Schneier on Security
MAY 7, 2021
A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity: The proposed curriculum aims to teach five-year-old children — an age at which Australian kids first attend school — not to share information such as date of birth or full names with strangers, and that they should consult parents or guardians before entering personal information online.
Krebs on Security
MAY 7, 2021
John Bernard , a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish and head of a new “private office” called Hempton Business Management LLP.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 7, 2021
DevOps is speeding up software release cycles like never before. But according to GitLab's latest survey, finger-pointing over who should be in charge of security remains an issue.
Security Boulevard
MAY 7, 2021
A high-severity bug affects almost 40% of Android phones. The security hole is in Qualcomm modems. The post Very Many Qualcomm Phone Chips Hiding Very Nasty Vulnerability appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Hot for Security
MAY 7, 2021
Insurance giant AXA has said that it is no longer writing cyberinsurance policies in France that cover ransom payments to extortionists. AXA’s decision, which appears to be a first for the cyberinsurance industry, will still it still reimburse companies for the cost of responding and recovering from a ransomware attack – but will not cover the often significant sums of cryptocurrency demanded by criminal gangs after they have compromised a network, and encrypted or stolen data.
Quick Heal Antivirus
MAY 7, 2021
Have you received an SMS with a link that says, “Register for vaccine using COVID-19 app”? Well, beware! The post Beware! Hackers target users with fake COVID-19 vaccine registration app appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MAY 7, 2021
Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader. [.].
Security Boulevard
MAY 7, 2021
These days, a SOC 2 report is considered a must-have for any organization that manages customer data. Getting. Read More. The post What Cybersecurity Standards and Frameworks Should You Adopt Next? appeared first on Hyperproof. The post What Cybersecurity Standards and Frameworks Should You Adopt Next? appeared first on Security Boulevard.
Malwarebytes
MAY 7, 2021
Since the first stay-at-home measures were imposed by governments to keep everyone safe from the worsening COVID-19 pandemic, we at Malwarebytes have been making sure that you, dear reader, are as cyber-secure as possible in your home network, while you try to work and while your children attend online classes. There has been much discussion of antivirus protection, patching your software, and using VPNs.
Heimadal Security
MAY 7, 2021
Identities of more than 200,000 individuals who appear to be involved in Amazon fake product review schemes, were leaked on an open database. It’s a well-known fact that between the e-commerce giant and dubious sellers, worldwide exists an ongoing battle, caused by the fact that the sellers in question hamstring competitors and gain an edge by generating fake […].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MAY 7, 2021
As COVID-19 unfolded in the first half of 2020, many of us set out to explore its long-term ramifications and imagine what the ‘new normal’ could look like. We also wanted to understand the second- or third-order effects of remote working and accelerated digitalization. Cybersecurity became one of the key areas of focus. As many. The post Protecting Collaboration Channels for Remote Work appeared first on Security Boulevard.
Security Affairs
MAY 7, 2021
CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, all easily searchable and conveniently stored in one place.
Bleeping Computer
MAY 7, 2021
This week Twitter has begun experimenting with a new feature called 'Tip Jar,' which lets Twitter users tip select profiles to support their work. But the feature has sparked multiple concerns among Twitter users: from the sender's PayPal shipping address getting exposed, to how are disputes handled. [.].
Security Boulevard
MAY 7, 2021
In this post, we look at how to use WPScan. The tool provides you a better understanding of your WordPress website and its vulnerabilities. Be sure to check out our post on installing WPScan to get started with the software. Big Threats Come from Unexpected Places. Imagine for a second that you’re a survivor in a zombie apocalypse. You’ve holed up in a grocery store, barricading windows and checking door locks.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Hot for Security
MAY 7, 2021
A study from the Department of Computer Science and Center for Information Technology Policy at Princeton University draws attention to security and privacy risks that stem from recycling mobile phone numbers. Researchers point out how threat actors can abuse this practice to carry out account takeover, phishing and spam attacks or restrict targets from signing up to online platforms.
Threatpost
MAY 7, 2021
NY's AG: Millions of fake comments – in favor and against – came from a secret broadband-funded campaign or from a 19-year-old's fake identities.
Hot for Security
MAY 7, 2021
Computer scientist Sir Tim Berners-Lee, best known as the inventor of the World Wide Web, is worried about the privacy of future internet generations. In an interview with BBC Science Focus Magazine, Lee expressed concern about privacy and personal data. “Using private information, they’ve built a profile of you and know exactly who you are. They know the lies they can spin you that could lead you up the garden path – things that may be political, commercial or criminal.”, says Lee.
TrustArc
MAY 7, 2021
The Schrems-II decision from the Court of Justice of the European Union is by now almost a year ago. A permanent solution – a replacement for the annulled Privacy Shield – is not yet in sight. New standard contractual clauses (SCCs) do seem to be on the horizon, but will not be as foolproof as […]. The post Post Schrems-II Enforcement: Lessons Learned appeared first on TrustArc Privacy Blog.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
MAY 7, 2021
Table of contents Introduction Threat Actor Packer Taurus Stealer (Unpacked) C2 Communication Stealer / Grabber C2 Exfiltration Yara MITRE ATT&CK Conclusion IOCs Introduction Taurus Stealer, also known as Taurus or Taurus Project, is a C/C++ information stealing malware that has been in the wild since April 2020. The initial attack vector usually starts with a […].
Security Affairs
MAY 7, 2021
VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984 , in VMware vRealize Business for Cloud. vRealize Business for Cloud is an automated cloud business management solution that allows customers to perform cost analysis, consumption metering, cloud comparison, and planning, delivering the cost visibility and
The Hacker News
MAY 7, 2021
Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app listings.
Bleeping Computer
MAY 7, 2021
Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organization using typo-squatted domains registered days before the attacks began. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Heimadal Security
MAY 7, 2021
It looks like an unknown threat actor had used a new and seemingly stealthy rootkit in order to backdoor target Windows systems. The attack looks very similar to the ongoing espionage campaign called TunnelSnake going back to at least 2018. What are Rootkits? Rootkits are malicious tools designed to evade detection. They are able to bury themselves […].
Security Affairs
MAY 7, 2021
The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker stealer and NetSupport RAT , to compromised hosts.
Bleeping Computer
MAY 7, 2021
Four individuals from Eastern Europe are facing 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to running a bulletproof hosting service as a safe haven for cybercrime operations targeting US entities. [.].
We Live Security
MAY 7, 2021
Ousaban banking trojan targeting Brazil – How to help your kids use safe passwords – DDoS attack takes Belgian government websites offline. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MAY 7, 2021
While ransomware attacks continued throughout the week, for the most part, it has been quieter than usual, with only a few new variants released. [.].
SC Magazine
MAY 7, 2021
Ferris, the Rust mascot. Developers of the malicious downloader Buer have taken the unusual step of rewriting the malware in a lesser-known Rust programming language, presumably to avoid detection while also potentially slowing down investigative analysis. While it’s fairly common to find malware written in C, C+, Python and Java, threat actors have also been known to experiment with more obscure languages as a means to stay ahead of detection and forensics.
Bleeping Computer
MAY 7, 2021
The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks. [.].
Security Affairs
MAY 7, 2021
The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29 , Cozy Bear , and The Dukes )).
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
339 
Let's personalize your content