Schneier on Security

FEBRUARY 20, 2023

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the company’s in-app feature that lets you know if any nearby Tiles are following you. But to activate the new Anti-Theft Mode, the Tile owner will have to verify their real identity with a government-issued ID, submit a biometric scan that helps root out fake IDs, agree to let Tile share their information with law e

Surveillance 193

Surveillance Government 193

The Last Watchdog

FEBRUARY 20, 2023

Well-placed malware can cause crippling losses – especially for small and mid-sized businesses. Related: Threat detection for SMBs improves Not only do cyberattacks cost SMBs money, but the damage to a brand’s reputation can also hurt growth and trigger the loss of current customers. One report showed ransomware attacks increased by 80 percent in 2022, with manufacturing being one of the most targeted industries.

Ransomware 124

Ransomware Education Hacking Manufacturing 124

Security Boulevard

FEBRUARY 20, 2023

GoDaddy’s web hosting service breached yet again. This time, the perps were redirecting legit websites to malware. The post GoDaddy Hosting Hacked — for FOURTH Time in 4 Years appeared first on Security Boulevard.

Hacking 143

Hacking Malware Social Engineering CISO 143

CyberSecurity Insiders

FEBRUARY 20, 2023

IBM Chief felt ChatGPT, an OpenAI developed a platform of Microsoft, has the potential to replace white-collar jobs such as insurance consultants, lawyers, accountants, computer programmers and admin roles. Arvind Krishna, the lead of the technology at IBM, predicts that some sort of jobs will replace by AI models and so job steal is predictably possible.

Insurance 137

Insurance Engineering Accountability Technology 137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

FEBRUARY 20, 2023

Many Twitter users have been presented with a message telling them that SMS-based two-factor authentication (2FA) will be removed next month. According to Twitter, only subscribers to its premium Twitter Blue service will be able to use text message-based 2FA to protect their accounts. Is that such a good idea?

Authentication 129

Authentication Accountability Mobile 129

Heimadal Security

FEBRUARY 20, 2023

GoDaddy, a major provider of web hosting services, claims that a multi-year attack on its cPanel shared hosting environment resulted in a breach where unidentified attackers stole source code and installed malware on its servers. While the attackers had access to the company’s network for a number of years, GoDaddy only learned about the security […] The post GoDaddy Discloses Data Breach Spanning Multiple Years appeared first on Heimdal Security Blog.

Data breaches 128

Data breaches Malware Cybersecurity 128

Security Boulevard

FEBRUARY 20, 2023

We have a saying here at DTEX: the difference is human. We know that enterprise security is only achievable when the cyber strategy is underpinned by the human element – the only true perimeter of all. Our customers will attest to this, too. For this reason, we were not surprised to read Gartner’s prediction that … Continued The post When it comes to insider risk, the difference is human appeared first on DTEX Systems Inc.

Risk 111

Risk 111

CSO Magazine

FEBRUARY 20, 2023

Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an SEC filing.

Hacking 106

Hacking Malware 106

We Live Security

FEBRUARY 20, 2023

AI-pocalypse soon? As stunning as ChatGPT’s output can be, should we also expect the chatbot to spit out sophisticated malware? The post Will ChatGPT start writing killer malware?

Malware 104

Malware 104

Bleeping Computer

FEBRUARY 20, 2023

According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken. [.

98

98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

FEBRUARY 20, 2023

From here on out, hybrid and remote work are here to stay. Unfortunately, this seismic shift in the way we work has expanded the attack surface for opportunistic cybercriminals. Mimecast’s 2022 state of email security report (SOES) found that 72% of respondents experienced an increase in email-based threats over the previous 12 months. And in. The post The Essential Guide to Securing Hybrid Workplace Environments appeared first on Security Boulevard.

Security Awareness 98

Security Awareness Malware Cybersecurity 98

Bleeping Computer

FEBRUARY 20, 2023

Samsung has developed a new security system called Samsung Message Guard to help Galaxy smartphone users keep safe from the so-called "zero-click" exploits that use malicious image files. [.

Mobile 98

Mobile 98

Security Boulevard

FEBRUARY 20, 2023

CSMA improves a company's security posture without adding specialized products that operate in silos. Unify your products so they work as a security ecosystem. The post Cybersecurity Mesh Architecture checklist for CISOs appeared first on Security Boulevard.

Architecture 98

Architecture CISO Cybersecurity 98

Bleeping Computer

FEBRUARY 20, 2023

Coinbase cryptocurrency exchange platform has disclosed that an unknown threat actor stole the login credentials of one of its employees in an attempt to gain remote access to the company's systems. [.

Cryptocurrency 93

Cryptocurrency 93

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

FEBRUARY 20, 2023

Filing your taxes is already a drag, but finding out that someone has already filed a fake tax return in your name and is trying to steal your refund? That just takes the cake. The post How to protect yourself against identity theft this tax season appeared first on Security Boulevard.

Identity Theft 98

Identity Theft 98

Malwarebytes

FEBRUARY 20, 2023

Twitter is making some dramatic shake ups to its currently available security settings. From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here is not to worry. You may be under the impression that Twitter is removing your 2FA ability altogether, but this isn’t the case.

Authentication 95

Authentication Phishing Mobile Accountability 95

Security Boulevard

FEBRUARY 20, 2023

Threat actors lingered in GoDaddy’s systems, installing malware and stealing source code in a security incident that lasted years. After receiving complaints from a few customers in December that their websites were being “intermittently redirected,” the web hosting service said it “found that the intermittent redirects were happening on seemingly random websites hosted on our.

Malware 98

Malware Cybersecurity Network Security 98

The Hacker News

FEBRUARY 20, 2023

Norwegian police agency Økokrim has announced the seizure of 60 million NOK (about $5.84 million) worth of cryptocurrency stolen by the Lazarus Group in March 2022 following the Axie Infinity Ronin Bridge hack. "This case shows that we also have a great capacity to follow the money on the blockchain, even if the criminals use advanced methods," the agency said in a statement.

Cryptocurrency 91

Cryptocurrency Hacking 91

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

FEBRUARY 20, 2023

Negotiators for the Royal Mail apparently played hardball with LockBit over a ransom demand that the mail service said was too high, prompting the attackers to lower their ask and reset the ransom deadline. Insights into how ransoms are negotiated are few and far between, but the leaked transcript of chat logs showed the tactics. The post Royal Mail Hung Tough in LockBit Ransom Negotiations appeared first on Security Boulevard.

Risk 96

Risk Government Ransomware Malware 96

Security Affairs

FEBRUARY 20, 2023

Social engineering techniques are becoming increasingly sophisticated and are exploiting multiple emerging means, such as deep fakes. The increasing use of videoconferencing platforms and the various forms of remote work also adopted in the post-emergency covid make interpersonal collaborations increasingly virtual. This scenario must undoubtedly force organizations to prepare adequately to be able to recognize impersonation attempts based on social engineering attacks, which are also proving in

Social Engineering 87

Social Engineering Engineering Artificial Intelligence Computers and Electronics 87

Bleeping Computer

FEBRUARY 20, 2023

A new information stealer called Stealc has emerged on the dark web gaining traction due to aggressive promotion of stealing capabilities and similarities with malware of the same kind like Vidar, Raccoon, Mars, and Redline. [.

Malware 82

Malware 82

SecureWorld News

FEBRUARY 20, 2023

Web hosting provider GoDaddy has revealed it suffered a security breach that lasted for several years, resulting in the installation of malware on its servers and the theft of source code related to some of its services. The company has attributed the campaign to a "sophisticated and organized group targeting hosting services." According to a statement published on its website , GoDaddy discovered the breach in December 2022 after receiving a small number of complaints from customers about their

Malware 90

Malware Passwords Cyber threats Phishing 90

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

FEBRUARY 20, 2023

A ransomware threat called HardBit has moved to version 2.0 and its operators are trying to negotiate a ransom payment that would be covered by the victim's insurance company. [.

Insurance 80

Insurance Ransomware 80

Security Affairs

FEBRUARY 20, 2023

The Coinbase cryptocurrency exchange was the victim of a sophisticated cyberattack, experts believe is was targeted by Twilio hackers. A sophisticated threat actor launched a smishing campaign against the employees of the cryptocurrency exchange Coinbase. According to the company, on February 5, 2023, some of its employees received text messages requesting them to urgently log in to their accounts using an embedded link.

Cryptocurrency 86

Cryptocurrency Accountability Authentication Hacking 86

The Hacker News

FEBRUARY 20, 2023

The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malware such as dneSpy and agfSpy.

Social Engineering 87

Social Engineering Engineering Malware 87

Security Affairs

FEBRUARY 20, 2023

The LockBit ransomware gang claims to have hacked Aguas do Porto, a Portuguese municipal water utility company. The LockBit ransomware gang claims to have hacked Aguas do Porto, a Portuguese municipal water utility company, and is threatening to leak the stolen data. Aguas do Porto is a municipal water utility company that manages the full water cycle including water supply, and wastewater drainage.

Ransomware 86

Ransomware Cyber Attacks Cybercrime Hacking 86

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

SecureBlitz

FEBRUARY 20, 2023

In this post, I will show you the pros and cons of outsourcing your cybersecurity audit. As businesses become increasingly reliant on technology for their operations, the security of their digital infrastructure becomes increasingly important. One way to ensure the security of your business is to outsource a cybersecurity audit. Outsourcing a cybersecurity audit can […] The post The Pros And Cons Of Outsourcing Your Cybersecurity Audit appeared first on SecureBlitz Cybersecurity.

Cybersecurity 87

Cybersecurity Technology Hacking 87

Naked Security

FEBRUARY 20, 2023

Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.

Authentication 101

Authentication 101

Dark Reading

FEBRUARY 20, 2023

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.

Ransomware 93

Ransomware 93

The Hacker News

FEBRUARY 20, 2023

Russia's cyber attacks against Ukraine surged by 250% in 2022 when compared to two years ago, Google's Threat Analysis Group (TAG) and Mandiant disclosed in a new joint report.

Cyber Attacks 85

Cyber Attacks Government 85

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.