Mon.Apr 05, 2021

article thumbnail

Wi-Fi Devices as Physical Object Sensors

Schneier on Security

The new 802.11bf standard will turn Wi-Fi devices into object sensors: In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals. “When 802.11bf will be finalized and introduced as an IEEE standard in September 2024, Wi-Fi will cease to be a communication-only standard and will legitimately become a full-fledged sensing paradigm,” explains Fra

Wireless 299
article thumbnail

Ransom Gangs Emailing Victim Customers for Leverage

Krebs on Security

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. This letter is from the Clop ransomware gang, putting pressure on a recent victim named on Clop’s dark web shaming site. “Good day!

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: The missing puzzle piece in DevSecOps — seamless source code protection

The Last Watchdog

We live in a time where technology is advancing rapidly, and digital acceleration is propelling development teams to create web applications at an increasingly faster rhythm. The DevOps workflow has been accompanying the market shift and becoming more efficient every day – but despite those efforts, there was still something being overlooked: application security.

article thumbnail

How marketing principles can be used to enhance cybersecurity training

Tech Republic Security

Marketing psychology has influenced each of us; experts suggest it could help reduce the angst of cybersecurity training.

Marketing 197
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Network Monitoring: The Forgotten Cybersecurity Tool

Security Boulevard

In a cyber world filled with SIEMs, security appliances and anti-malware products, one would think that the specter of cybersecurity would be well under control. However, attacks are still on the rise, zero-day vulnerabilities are increasing and cybercriminals are always finding new ways to attack. “When dealing with previously unseen attacks, it is important to.

article thumbnail

Most applications today are deployed with vulnerabilities, and many are never patched

Tech Republic Security

AppSec expert says cybersecurity should be a part of the development process from the beginning.

More Trending

article thumbnail

Linux 101: The different types of sudo and su

Tech Republic Security

Knowing which sudo or su command to run is important. Jack Wallen demystifies these two Linux admin tools.

162
162
article thumbnail

North Korean-Backed Group Sets Up Fake Security Company, Google Says

Hot for Security

Threat actors working on behalf of North Korea posed as security researchers on social media in a campaign to compromise employees of security companies, according to a Google report. The threat actors’ ability and willingness to go after security researchers only shows how serious the campaign really was. It’s not a common occurrence in the cybersecurity world, making the campaign all the more interesting.

Media 131
article thumbnail

6 Types of Social Engineering Attacks

Mitnick Security

Social engineering attacks account for a massive portion of all cyber attacks, and studies show that these attacks are on the rise. According to KnowBe4 , more than 90% of successful hacks and data breaches start with a common type of social engineering attack called phishing.

article thumbnail

One-Third of Organizations Take No Action After Detecting a Cyber Attack

Security Boulevard

ZDNet recently wrote about some new statistics from the annual Cyber Security Breaches Survey from the Department for Digital, Culture, Media and Sport (DCMS), including the surprising statistic that 1/3 of organizations take no action after a cyber attack. The post One-Third of Organizations Take No Action After Detecting a Cyber Attack appeared first on K2io.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

The SolarWinds hack timeline: Who knew what, and when?

CSO Magazine

Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied. While it is “hard to say” if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber intrusion ever, it did catch “many people off guard” despite the security industry’s frequent warnings that supply chains pose substantial risks, according to Eric Parizo, principal analyst of security operations at Omdia, a global research firm.

Hacking 128
article thumbnail

Fileless Malware, Endpoint Attacks on the Rise

Security Boulevard

Cybercriminals are increasingly leveraging fileless malware, cryptominers and encrypted attacks, targeting users both at remote locations as well as corporate assets behind the traditional network perimeter. These were among the findings of WatchGuard Technologies’ Internet Security Report for Q4 2020, which found fileless malware and cryptominer attack rates grew by nearly 900% and 25%, respectively, The post Fileless Malware, Endpoint Attacks on the Rise appeared first on Security Boulevard.

Malware 126
article thumbnail

Spotlight: Malware Lead Generation At Scale

Elie

We present Spotlight, a large-scale malware lead-generation framework that uses deep-learning to clusters malware famillies to isolate potentially-undiscovered ones and prioritizes them for further investigation.

Malware 118
article thumbnail

Getting to Know DevSecOps

Security Boulevard

You’ve probably heard the term DevSecOps thrown around a lot in recent years, and for good reasons. The. Read More. The post Getting to Know DevSecOps appeared first on Hyperproof. The post Getting to Know DevSecOps appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. Microsoft recently published a report that states, titled “March 2021 Security Signals report,” that revealed that more than 80% of enterprises were victims of at least one firmware attack in the past two years. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware.

Firmware 117
article thumbnail

Ransomware Defense: Three Implementations Every Security Team Needs

Security Boulevard

Few will be shocked to hear that ransomware attacks are continuing to accelerate at a torrid pace - but the more concerning trend is the effectiveness of ransomware at creating chaos and paralyzing business operations. The post Ransomware Defense: Three Implementations Every Security Team Needs appeared first on Security Boulevard.

article thumbnail

Top 5 skills a SOC analyst needs

CSO Magazine

A security operations center (SOC) analyst works within a team to monitor and fight threats to an organization's IT infrastructure, as well as to identify security weaknesses and opportunities for potential improvements. Since a SOC analyst must juggle multiple critical tasks spanning technical, analytical, and business areas, finding qualified candidates is often challenging.

CSO 116
article thumbnail

Bitdefender 2020 Consumer Threat Landscape Report – Attackers Increasingly Target the Human Layer

Hot for Security

Cybersecurity can often seem like a topic for the business sector. But regular consumers are equally affected by cybercrime, directly or indirectly. Bitdefender this week has published its annual Consumer Threat Landscape Report for 2020 underscoring some of the most prevalent cyber threats targeting regular users today. A key stat: cybercrime in 2020 was marked by a visible and aggressive targeting of the human layer.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

6 Most Common Web Security Vulnerabilities (And How To Tackle Them)

SecureBlitz

As a business, your website is your online headquarters. A security breach on your website is equal to someone breaking into your office and stealing your business records and information about your customers. This is risky as the thief could do anything with this data to implicate you and your customers. That’s not something you’ll. The post 6 Most Common Web Security Vulnerabilities (And How To Tackle Them) appeared first on SecureBlitz Cybersecurity.

article thumbnail

Attackers Disclose Personal Data of Students in Massive Cyberattack

Heimadal Security

In recent months, several universities were hit by the Clop ransomware gang, specialists think all the attacks are linked to Accellion File Transfer Appliance (FTA) software, a third-party vendor, which was used by students and staff to transfer encrypted files. Staff and students at the University of Maryland had their private information, such as passports, names, […].

article thumbnail

Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL

Security Boulevard

Phillipe Christodoulou got ripped off to the tune of over a million dollars: An iPhone app stole 17.1 bitcoins. The post Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL appeared first on Security Boulevard.

Scams 113
article thumbnail

Mentoring the Upcoming Generation of Bug Bounty Hunters with Hakluke

SecurityTrails

Interview with Luke Stephens, better known as Hakluke, about fostering keen minds in cybersecurity, right hacker mindset and much more.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

15 Cybersecurity Pitfalls and Fixes for SMBs

Threatpost

In this roundtable, security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.

article thumbnail

Active Content: What It Is & How It Becomes Malicious

Security Boulevard

Modern business processes rely on sharing information across the cloud. Your users are emailing documents and uploading files to shared drives as part of their jobs. Ensuring safe, secure, clean files is now mission-critical. Employees know that they shouldn’t open attached files when they don’t know the person sending them, but phishing emails aren’t the.

Phishing 107
article thumbnail

Microsoft collaborates with Argus to bolster cyber security in connected cars

CyberSecurity Insiders

Argus, a Cybersecurity solutions provider for connected cars aka automated vehicles has announced that it is collaborating with Tech Giant Microsoft to assist automotive manufacturers in mitigating risks associated with connected cars. Microsoft is going to achieve it by integrating Argus Cyber Security suite with Azure IoT to provide an end-to-end solution that helps monitor, detect and mitigate cyber threats targeting in-vehicle information.

article thumbnail

Technology, processes and people can close the cyber talent gap

SC Magazine

Today’s columnist, Nir Polak of Exabeam, says organizations such as Girls Who Code can play a major role in attracting more diversity to the cyber workforce and help solve the talent gap. adafruit CreativeCommons Credit: CC BY-NC-SA 2.0. The cybersecurity industry has been talking about the sector’s talent gap for years. Decades actually. And it shows no sign of disappearing.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

What is Third-Party Risk?

Security Boulevard

As if managing your own risk profile isn’t challenging enough today, your organization must concern itself with how. Read More. The post What is Third-Party Risk? appeared first on Hyperproof. The post What is Third-Party Risk? appeared first on Security Boulevard.

Risk 102
article thumbnail

How the Work-From-Home Shift Impacts SaaS Security

The Hacker News

The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%.

article thumbnail

Race to Cloud Continues Despite Security Concerns

Security Boulevard

After a year of shifting to the cloud at a dizzying pace, it seems that trend shows no sign of slowing down. Organizations continue the shift to complex cloud environments, though many find providers’ native security controls fall short of their needs. More than half of the organizations surveyed for the State of Cloud Security. The post Race to Cloud Continues Despite Security Concerns appeared first on Security Boulevard.

article thumbnail

2,5M+ users can check whether their data were exposed in Facebook data leak

Security Affairs

You can check if your personal information is included in the Facebook data leak by querying the data breach notification service Have I Been Pwned. The news of the availability on a hacking forum of the personal information for 533,313,128 Facebook users made the headlines. The availability of the data was first reported by Alon Gal, CTO of cyber intelligence firm Hudson Rock.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.