Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.

Phishing 268

Phishing Data breaches Accountability Technology 268

Joseph Steinberg

MARCH 23, 2021

This past week, Canada’s National Post newspaper ran a special supplement focusing on cybersecurity; the cover story featured an interview of Joseph Steinberg about t he ever-evolving world of cybersecurity. Interviewer: With an expansive resume and your significant role educating a global audience on cybersecurity, what accomplishment are you most proud of?

Cybersecurity 246

Cybersecurity Artificial Intelligence Cyber threats Education 246

Schneier on Security

MARCH 23, 2021

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software. The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application — using antiquated technology and set for retirement

Hacking 242

Hacking Banking Technology Software 242

Tech Republic Security

MARCH 23, 2021

With most of the world still not vaccinated against COVID-19, criminals are hawking fake vaccine documents, says Check Point Research.

208

208

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Quick Heal Antivirus

MARCH 23, 2021

Zloader aka Terdot – a variant of the infamous Zeus banking malware is well known for aggressively using. The post Zloader: Entailing Different Office Files appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Banking 145

Banking Malware 145

Tech Republic Security

MARCH 23, 2021

The 8 top trends cited will enable rapid reinvention, including the skills gap, cybersecurity mesh and identity-first security.

Risk 210

Risk Cybersecurity 210

Tech Republic Security

MARCH 23, 2021

A year after the transition to remote working, many organizations continue to grapple with security issues and weaknesses, says PC Matic.

Risk 191

Risk 191

Bleeping Computer

MARCH 23, 2021

Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks. [.].

Malware 144

Malware Phishing Internet Internet 144

Tech Republic Security

MARCH 23, 2021

Jack Wallen offers up his take on the recent issue surrounding Android's WebView.

201

201

CSO Magazine

MARCH 23, 2021

The cybersecurity skills gap has posed a challenge to organizations everywhere. The threat landscape grows more sophisticated and digital attacks continue to expand at a rapid rate. Organizations are faced with many cybersecurity challenges without enough security professionals to address them. One answer to filling the skills gap is to tap and hire underrepresented candidates, however, providing them with the educational resources and skill-building opportunities is yet another challenge.

Cybersecurity 143

Cybersecurity Education 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

MARCH 23, 2021

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. Tracked as CVE-2020-11261 (CVSS score 8.

Engineering 142

Engineering 142

InfoWorld on Security

MARCH 23, 2021

Oh, what a cloud year 2020 was. Cloud spending grew by 37% in the first quarter of 2020 alone as many quickly understood that COVID-19 would leave them vulnerable if they were still using traditional data centers. Seeing a hockey stick in revenue and enjoying the urgency to drive processes remotely and securely, cloud service providers had an unexpectedly successful year.

142

142

CyberSecurity Insiders

MARCH 23, 2021

To all those who are concerned about the increase in cyber attacks on Maritime Industry, here’s an interesting finding to analyze. During a webinar conducted by Riviera, they revealed that the Human errors are causing an increase in cyber attacks on Maritime Industry. Riviera Cybersecurity Webinar held on March 16th, 2021 gave a conclusion that the shipping employees and the companies need to be well prepared as the coming months will be tough on those indulging in various business activities in

Cyber Attacks 141

Cyber Attacks Social Engineering Wireless Engineering 141

CSO Magazine

MARCH 23, 2021

Editor's note: This article, originally published on March 27, 2014, has been updated to more accurately reflect recent trends. While sports records are made to be broken, enterprise records are made to be retained—at least until they've outlived their usefulness. As regulatory mandates rapidly multiply, enterprises are facing a document tsunami, as current and outdated records begin overwhelming the human and IT resources necessary to securely store, track, manage and eventually destroy them.

141

141

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MARCH 23, 2021

President Joe Biden has authorized “devastating” retaliation against the Russian government for the recent hacking attributed to Russia. The post Biden ‘Will Cyberattack Putin’ (Because SolarWinds) appeared first on Security Boulevard.

Government 139

Government Hacking IoT Risk 139

Bleeping Computer

MARCH 23, 2021

Sierra Wireless, a world-leading IoT solutions provider, today disclosed a ransomware attack that forced it to halt production at all manufacturing sites. [.].

Wireless 143

Wireless IoT Ransomware Manufacturing 143

Security Boulevard

MARCH 23, 2021

What is the cost of a data breach? $3.86 million, on average. Can your organization afford that? Network security is critical for any company today, especially when we live in an age where data is an organization’s most valuable resource. But protection does not come cheap. Effective network security is not just about tools and. The post 5 Threat Mitigation Strategies for Network Security appeared first on Security Boulevard.

Network Security 135

Network Security Data breaches Threat Detection Cybersecurity 135

We Live Security

MARCH 23, 2021

How do you balance the right to repair with the requirement to remain secure? The post When repairing things you own may make you an outlaw appeared first on WeLiveSecurity.

Cybersecurity 138

Cybersecurity 138

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MARCH 23, 2021

CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website. [.].

Insurance 140

Insurance 140

Cisco Security

MARCH 23, 2021

Part 2: Industry trends. In our Threat Trends blog series , we attempt to provide insight into the prevalent trends on the threat landscape. Our goal in giving you the latest info on these trends is that you’ll be better prepared to allocate security resources to where they’re needed most. Knowing the larger trends can help in this pursuit, particularly when it comes to the most common threat types.

DNS 126

DNS Financial Services Healthcare Manufacturing 126

We Live Security

MARCH 23, 2021

Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report. The post Almost $2 billion lost to BEC scams in 2020 appeared first on WeLiveSecurity.

Scams 138

Scams Cybercrime 138

CSO Magazine

MARCH 23, 2021

Editor's note: This article, originally published on June 12, 2018, has been updated to more accurately reflect recent trends. Companies are increasingly recognizing the importance of having a top-level executive dedicated to security issues. That's one of the big findings of IDG's 2020 Security Priorities Study : 61% of surveyed companies have a security pro in the top ranks, and that rate goes up to 80% for large enterprises.

CISO 125

CISO CSO 125

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

MARCH 23, 2021

On March 2, 2021, Virginia Governor Ralph Northam signed the Commonwealth’s first comprehensive data privacy law, the Consumer Data Protection Act, making Virginia the second state, after California, to do so. California’s Consumer Privacy Act, (CCPA) amended by voter referendum in November 2020 as the California Privacy Rights Act (CPRA), represented the first such data.

Data privacy 123

Data privacy Risk Government Cybersecurity 123

Security Affairs

MARCH 23, 2021

This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. The company sells mobile computing and machine-to-machine (M2M) communications products that work over cellular networks.

Wireless 119

Wireless Manufacturing Ransomware Mobile 119

Bleeping Computer

MARCH 23, 2021

Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group. [.].

Ransomware 118

Ransomware 118

Security Affairs

MARCH 23, 2021

Oil and gas giant Royal Dutch Shell (Shell) discloses a data breach resulting from the compromise of its Accellion File Transfer Appliance (FTA) file sharing service. Energy giant Shell disclosed a data breach resulting from the compromise of an Accellion File Transfer Appliance (FTA) used by the company. Shell is an Anglo-Dutch multinational oil and gas company with more than 86,000 employees and mede US$180.5 billion in 2020.

Data breaches 117

Data breaches Hacking Cybercrime Cyber Attacks 117

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

MARCH 23, 2021

Fraudsters use bots and human sweatshops or ‘click farms’ for account takeover fraud of genuine online gaming user accounts–especially those with big money–and to farm in-game assets so they can be resold for hefty profits Perhaps no industry has been affected by changing consumer habits brought upon by the pandemic-related lockdowns more than gaming.

Accountability 117

Accountability 117

Bleeping Computer

MARCH 23, 2021

Stratus Technologies has suffered a ransomware attack that required systems to be taken offline to prevent the attack's spread. [.].

Ransomware 137

Ransomware Technology 137

The Hacker News

MARCH 23, 2021

Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities.

Phishing 117

Phishing Passwords Malware 117

Threatpost

MARCH 23, 2021

A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts.

Accountability 120

Accountability Hacking Government 120

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.