Schneier on Security

SEPTEMBER 7, 2022

This article makes LockBit sound like a legitimate organization: The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom. LockBitSupp said that the ransomware operator is now looking to add DDoS as an extortion tactic on top of encrypting data and leaking it. “I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and pr

Ransomware 212

Ransomware DDOS Encryption 212

Tech Republic Security

SEPTEMBER 7, 2022

Learn more about how edge computing can reduce latency, boost performance and improve data security among other benefits. The post Benefits of edge computing appeared first on TechRepublic.

Internet 208

Internet Internet 208

The Last Watchdog

SEPTEMBER 7, 2022

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0 could take effect as early as May 2023 mandating detailed audits of the cybersecurity practices of any company that hopes to do business with the Department of Defense.

Cybersecurity 249

Cybersecurity Digital transformation Government Small Business 249

Jane Frankland

SEPTEMBER 7, 2022

A few weeks ago I wrote to you about toxic masculinity , how it affects all of us, and what we can do about it. This week I want to bring your attention to the Groundwater Approach and Root Cause Analysis. It’s especially relevant considering the brain drain that’s occuring in cyber. Forrester predicts 1 in 10 experienced professionals will leave cyber this year because of a few dynamics that are colliding, namely poor financial and advancement incentives; general stress and burnout

Education 162

Education CISO Cybersecurity 162

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 7, 2022

Learn all about the key features, specs, pricing, availability and other details about Apple's 2022 release of iPhone 14 and iPhone 14 Pro. The post iPhone 14 cheat sheet: Everything to know about Apple’s 2022 flagship phones appeared first on TechRepublic.

Mobile 142

Mobile 142

The Last Watchdog

SEPTEMBER 7, 2022

The internet has drawn comparisons to the Wild West, making ransomware the digital incarnation of a hold-up. Related: It’s all about ‘ attack surface management ‘ However, today’s perpetrator isn’t standing in front of you brandishing a weapon. They could be on the other side of the globe, part of a cybercrime regime that will never be discovered, much less brought to justice.

Ransomware 124

Ransomware Education Financial Services Phishing 124

Bleeping Computer

SEPTEMBER 7, 2022

Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website. [.].

Accountability 130

Accountability Hacking 130

We Live Security

SEPTEMBER 7, 2022

Misconfigured remote access services continue to give bad actors an easy access path to company networks – here’s how you can minimize your exposure to attacks misusing Remote Desktop Protocol. The post RDP on the radar: An up‑close view of evolving remote access threats appeared first on WeLiveSecurity.

Cybersecurity 120

Cybersecurity 120

Bleeping Computer

SEPTEMBER 7, 2022

Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity. [.].

Ransomware 127

Ransomware 127

Security Boulevard

SEPTEMBER 7, 2022

Google’s bug bounty program will be expanded to include a special open source section called the Open Source Software Vulnerability Rewards Program (OSS VRP), the company announced on its security blog. Through this program, security researchers will thus receive a reward for finding security vulnerabilities in open source projects maintained by Google as well as.

Software 117

Software Security Awareness Mobile Malware 117

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

SEPTEMBER 7, 2022

The Cyber Department of the Ukrainian Security Service (SSU) dismantled two more bot farms that spread Russian disinformation on social networks and messaging platforms via thousands of fake accounts. [.].

Accountability 112

Accountability 112

Security Boulevard

SEPTEMBER 7, 2022

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0 could take effect as early as May 2023 mandating detailed audits of the cybersecurity … (more…). The post SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’ appeared first on Security Boulevard.

Cybersecurity 117

Cybersecurity Security Awareness 117

CSO Magazine

SEPTEMBER 7, 2022

Dave Stirling, CISO of Zions Bancorporation, isn’t waiting for a shakeup in the talent pool or some big shift in the job market to solve the cybersecurity skills gap. Instead, he’s making his own luck. How? By changing up his own staffing strategy, “by trying different things and seeing what sticks.” That approach has Stirling recruiting candidates from the bank’s IT and operations staff, working with local colleges, investing more in training and rethinking how he posts open jobs.

Cybersecurity 118

Cybersecurity CISO Marketing 118

Security Boulevard

SEPTEMBER 7, 2022

When an enterprise gets hit with ransomware, the fundamental question is whether the cost of downtime is greater than the cost of paying the ransom. Once the ramifications of frozen data—financial and otherwise—lost revenue and productivity and the intangible cost of a damaged reputation are added up, it’s no wonder many organizations decide to just.

Backups 117

Backups Ransomware Security Awareness Malware 117

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

SEPTEMBER 7, 2022

As the cybersecurity skills gap persists, it is imperative to create access to training, career pathways, and opportunities in order to encourage more people to pursue careers in cybersecurity. By providing access to and possibilities for cyber jobs for everyone, including women, students, veterans, and others, Fortinet is working to encourage greater representation within cybersecurity.

Cybersecurity 117

Cybersecurity 117

Security Boulevard

SEPTEMBER 7, 2022

Regulators have roared back from a pandemic-induced stupor that seemingly tamped down some of the most aggressive actions at their disposal—as Sephora recently became painfully aware. The cosmetics retailer is set to pay $1.2 million in penalties for running afoul of the California Consumer Privacy Act (CCPA). The CCPA has been something of a sleeping.

Retail 116

Retail Data privacy Risk Government 116

Bleeping Computer

SEPTEMBER 7, 2022

The Mirai malware botnet variant known as 'MooBot' has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits. [.].

Malware 114

Malware 114

Security Affairs

SEPTEMBER 7, 2022

A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. The malware outstands for its multistage infection chain, threat actors use it to can gain full control of the system and carry out other malicious activities, including cryptocurrency mining.

Malware 116

Malware IoT Cryptocurrency Engineering 116

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

IT Security Guru

SEPTEMBER 7, 2022

In today’s cloud-based enterprise, APIs are a critical part of every business. They’re used extensively to foster more rapid application development, and without proper security measures, sensitive data can easily get into the wrong hands. As modern organizations become more dependent on APIs to achieve their goals, their API security strategy must be up-to-date and in line with recent developments in technology.

DDOS 113

DDOS Authentication Architecture Social Engineering 113

Digital Shadows

SEPTEMBER 7, 2022

Stealthy, sustained, and frequently state-backed, advanced persistent threats (APTs for short) are often the leading antagonists of the cyber threat. The post APT Spotlight Series: APT41 first appeared on Digital Shadows.

Cyber threats 108

Cyber threats 108

CyberSecurity Insiders

SEPTEMBER 7, 2022

As the adoption of cloud storage is growing, it is becoming easy to carry documents, passwords, movies, images, music, etc. on one go. Though it is convenient for us, data upload to a third-party platform might fetch some security risks that are as follows. First, we never know what is happening behind the screens in the server farms, as anyone working in or for the data center can easily have access to data.

Passwords 105

Passwords Accountability Mobile Encryption 105

Digital Guardian

SEPTEMBER 7, 2022

What are trade secrets and what makes them so important? As an organization, when you identify a piece of information as a trade secret you should take steps to protect it and keep it from being disclosed.

105

105

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Naked Security

SEPTEMBER 7, 2022

NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too.

Ransomware 124

Ransomware 124

Bleeping Computer

SEPTEMBER 7, 2022

A new Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest. [.].

Hacking 109

Hacking Spyware Malware Mobile 109

Security Boulevard

SEPTEMBER 7, 2022

Password hygiene is a huge priority for Managed Service Providers Every organization is at risk for cyber attack, but MSPs have emerged as a top target. This is because threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects. In May of 2022, CISA, the FBI, and a group of. Read More.

Passwords 104

Passwords Risk Cyber Attacks 104

Graham Cluley

SEPTEMBER 7, 2022

Owners of QNAP NAS drives have been advised to "take immediate action" in the wake of a new wave of DeadBolt ransomware attacks.

Ransomware 124

Ransomware Malware 124

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

SEPTEMBER 7, 2022

Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted since yesterday after its network was breached. [.].

Technology 101

Technology 101

CyberSecurity Insiders

SEPTEMBER 7, 2022

InterContinental Hotels Group, a Britain-based hotel chain, has announced that its IT systems were fraudulently accessed by some outsiders, thus disrupting all booking channels and applications. Unconfirmed sources state that the attack was related to ransomware and an investigation to detect the culprits behind the intrusion has been launched. Security experts have been hired to start the recovery of the data from encryption.

Ransomware 102

Ransomware Encryption Cyber Attacks Malware 102

Security Affairs

SEPTEMBER 7, 2022

The Moobot botnet is behind a new wave of attacks that started in early August and that target vulnerable D-Link routers. Palo Alto Network’s Unit 42 researchers reported a new wave of attacks launched by the Moobot botnet that target vulnerable D-Link routers. The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision prod

DDOS 103

DDOS Encryption Passwords Hacking 103

Bleeping Computer

SEPTEMBER 7, 2022

Security researchers have discovered that Minecraft is the most heavily abused game title by cybercriminals, who use it to lure unsuspecting players into installing malware. [.].

Malware 98

Malware 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.