Schneier on Security

AUGUST 11, 2022

This is the first —of many, I assume—hack of Starlink. Leveraging a string of vulnerabilities, attackers can access the Starlink system and run custom code on the devices.

Hacking 228

Hacking 228

Tech Republic Security

AUGUST 11, 2022

Google’s security guidelines also drew the majority of this year’s requests in apps, according to Kaspersky’s Privacy Checker website. The post 85% of Android users are concerned about privacy appeared first on TechRepublic.

Mobile 169

Mobile Cybersecurity 169

CSO Magazine

AUGUST 11, 2022

In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors.

Firmware 138

Firmware Manufacturing 138

Tech Republic Security

AUGUST 11, 2022

Seeing your assets the way an attacker would look at them can help you spot where you’re exposed before you get attacked. The post Defend your network with Microsoft outside-in security services appeared first on TechRepublic.

155

155

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

AUGUST 11, 2022

An Open Cybersecurity Schema Framework (OCSF) launched this week at the Black Hat USA 2022 conference promises to finally address longstanding data sharing issues that conspire to limit the effectiveness of cybersecurity teams and increase overall costs. Led by Amazon Web Services (AWS), Splunk and IBM, the OCSF is the latest industry effort that attempts.

Cybersecurity 138

Cybersecurity Security Awareness Network Security 138

Bleeping Computer

AUGUST 11, 2022

The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time. [.].

Ransomware 137

Ransomware 137

CSO Magazine

AUGUST 11, 2022

Predicting future technological performance is tricky business — we anticipate linear growth, but experience something different. So, as much as we might like to, we can’t predict the future by extrapolating from a straight line. Unfortunately for us forecasters, the dichotomy between expectation and reality makes it difficult to anticipate the exponential nature of technological progress , and that holds us back as change accelerates.

Technology 132

Technology 132

Bleeping Computer

AUGUST 11, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations today that attackers deploying Zeppelin ransomware might encrypt their files multiple times. [.].

Encryption 131

Encryption Ransomware Cybersecurity 131

CSO Magazine

AUGUST 11, 2022

Zero trust security management, extended detection and response ( XDR ), and a host of other threat and vulnerability management offerings were among the top products and services launched at Black Hat USA 2022 this week in Las Vegas. Black Hat is an annual global conference of security professionals, enthusiasts and vendors, serving as a stage for innovation in the cybersecurity field.

Cybersecurity 131

Cybersecurity 131

Bleeping Computer

AUGUST 11, 2022

Developers are furious at GitHub's upcoming privacy policy changes that would allow GitHub to place tracking cookies on some of its subdomains. The Microsoft subsidiary announced this month, it would be adding "non-essential cookies" on some marketing web pages starting in September, and offered a 30-day "comment period." [.].

Marketing 125

Marketing 125

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

AUGUST 11, 2022

Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.

Data breaches 135

Data breaches VPN Hacking Authentication 135

CSO Magazine

AUGUST 11, 2022

Data breaches exposing consumers’ sensitive information continue unabated even as organizations amass and sell vast sets of consumers’ personal, financial, and location data to a thriving data broker industry. Concerns over the use of the growing stockpile of sensitive personal data have reached a fevered pitch in the wake of the Supreme Court’s decision to overturn Roe v.

Surveillance 121

Surveillance Data breaches 121

Security Affairs

AUGUST 11, 2022

Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to conduct distributed denial-of-service (DDoS) attacks, but it did not disclose the name of the

Firewall 116

Firewall DDOS Hacking Cybersecurity 116

CSO Magazine

AUGUST 11, 2022

Network misconfigurations cost companies an average of 9% of annual revenues, according to a study released Wednesday by a network security and compliance company. The research by Titania based on a survey of 160 senior cybersecurity decision makers across a broad array of government and industrial verticals also warned that misconfigurations that leave a business vulnerable to cyberattacks could be sitting on networks for months or years because of infrequent audits of connected devices.

Government 118

Government Network Security Cybersecurity 118

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

AUGUST 11, 2022

Our cybersecurity predictions for 2022 predicted trends such as increased regulatory changes and exacerbated talent shortages. Several of these predictions have played out, but at just past the midpoint of the year, it’s worth delving into some cybersecurity predictions for the rest of 2022. Increased Attacks on OT With increased convergence between IT and operational technology (OT) systems, threat actors.

Cybersecurity 115

Cybersecurity Technology 115

TrustArc

AUGUST 11, 2022

Why should you know where your data is? A centralized data inventory is critical for your organization’s security and privacy compliance and the starting point for understanding what and how data is collected and used across the organization.

112

112

Security Boulevard

AUGUST 11, 2022

MixMode’s unsupervised, third-wave AI computes patterns of interaction over many different timescales, contrasting it over the next 5-minute interval with what was seen previously. Should patterns deviate, the platform performs an assessment of the security risk implied in that deviation and presents it to the user. The post Understanding the Evolution and Impact of AI on Cybersecurity appeared first on Security Boulevard.

Cybersecurity 111

Cybersecurity Risk Artificial Intelligence 111

SecureBlitz

AUGUST 11, 2022

In this post, I will show you tips to share information using cloud storage secretly… Many people enjoy using Cloud. Read more. The post 6 Tips To Share Information Using Cloud Storage Secretly appeared first on SecureBlitz Cybersecurity.

Cybersecurity 111

Cybersecurity Hacking 111

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

AUGUST 11, 2022

A deep-dive in Zero-trust, to help you navigate in a zero-trust world and further secure your organization. The post An eighties classic – Zero Trust appeared first on WeLiveSecurity.

Cybersecurity 110

Cybersecurity 110

SecureBlitz

AUGUST 11, 2022

Here, I will show you ways manufacturers can benefit from going online… Some businesses are based entirely on the internet. Read more. The post Ways Manufacturers Can Benefit from Going Online appeared first on SecureBlitz Cybersecurity.

Manufacturing 107

Manufacturing Internet Internet Cybersecurity 107

CSO Magazine

AUGUST 11, 2022

[Editor's note: This article originally appeared on the CSO Germany website on July 29.] Claire Tills, senior research engineer at Tenable, describes the methods of the hacking group Lapsus$ as bold, illogical and poorly thought out. The criminals attacked renowned companies such as Microsoft , Samsung , Nvidia, Vodafone , Ubisoft and Okta. They stole data and sometimes used ransomware to extort their victims.

CSO 106

CSO Engineering Ransomware Hacking 106

Bleeping Computer

AUGUST 11, 2022

Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems caused the disruption of emergency services (111) from the United Kingdom's National Health Service (NHS). [.].

Ransomware 105

Ransomware 105

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CSO Magazine

AUGUST 11, 2022

Ever since the Kremlin's troll farm, the Internet Research Agency, targeted the American electorate during the 2016 U.S. presidential election with social media disinformation campaigns, nation-states across the globe have jumped into their own weaponized information campaigns to influence elections. In 2019, the U.S. State Department issued a report addressing the rise of state-sponsored disinformation that looked at not only Russian influence campaigns but also Chinese, Iranian and North Korea

Media 106

Media Internet Internet 106

Security Boulevard

AUGUST 11, 2022

There are many problems facing the cybersecurity community today, and they will only get worse before they get better. Despite this bleak view, former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs reminded the audience at Black Hat USA 2022 to place their hope in people to have a more secure future. . The post The state of cybersecurity: ‘Things are going to get worse before they get better,’ Krebs tells Black Hat 2022 appeared first on Security Bouleva

Cybersecurity 105

Cybersecurity Software 105

Dark Reading

AUGUST 11, 2022

Even among businesses with cyber insurance, they lack coverage for basic costs of many cyberattacks, according to a BlackBerry survey.

Cyber Insurance 120

Cyber Insurance Insurance Ransomware 120

The Hacker News

AUGUST 11, 2022

Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up.

VPN 102

VPN Hacking Ransomware Accountability 102

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

AUGUST 11, 2022

Industry standards would provide predictable and understandable IoT security frameworks.

IoT 145

IoT 145

The State of Security

AUGUST 11, 2022

This week, I spoke with a new client who told me all about how they are looking forward to addressing a number of internal issues surrounding their IT systems. They explained that over the last 12 months, they repeatedly had issues of delays in service and outages, which had affected their business. Discussing this further, […]… Read More.

Cybersecurity 101

Cybersecurity 101

Bleeping Computer

AUGUST 11, 2022

Microsoft has pulled the Microsoft 365 version 2206 update after users report their Office applications are crashing when viewing a contact card or hovering over a user's name or photo. [.].

100

100

Dark Reading

AUGUST 11, 2022

18 companies led by Amazon and Splunk announced the OCSF framework, to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.

Threat Detection 99

Threat Detection Cybersecurity 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.