Mon.Jun 28, 2021

article thumbnail

Welcoming the Slovak Republic Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come.

article thumbnail

NFC Flaws in POS Devices and ATMs

Schneier on Security

It’s a series of vulnerabilities : Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader — rather than swipe or insert it — to make a payment or extract money from a cash machine.

Firmware 275
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

Microsoft has blunted the ongoing activities of the Nobelium hacking collective, giving us yet another glimpse of the unceasing barrage of hack attempts business networks must withstand on a daily basis. Related: Reaction to Biden ‘s cybersecurity executive order. Nobelium is the Russian hacking collective best known for pulling off the milestone SolarWinds supply chain hack last December.

Hacking 214
article thumbnail

Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million

Tech Republic Security

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Applied Threat Modeling at Blackhat 2021!

Adam Shostack

At Blackhat USA, I’ll be teaching Applied Threat Modeling. This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start threat modeling early on the first day and then going deep into each of the four questions: what are we working on, what can go wrong, what are we going to do about it, and did we do a good job?

130
130
article thumbnail

Cybersecurity study: SolarWinds attack cost affected US companies an average of $12 million

Tech Republic Security

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.

More Trending

article thumbnail

How to secure your Safari browsing with iCloud Private Relay in iOS 15

Tech Republic Security

Using iCloud Private Relay in iOS 15, you can easily obscure your internet traffic and ensure that network providers cannot spy on your activity.

Internet 165
article thumbnail

One billion dollars lost by over-60s through online fraud in 2020, says FBI

Hot for Security

According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. Read more in my article on the Hot for Security blog.

Internet 145
article thumbnail

How developing mental immunity can help you make better cybersecurity decisions

Tech Republic Security

Experts want us to develop immunity to bad ideas that can wrongly influence the cybersecurity decision process.

article thumbnail

How Offensive AI Can Disarm Cybersecurity

Security Boulevard

As more organizations adopt AI and ML as cybersecurity controls and to detect and deter attacks, cybercriminals are devising ways to use AI as the basis of attacks. “What’s known as ‘offensive AI’ will enable cybercriminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools,”.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

BrandPost: The Beat Goes On: A Surge of DDoS Activity in 2021

CSO Magazine

The 2H2020 Threat Intelligence Report correctly predicted that 2020’s record-breaking distributed denial of service (DDoS) attack activity would follow the COVID-19 pandemic into 2021. While we generally love being right, this is not one of those times. According to research from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT), threat actors launched approximately 2.9 million DDoS attacks in the first quarter of 2021, a 31% increase from the same time in 2020.

DDOS 140
article thumbnail

In Memoriam: John McAfee

We Live Security

What was it like to work for, and be friends with, the larger-than-life technology entrepreneur back when he helped shape the computer security industry? The post In Memoriam: John McAfee appeared first on WeLiveSecurity.

article thumbnail

Scant evidence that cyber insurance boom is leading to better security

SC Magazine

The rise of the cyber insurance has largely failed to promote better cybersecurity practices among the industries they cover, according to a new report released Monday from British security think tank RUSI. (Photo by Spencer Platt/Getty Images). The security community for the last few years pointed to great potential for cyber insurance to drive progress in cyber best practices: force companies to up their game by making certain standards a requirement for coverage.

article thumbnail

How to achieve financial inclusion with Open Banking

CyberSecurity Insiders

If you have seen the latest banking news, you may have seen that the Competition and Markets Authority in the UK recently launched a consultation on the future of open banking to set out the principal features for open banking in its next phase of implementation. While it is important to keep the powerful forward momentum of open banking, it is not inevitable that it will continue on the same trajectory – a feat that could have major implications for tackling financial inclusion.

Banking 133
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

RockYou2021: Massive data leak of passwords on the dark web

Quick Heal Antivirus

The issue of a data breach continues to plague the world of cybersecurity. What seems to be the most. The post RockYou2021: Massive data leak of passwords on the dark web appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Passwords 132
article thumbnail

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

Threatpost

After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.

143
143
article thumbnail

Four states propose laws to ban ransomware payments

CSO Magazine

Following the epic ransomware attacks on Colonial Pipeline and top meat producer JBS, some government officials have called on Congress and the administration to ban organizations from making ransom payments to threat actors. The goal of such a ban would be to codify the FBI's current advice : Don't pay ransomware attackers lest you encourage more of the same.

article thumbnail

Mercedes Benz Data Breach details

CyberSecurity Insiders

An independent security researcher reported on June 11th,2021 that a data breach on a cloud platform has leaked over 1.6 million records belonging to customers of Mercedes Benz USA. And as soon as the luxury carmaker learned about the incident it launched a security audit on its network and discovered that the cyber incident could have leaked a small portion of data belonging to dealers stored on a third-party vendor unlike what was being said in the media.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

15 top open-source intelligence tools

CSO Magazine

OSINT definition. Open source intelligence (OSINT) is the practice of collecting information from published or otherwise publicly available sources. OSINT operations, whether practiced by IT security pros, malicious hackers, or state-sanctioned intelligence operatives, use advanced techniques to search through the vast haystack of visible data to find the needles they're looking for to achieve their goals—and learn information that many don't realize is public.

Software 125
article thumbnail

Facebook Clone Wars: How to Check For Social Media Impersonators Who Use Your Info to Scam Friends and Family

Hot for Security

Have you ever received a friend request from a person already on your list of friends on Facebook? If so, you were most likely targeted by a cloned Facebook account. If not, chances are you will. You’ll likely run into a scam artist posing as either you or one of your friends while you’re busy checking your social media feed. It may be impossible to predict the exact number of fake and impostor accounts on Facebook.

Media 124
article thumbnail

Asset management in the age of digital transformation

CyberSecurity Insiders

Over the past year or so, organizations have rapidly accelerated their digital transformation by employing technologies like cloud and containers to support the shift to IoT and address the expanding remote workforce. Visibility Matters: This digital shift calls for a new approach to asset visibility as traditional asset administration responsibilities like inventory, software support, and license oversight are often the purview of IT and addressed with IT inventory-focused tools.

article thumbnail

Microsoft Signs Malware That Spreads Through Gaming

Threatpost

The driver, called "Netfilter," is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.

Malware 121
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Microsoft investigates threat actor distributing malicious Netfilter Driver

Security Affairs

Microsoft is investigating an strange attack, threat actor used a driver signed by the company, the Netfilter Driver, to implant a Rootkit. Microsoft announced it is investigating a threat actor distributing malicious drivers in attacks aimed at the gaming industry in China. The actor submitted drivers that were built by a third party for certification through the Windows Hardware Compatibility Program (WHCP).

Malware 119
article thumbnail

Detecting unknown threats: a honeypot how-to

SecureList

Catching threats is tricky business, especially in today’s threat landscape. To tackle this problem, for many years ?ybersecurity researchers have been using honeypots – a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kaspersky’s Global Research and Analysis Team and head of Kaspersky’s honeypot project, explains what honeypots are, why they are recommended for dealing with external threats, and how you can set up your own simple S

Internet 117
article thumbnail

Costs from ransomware attack against Ireland health system reach $600M

SC Magazine

An HSE ambulance leads the Obama Cavalcade on May 23, 2011. Six weeks after a ransomware attack, much of the Ireland HSE is still facing care disruptions. (D464-Darren Hall, CC BY-SA 2.0 [link] , via Wikimedia Commons). The Ireland Health Service Executive (HSE) is continuing to operate under electronic health record (EHR) downtime procedures and experiencing continued care disruptions, after suffering a ransomware attack more than six weeks ago.

article thumbnail

Android: How to enable the Password Checkup feature

Tech Republic Security

Google has released a new password checker for Android. Find out how to enable and use this security feature on your Android device.

Passwords 123
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Windows 11 preview build installs failing due to system requirements

Bleeping Computer

The first Windows 11 preview build has been released, and users are reporting being unable to install it for not meeting minimum system requirements. [.].

136
136
article thumbnail

BrandPost: Edge Computing: The Security Imperative

CSO Magazine

Edge computing is gaining traction quickly – with some analysts deeming it the next great revolution in technology. Some of the industry’s biggest players are making significant investments in edge computing to help their customers implement digital transformation initiatives. In fact, IDC has predicted that the worldwide edge computing market will grow to $250.6 billion by 2024.

article thumbnail

REvil ransomware's new Linux encryptor targets ESXi virtual machines

Bleeping Computer

The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. [.].

article thumbnail

Binance receives the ban hammer from UK’s FCA

Malwarebytes

Binance, the world’s largest and most popular cryptocurrency exchange network, has had a rough few days. First, Japan’s financial regulator, the Financial Services Agency (FSA), issued its second warning to Binance on Friday, 25 June, for operating in the country without permission (The first warning was issued in 2018). That same day, Binance withdrew its services from Ontario, Canada after the Ontario Securities Commission (OSC) published a Notice of Hearing and Statement of Allega

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.