Thu.Jul 01, 2021

article thumbnail

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and i

article thumbnail

Insurance and Ransomware

Schneier on Security

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

Insurance 275
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Threat Model Thursday: 5G Infrastructure

Adam Shostack

The US Government’s lead cybersecurity agencies (CISA, NSA, and ODNI) have released an interesting report, Potential Threat Vectors To 5G Infrastructure. ( Press release ), and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn. The first thing I look for is a statement about who did the work and why.

article thumbnail

Awareness of cyberattacks and cybersecurity may be lacking among workers

Tech Republic Security

A survey of business professionals by Armis points to a lack of knowledge about recent incidents and proper cyber hygiene.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

What is the dark web? How to access it and what you'll find

CSO Magazine

Dark web definition. The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period in 2015 and found that 57% host illicit material.

article thumbnail

The possible reasons Google is moving away from APKs on Android

Tech Republic Security

Google has announced it is moving away from the APK format for Android apps. Jack Wallen offers his opinion on why this could be happening.

152
152

More Trending

article thumbnail

How to set Google Search History to auto-delete on Android

Tech Republic Security

If you don't like the idea of your Android search history being saved, Jack Wallen wants to show you how to set it to auto-delete.

156
156
article thumbnail

Microsoft shares mitigations for Windows PrintNightmare zero-day bug

Bleeping Computer

Microsoft says in a newly released security advisory that the Windows Print Spooler zero-day vulnerability known as PrintNightmare has already been exploited in the wild by threat actors. [.].

144
144
article thumbnail

Can Managed Security Keep Businesses Safer?

Security Boulevard

In the last two decades, the cybersecurity industry has grown from a niche sector into a dominant force in the business world. Today, Gartner predicts that cybersecurity spending will reach $150 billion this year, almost double what was predicted in 2015. These figures highlight that the cybersecurity industry is growing exponentially and that cybersecurity protection.

article thumbnail

Babuk ransomware is back, uses new version on corporate networks

Bleeping Computer

After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate networks. [.].

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

PrintNightmare zero day exploit for Windows is in the wild – what you need to know

Graham Cluley

Proof-of-concept code has been accidentally released for a zero-day vulnerability in Windows Print Spooler, in the mistaken belief that Microsoft had patched it. D'oh!

Malware 145
article thumbnail

3 Steps to Strengthen Your Ransomware Defenses

The Hacker News

The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines.

article thumbnail

CISA: Disable Windows Print Spooler on servers not used for printing

Bleeping Computer

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing. [.].

article thumbnail

NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers

The Hacker News

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the U.K.

Hacking 131
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Cyber Threat to UK Populace from latest WhatsApp Scam

CyberSecurity Insiders

UK’s Law enforcement department has issued a fresh set to of warning to all UK populace who are using popular messaging service WhatsApp. The alert is related to a widespread scam that is targeting users on the said video and image sharing service. Going by the details of the scam provided by the British National Crime Agency, scamsters are seen targeting WhatsApp users in disguise of a known contact.

article thumbnail

Privacy Takes a Hit In the High Court

Security Boulevard

One of the earliest “privacy” laws in the United States is, surprisingly, the Fair Credit Reporting Act. Back during the Nixon Administration, Congress passed a law that gave people the right to see what was on their credit report, to contest inaccuracies on their reports and to ensure that the information on their credit report. The post Privacy Takes a Hit In the High Court appeared first on Security Boulevard.

article thumbnail

WARZONE RAT – Beware Of The Trojan Malware Stealing Data Triggering From Various Office Documents

Quick Heal Antivirus

Warzone RAT is part of an APT campaign named “Confucius.” Confucius APT is known to target government sectors. The post WARZONE RAT – Beware Of The Trojan Malware Stealing Data Triggering From Various Office Documents appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Malware 131
article thumbnail

Vulnerabilities Found in a WordPress Plugin Are Posing Remote Code Execution Risks

Heimadal Security

Multiple WordPress plugin vulnerabilities that got assigned a CVSS score of 9.8 were discovered in May by the researchers at Wordfence. These vulnerabilities made it possible for an attacker to escalate its user privileges and upload malicious code, resulting in the complete takeover of a WordPress site. The plugin we are talking about is ProfilePress, which was […].

Risk 131
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Twitter now lets you use security keys as the only 2FA method

Bleeping Computer

Twitter now lets users use security keys as the only two-factor authentication (2FA) method while having all other methods disabled, as the social network announced three months ago, in March. [.].

article thumbnail

Do cybercriminals play cyber games in quarantine? A look one year later

SecureList

Last year, we decided to take a look at how the pandemic influenced the gaming industry and what new threats gamers could be facing. What we found was that, with the transition to remote work and remote learning, the number of blocked attempts to visit malicious game-related websites or follow malicious links from legitimate game-related websites and forums, increased by more than 50%.

Antivirus 127
article thumbnail

VirusTotal ordered to reveal private info of stolen HSE data downloaders

Bleeping Computer

An Irish court has ordered VirusTotal to provide the information of subscribers who downloaded or uploaded confidential data stolen from Ireland's national health care service during a ransomware attack. [.].

article thumbnail

US CISA releases a Ransomware Readiness Assessment (RRA) tool

Security Affairs

The US CISA has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA) , a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool ( CSET ).

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

NSA: Russian GRU hackers use Kubernetes to run brute force attacks

Bleeping Computer

The National Security Agency (NSA) warns that Russian nation-state hackers are conducting brute force attacks to access US networks and steal email and files. [.].

article thumbnail

Data Exfiltration: What You Should Know to Prevent It

Threatpost

Data leaks are a serious concern for companies of all sizes; if one occurs, it may put them out of business permanently. Here's how you can protect your organization from data theft.

118
118
article thumbnail

The Network is Key to Securing the Everywhere Perimeter

Security Boulevard

In light of surging ransomware cases and recent high-profile cyberattacks like those on SolarWinds, Colonial Pipeline, and meat supplier JBS, enterprise security teams may fall into the trap of thinking, “more defenses are better.” They implement an arsenal of point solutions, hoping their bases will be covered. The reality is, an organization can spend as.

article thumbnail

Should the CISO Report to the CIO?

Cisco Security

The Chief Information Security Officer (CISO) is the organization’s senior executive in charge of the cybersecurity and the information technology risk management posture of the enterprise. He or she is a seasoned executive who must be equally adept at leading the myriad technology functions associated with protecting the enterprise’s information and data from misuse and compromise, as well as at managing the deeper business aspects of the role, such as hiring, developing, and retaining qualifie

CISO 112
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

BrandPost: Why You Need a New Approach to Contain Phishing Attacks

CSO Magazine

Despite advancements in anti-phishing techniques and employee training, phishing attacks are increasingly popular. That’s because they work so well. After all, employees need to click on links to do their jobs, and social engineering makes phishing links difficult to identify. Phishing links are particularly effective because malicious websites are numerous and short-lived.

Phishing 112
article thumbnail

Google Chrome will get an HTTPS-Only Mode for secure browsing

Bleeping Computer

Google is working on adding an HTTPS-Only Mode to the Chrome web browser to protect users' web traffic from eavesdropping by upgrading all connections to HTTPS. [.].

130
130
article thumbnail

Smashing Security podcast #234: Cozy Bear, dildo scams, and robo hires and fires

Graham Cluley

Microsoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from "Amazon". And you will NOT want to miss checking out a very special "Pick of the week"! All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson.

Scams 111
article thumbnail

SMS authentication code includes ad: a very bad idea

Malwarebytes

SMS authentication codes are back in the news, and the word I’d use to summarise their reappearance is “embattled.” I can still remember a time where two-factor authentication (2FA), authentication grids, regional lockouts, Yubikeys, and offline authentication apps simply did not exist. And if they did , people out there sitting next to you, or on the bus, or in your office, typically did not use them.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.