Fri.Jul 02, 2021

article thumbnail

More Russian Hacking

Schneier on Security

Two reports this week. The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.

Hacking 361
article thumbnail

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD. Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who ca

Firmware 340
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Container security: How to get the most out of best practices

Tech Republic Security

Containers are complex virtual entities that provide proven benefits to the business but also require strong security guidelines. Learn how to get the most out of container security best practices.

199
199
article thumbnail

How to bypass the Windows 11 TPM 2.0 requirement

Bleeping Computer

Microsoft now requires a computer to have a TPM 2.0 module to install Windows 11. However, new Registry entries have been discovered that allow you to bypass the TPM requirement and minimum memory and secure boot requirements. [.].

145
145
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

You don't have to be a tech expert to become a cybersecurity pro

Tech Republic Security

Attention to detail, creativity and perseverance are key traits for a good white hat hacker. These positions are in high demand.

article thumbnail

One Medical: Sorry-not-Sorry for Leaking your Personal Info

Security Boulevard

Primary care med-tech firm One Medical sent email to countless customers, with hundreds of other customer email addresses visible in the To: field. The post One Medical: Sorry-not-Sorry for Leaking your Personal Info appeared first on Security Boulevard.

More Trending

article thumbnail

Shutdown Kaseya VSA servers now amidst cascading REvil attack against MSPs, clients

Malwarebytes

A severe ransomware attack reportedly taking place now against the popular Remote Monitoring and Management software tool Kaseya VSA has forced Kaseya into offering urgent advice: Shutdown VSA servers immediately. “We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today,” Kaseya wrote on Friday afternoon.

article thumbnail

Twitter now lets users set security keys as the only 2FA method

We Live Security

You can now secure your account with a physical security key as your sole 2FA method, without any additional 2FA option. The post Twitter now lets users set security keys as the only 2FA method appeared first on WeLiveSecurity.

article thumbnail

US insurance giant AJG reports data breach after ransomware attack

Bleeping Computer

Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. [.].

Insurance 143
article thumbnail

Phishing attack targets DocuSign and SharePoint users

SC Magazine

DocuSign Headquarters. (Coolcaesar is licensed under CC BY-SA 4.0 ). Researchers reported on Friday that cybercriminals are mimicking legitimate correspondence to actively target popular cloud applications DocuSign and SharePoint in phishing attacks designed to steal user log-in credentials. In a blog by the Bitdefender Antispam Lab, the researchers said most of the emails use COVID-19 as a way to dupe users into clicking on a bogus document.

Phishing 136
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft warns of critical PowerShell 7 code execution vulnerability

Bleeping Computer

Microsoft warns of a critical.NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in in.NET 5 and.NET Core. [.].

145
145
article thumbnail

Widespread Brute-Force Attacks Tied to Russia’s APT28

Threatpost

The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.

Passwords 133
article thumbnail

Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang?

Security Affairs

Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet. The Trickbot botnet was used by threat actors to spread the Ryuk and Conti ransomware families, experts noticed similarities between Diavol and Conti threat

article thumbnail

REvil ransomware hits 200 companies in MSP supply-chain attack

Bleeping Computer

A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack. [.].

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

CISA Offers New Mitigation for PrintNightmare Bug

Threatpost

CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment.

article thumbnail

US and UK issue rare joint guidance in response to Russian GRU brute force campaign

CSO Magazine

The United States and the United Kingdom cyber and law enforcement entities (NSA, FBI, CISA and NCSC) have joined forces to protect enterprises in their respective nations and the globe, with the July 1 issuance of defensive guidance regarding Russian the intelligence service’s targeting and attack methodologies. While bilateral sharing of information between the US and UK intelligence services occurs daily, the public sharing of their joint perspective and guidance is especially noteworthy and

CISO 129
article thumbnail

Small Business and the Importance of Simplified Email Security

Cisco Security

Cisco Secure Email Cloud Mailbox was built with one guiding principle – simplicity. Of course, it’s easy for us to talk about the benefits of our cloud-native email security product and how easy it is to use. But don’t just take it from us! Every day, our customers are reaping the benefits of enhanced email security, which in turn increases productivity, profitability, and overall organizational functionality.

article thumbnail

REvil ransomware hits 1,000+ companies in MSP supply-chain attack

Bleeping Computer

A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack. [.].

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsoft urges Azure users to update PowerShell to fix RCE flaw

Security Affairs

Microsoft is urging Azure users to update PowerShell to address a remote code execution vulnerability that was fixed earlier this year. Microsoft is recommending its Azure users to update PowerShell versions 7.0 and 7.1 to protect against a high severity remote code execution vulnerability tracked as CVE-2021-26701. The IT giant is inviting the PowerShell task automation tool to versions 7.0.6 or 7.1.3 as soon as possible. “If you manage yoiur Azure resources from PowerShell version 7.0 or

Hacking 127
article thumbnail

Barracuda Networks Acquires SKOUT Cybersecurity

Security Boulevard

Barracuda Networks this week extended the scope of its cybersecurity portfolio by agreeing to acquire SKOUT Cybersecurity. SKOUT’s security operations center (SOC) service and extended detection and response (XDR) software is primarily made available via managed service providers (MSPs). Terms of the acquisition were not disclosed. Neal Bradbury, vice president of MSP strategic partnerships at.

article thumbnail

Business Operations Could Be Seriously Affected by USB Threats

Heimadal Security

According to Honeywell Cybersecurity Research, USB threats that can severely affect business operations grew notably during a disruptive year when the usage of removable media and network connectivity also increased. The study shows that 37% of threats were specifically designed to utilize removable media, which nearly doubled from 19% last year. USB Threats Could Critically […].

Media 124
article thumbnail

DC and Marvel superheroes top breached password lists

Tech Republic Security

Even our favorite superheroes can't defend us against cyberattacks.

Passwords 176
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Can Your Data Protection Software Recover from Modern Ransomware?

Security Boulevard

Your nightmare has come true. Your organization was just attacked by ransomware. They have crippled your networks, corrupted your Active Directory, encrypted business critical documents, and disabled production databases. Now the recovery clock starts. How quickly can your business return to some sense of normalcy? Do you notify your partners, vendors, customers, the public?

Software 123
article thumbnail

Beware password-spraying fancy bears

Malwarebytes

The NSA, FBI, and CISA, in cooperation with the UK’s National Cyber Security Centre (NCSC), have issued a report that describes in detail why, and how, they think that a Russian military unit is behind large-scale brute-force attacks on the cloud-IT resources of government and private sector companies around the world. The report states: Since at least mid-2019 through early 2021, Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military u

Passwords 120
article thumbnail

TrickBot Spruces Up Its Banking Trojan Module

Threatpost

After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot is getting back into the bank-fraud game.

Banking 125
article thumbnail

New Google Scorecards Tool Scans Open-Source Software for More Security Risks

The Hacker News

Google has launched an updated version of Scorecards, its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis.

Software 117
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks

Threatpost

Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry.

article thumbnail

Kaseya VSA app may be under active attack, as company tells customers to shutdown

SC Magazine

It’s unclear at this time which specific managed service providers (and which of their server rooms) has been affected by what appears to be an attack on Kaseya’s VSA unified remote monitoring & management software. (server room as photographed by Acirmandello/ CC BY-SA 4.0 ). The remote IT management and monitoring application VSA may be under active attack by a ransomware group that has hit multiple managed service providers today.

Media 115
article thumbnail

Actively exploited PrintNightmare zero-day gets unofficial patch

Bleeping Computer

Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform. [.].

120
120
article thumbnail

Kaseya VSA systems under active attack, as company tells customers to shutdown

SC Magazine

It’s unclear at this time which specific managed service providers (and which of their server rooms) has been affected by what appears to be an attack on Kaseya’s VSA unified remote monitoring & management software. (server room as photographed by Acirmandello/ CC BY-SA 4.0 ). Editor’s note: This story has been updated to reflect the latest details of the situation as they emerge.

Media 110
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.