Wed.Jul 14, 2021

article thumbnail

China Taking Control of Zero-Day Exploits

Schneier on Security

China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer.

article thumbnail

These states saw the most hacks in 2020

Tech Republic Security

A report uses FBI data to parse out state-by-state hacking data by the number of victims and total financial losses for every 100,000 residents.

Hacking 207
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at Norbert Wiener in the 21st Century , a virtual conference hosted by The IEEE Society on Social Implications of Technology (SSIT), July 23-25, 2021. I’m speaking at DEFCON 29 , August 5-8, 2021. I’m speaking (via Internet) at SHIFT Business Festival in Finland, August 25-26, 2021.

Internet 264
article thumbnail

Personal data compromises up 38%, according to new cybersecurity report

Tech Republic Security

The report parses out data by industry. Overall, healthcare topped the list, followed by financial services and manufacturing and utilities.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

LuminousMoth APT: Sweeping attacks for the chosen few

SecureList

APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the victims’ identities or environment. It’s not often we observe a large-scale attack conducted by actors fitting this profile, usually due to such attacks being noisy, and thus putting the underlying operation at risk of being comprom

Malware 144
article thumbnail

Tokyo 2020 Olympics must be extra secure to avoid cyberattacks and ransomware

Tech Republic Security

Any big event is likely to attract bad actors. Keeping the games safe from attack is a huge undertaking for event planners.

More Trending

article thumbnail

IoT projects demand new skills from IT project managers

Tech Republic Security

If you think regular IT project managers can run IoT projects, you might be miscalculating. Here's why.

IoT 212
article thumbnail

Google: four zero-day flaws have been exploited in the wild

Security Affairs

Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser engine.

article thumbnail

Kaspersky: LuminousMoth spearphishing campaign hit 1,500 targets in Asia

Tech Republic Security

Security researchers think HoneyMyte is behind the advanced persistent threat that has mostly targeted government entities.

article thumbnail

Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack

We Live Security

The latest Patch Tuesday brings a new batch of security updates addressing a total of 117 vulnerabilities. The post Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack appeared first on WeLiveSecurity.

139
139
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Acquisition news trending in the world of Mobile Security and Cloud

CyberSecurity Insiders

Motorola Solutions had made a formal announcement yesterday that it is going to acquire cloud based mobile security firm Openpath Security for an undisclosed amount. Trade analysts say that the former will integrate the innovative authentication technology of the latter to lead the access control industry. “Digitally securing a business in this highly sophisticated world is not that easy,” said Greg Brown, CEO of Motorola Solutions.

Mobile 138
article thumbnail

Arrests of members of Tetrade seed groups Grandoreiro and Melcoz

SecureList

Spain’s Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz (also known as Mekotio) cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella , operating for a few years now in Latin America and Western Europe. Grandoreiro is a banking Trojan malware family that initially started its operations in Brazil.

Banking 137
article thumbnail

Meaningful security metrics

CyberSecurity Insiders

Security metrics are vital for you as a security leader to track the progress of your security program and have effective risk-focused conversations with business and operations stakeholders. Security metrics pave the way for security initiatives, facilitate resource, help communicate resource allocation and help communicate results with relevant stakeholders throughout the organization.

CISO 138
article thumbnail

Zero-Trust for the Post-Pandemic World

Security Boulevard

More than a year after the start of the COVID-19 pandemic, we’re seeing most companies either maintaining their remote work policies or slowly moving to a hybrid work model. In fact, an estimated 36.2 million Americans will be working remotely by 2025, which is nearly double pre-pandemic levels. Alongside this shift, 2020 brought a sharp. The post Zero-Trust for the Post-Pandemic World appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

BazarBackdoor sneaks in through nested RAR and ZIP archives

Bleeping Computer

Security researchers caught a new phishing campaign that tried to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file. [.].

Phishing 143
article thumbnail

Securing CI/CD pipelines: 6 best practices

CSO Magazine

Recent cyberattacks leveraging weaknesses in continuous integration/continuous delivery (CI/CD) pipelines and developer tooling warrant a need for increased security of the developer infrastructure. Prominently, the Codecov supply-chain attack has alerted everyone against storing secrets in CI/CD environment variables, no matter how safe the environment might be.

135
135
article thumbnail

An Overview of Basic WordPress Hardening

Security Boulevard

We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there are a plethora of different ways that site owners can lock down their website, in this post we are going to review the most basic hardening mechanisms that WordPress website owners can employ to improve their security.

Software 134
article thumbnail

BrandPost: 4 Factors That Should Be Part of Your Cybersecurity Strategy

CSO Magazine

During the past year, IT and network professionals at nearly every enterprise were forced into action as remote work became the norm following the arrival of the COVID-19 pandemic. This has resulted in large-scale change for remote-access architectures, as well as for cloud and cloud-delivered services. In many cases, there has been an increased adoption of software-as-a-service (SaaS) models.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Salt Security Report Highlights Prevalence of API Vulnerabilities

Security Boulevard

Salt Security, a provider of a platform for securing application programming interfaces (APIs), today published a report that reveals the existence of vulnerabilities in APIs in an unidentified platform employed widely in the financial services industry that could be easily compromised. Company researchers identified inadequate authorization for data access, inadequate authorization for function access, susceptibility.

article thumbnail

NIST’s EO-mandated software security guidelines could be a game-changer

CSO Magazine

Following a string of high-profile supply chain hacks, President Biden's wide-ranging executive order on cybersecurity (EO) issued on May 12 directed the National Institute of Standards and Technology (NIST) to produce guidance on a series of software security matters. First, the EO asked NIST to produce a definition of critical software , which it released at the end of June.

Software 132
article thumbnail

Hands on with Windows Terminal 1.10's new and useful features

Bleeping Computer

Microsoft released Windows Terminal Preview v1.10 today, and it comes with numerous handy improvements, including bold text support, Quake mode on the taskbar, easier access to the Command Palette, improved settings, and more. [.].

132
132
article thumbnail

Windows 11 hardware requirements will drive security update decisions

CSO Magazine

Microsoft announced its plans for the next version of Windows, called Windows 11. Built with security in mind, it will once again cause us to make hard decisions regarding investments in hardware and who will get the new operating system on new machines and who will not.

128
128
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Security in the Age of Increasing Cyberattacks

Security Boulevard

In June 2021, I was discussing with a colleague why, despite all the discourse about security, we continue to read about cybersecurity attacks. On that same day, the Belgian city of Liege announced that it had been the victim of a ransomware attack. During our chat, my colleague held up a golf ball and said, The post Security in the Age of Increasing Cyberattacks appeared first on Security Boulevard.

article thumbnail

Trickbot improve its VNC module in recent attacks

Security Affairs

Trickbot botnet is back, its authors implemented updates for the VNC module used for remote control of infected systems. The Trickbot botnet continues to evolve despite the operations conducted by law enforcement aimed at dismantling it. The authors recently implemented an update for the VNC module used for remote control over infected systems. In October, Microsoft’s Defender team, FS-ISAC , ESET , Lumen’s Black Lotus Labs , NTT , and Broadcom’s cyber-security division Symantec joined the force

Malware 123
article thumbnail

Barbary Pirates and Russian Cybercrime

Security Boulevard

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary Coast of northern Africa. The Barbary States had been the scourge of the seas for centuries. They raided coastal towns along the Mediterranean, British Isles and west African coasts to rob, pillage and. The post Barbary Pirates and Russian Cybercrime appeared first on Security Boulevard.

article thumbnail

Tokyo 2020 Olympics must be extra secure to avoid cyberattacks and ransomware

Tech Republic Security

Any big event is likely to attract bad actors. Keeping the games safe from attack is a huge undertaking for event planners.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Updated Joker Malware Floods into Android Apps

Threatpost

The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners.

Malware 138
article thumbnail

Home delivery scams get smarter – don’t get caught out

Naked Security

We've said it before, and we'll say it again: don't be in too much of a hurry for those home deliveries you're expecting!

Scams 139
article thumbnail

Effective Tools for Software Composition Analysis

Security Boulevard

Because companies are defined by their customers, we connected with IT Central Station for real user experiences with Sonatype’s Nexus Lifecycle and Nexus Firewall. Our second in the series, we first looked at benefits of data quality to Software Composition Analysis (SCA). Today, we continue with other benefits to individual developers and development teams.

Software 116
article thumbnail

Trickbot updates its VNC module for high-value targets

Bleeping Computer

The Trickbot botnet malware that often distributes various ransomware strains, continues to be the most prevalent threat as its developers update the VNC module used for remote control over infected systems. [.].

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.