransomware threats, employs double extortion that combines file encryption with data theft and is deployed on compromised networks using manual hackin

Ransomware 118

Ransomware Encryption Malware Hacking 118

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

MAY 13, 2021

Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [.].

Malware 121

Malware Passwords Engineering 121

Malwarebytes

MAY 13, 2021

Someone has found an extraordinary way to exfiltrate data by piggybacking data on the backs of unsuspecting iPhones. Say what? A researcher has found out that it is possible to upload arbitrary data from non-internet-connected devices by sending Bluetooth Low Energy (BLE) broadcasts to nearby Apple devices that will happily upload the data for you. To demonstrate their point, they released an ESP32 firmware that turns the micro-controller into an (upload only) modem.

Internet 117

Internet Internet Firmware Mobile 117

Security Boulevard

MAY 13, 2021

Fueled by the shift to remote and hybrid work environments and the need to digitally transform business during the global Read More. The post AWS vs. Azure vs. Google Cloud: Comparing Cloud Platforms appeared first on Kaseya. The post AWS vs. Azure vs. Google Cloud: Comparing Cloud Platforms appeared first on Security Boulevard.

Digital transformation 116

Digital transformation 116

Bleeping Computer

MAY 13, 2021

Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [.].

Malware 115

Malware Engineering 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SecureWorld News

MAY 13, 2021

Here is something you never want to hear about your company after a ransomware attack: “I mean, an eighth-grader could have hacked into that system.”. Which company was this person speaking about? Colonial Pipeline. The person speaking authored a $1.8 million dollar information governance report for the company which uncovered, “a patchwork of poorly connected and secured systems.”.

Hacking 117

Hacking Ransomware Government Cybersecurity 117

Bleeping Computer

MAY 13, 2021

A new ransomware operation known as Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars in ransoms. [.].

Ransomware 121

Ransomware 121

The State of Security

MAY 13, 2021

Ofwat, the water services regulator for England and Wales, has revealed that it has received over 20,000 spam and phishing emails so far this year. The Water Services Regulation Authority (better known as Ofwat) which is the government department responsible for regulating the privatised water and sewage industry in England and Wales, said it had […]… Read More.

Phishing 114

Phishing Government 114

Bleeping Computer

MAY 13, 2021

Colonial Pipeline Company has recovered quickly from the ransomware attack suffered less than a week ago and expects all its infrastructure to be fully operational today. [.].

Ransomware 112

Ransomware 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

MAY 13, 2021

This blog post was authored by Jérôme Segura. Web skimming continues to be a real and impactful threat to online merchants and shoppers. The threat actors in this space greatly range in sophistication from amateurs all the way to nation state groups like Lazarus. In terms of security, many e-commerce shops remain vulnerable because they have not upgraded their content management software (CMS) in years.

Malware 111

Malware Hacking Software Cybercrime 111

CSO Magazine

MAY 13, 2021

Capping a dramatic week that saw major oil pipeline provider Colonial Pipeline crippled by a ransomware attack , the Biden administration released a highly anticipated, far-reaching and complex Executive Order on Improving the Nation's Cybersecurity. The executive order (EO) aims to chart a "new course to improve the nation's cybersecurity and protect federal government networks.

Cybersecurity 110

Cybersecurity Government Ransomware 110

Security Affairs

MAY 13, 2021

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption.

Ransomware 112

Ransomware Healthcare Phishing Risk 112

SC Magazine

MAY 13, 2021

Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10. (Microsoft). Microsoft fixed four critical vulnerabilities Tuesday , none of which to date are being exploited in the wild. Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10.

Risk 108

Risk Internet Internet Marketing 108

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

MAY 13, 2021

According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key.

Malware 123

Malware 123

Security Boulevard

MAY 13, 2021

When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of the most crucial tools in Sucuri’s arsenal. It’s paramount in maintaining an effective security product for our customers and analysts alike. This crucial tool handles tasks like issuing security warnings and alerts to our clients, notifying them that they have been compromised, and assisting our analysts in detecting new and emerging varia

Malware 106

Malware Education Hacking 106

Zero Day

MAY 13, 2021

The payment was reportedly made soon after the attack began. It wasn’t enough to stop the disruption.

Ransomware 142

Ransomware 142

Bleeping Computer

MAY 13, 2021

The Windows 10 KB5003173 cumulative update may fail to install with an error 0x800f0922 if Microsoft Edge has been previously uninstalled. [.].

118

118

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

MAY 13, 2021

Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest in a long list of cybercrimes capitalizing on the coronavirus pandemic.

Cybercrime 106

Cybercrime Marketing 106

Security Boulevard

MAY 13, 2021

Immersive Labs research also shows only 44% of security teams believe their application build environment could withstand an attack similar to SolarWinds BOSTON, MA — May 13, 2021 — Immersive Labs, the company empowering organizations to measure and improve people’s cyber capabilities, today released a report with Osterman Research outlining the human factors preventing.

105

105

eSecurity Planet

MAY 13, 2021

Oil and gas companies have two key areas of concern when addressing cybersecurity, especially in their unmanned remote facilities. They have to supply physical security that denies access to the cyber-physical assets, and they sometimes must employ several cyber defenses depending on the device or system in question. So when you are looking at doing a Zero Trust deployment for critical infrastructure, it is important to be mindful of the fact that a site’s physical security is typically th

Digital transformation 103

Digital transformation Technology Ransomware IoT 103

Security Boulevard

MAY 13, 2021

President Biden’s Cybersecurity Executive Order requires new software security standards and best practices. Learn what you can do to prepare now. The post Cybersecurity Executive Order requires new software security standards appeared first on Software Integrity Blog. The post Cybersecurity Executive Order requires new software security standards appeared first on Security Boulevard.

Software 104

Software Cybersecurity 104

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.