Troy Hunt
FEBRUARY 16, 2022
Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand! They'll join the other govs around the world that have complete free access to breach information impacting their gov domains and TLDs.
Schneier on Security
FEBRUARY 16, 2022
Google’s Project Zero is reporting that software vendors are patching their code faster. tl;dr. In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period).
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
FEBRUARY 16, 2022
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.
Tech Republic Security
FEBRUARY 16, 2022
Data privacy software can help protect your employees, customers and organization by ensuring data is protected and handled appropriately and securely. Learn how to choose the right options. The post How to choose the right data privacy software for your business appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Doctor Chaos
FEBRUARY 16, 2022
I recently came across a classic malware which I thought was long gone and forgotten. However, in these times of sourced code leaks and reuse, attackers are recycling and updating old code into something new. Rombertik is a self-destructing malware that has been making a lot of news. It is typically distributed via phishing and spam attack vectors. This malware leverages vulnerabilities through a Web browser’s operation of collecting user data from sites being visited by the victim.
Digital Shadows
FEBRUARY 16, 2022
To say that 2021 was a turbulent year for security teams would be a massive understatement. Last year, we observed. The post Initial Access Brokers in 2021: An Ever Expanding Threat first appeared on Digital Shadows.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Identity IQ
FEBRUARY 16, 2022
SIM Swapping Attacks on the Rise- Here’s How to Keep Safe. IdentityIQ. SIM swapping , also called SIM splitting or hijacking, is a technique employed by online fraudsters to gain access to, seize and control a victim’s phone number and SIM information. They gain access to the victim’s identity and information through their phone company and use the information to conduct theft and other fraudulent activities online.
CyberSecurity Insiders
FEBRUARY 16, 2022
Russia announced on Tuesday that it is going to withdraw troops from the borders of Ukraine hinting that it is planning negotiations, as war can lead to economic and human loss on both sides. However, just within hours of its announcement, the Putin led nation seems to have launched a hybrid war in the form of cyber attacks on Ukraine as most of the websites, including banks and defense ministry, were down because of a sophisticated digital attack.
Malwarebytes
FEBRUARY 16, 2022
A journalist incorrectly branded as a “hacker” by the governor of Missouri won’t be prosecuted “for hacking” This was a quick and foreseen win for St. Louis Post-Dispatch reporter Josh Renaud after a prosecutor from Cole County dismissed Missouri Governor Mike Parson’s criminal charges against him for allegedly hacking a government website by viewing its public HTML code— something anyone can do by simply pressing the F12 button.
Security Boulevard
FEBRUARY 16, 2022
Free and open source software (FOSS) will continue to present a risk to organizations as hackers focus on exploiting security flaws in the code, a report from Moody’s Investors Service found. In the case of the open source Log4j vulnerability, for example, three to five years could elapse before organizations are finished patching security flaws, and.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Heimadal Security
FEBRUARY 16, 2022
SquirrelWaffle is a relatively new malware loader that was first discovered back in September 2021. It works by hijacking an email thread in order to maximize the likelihood that a victim would click on malicious links, so they are hiding inside an email response, in a manner similar to how the highly contagious Emotet virus, […]. The post SquirrelWaffle Is Using Typosquatting in Latest Campaign appeared first on Heimdal Security Blog.
Graham Cluley
FEBRUARY 16, 2022
Bravo to Microsoft, because it sounds like they’re doing something to improve the security of Office users. Way back in 1995, Microsoft accidentally shipped a virus on CD ROM. At first Microsoft refused to call it a virus, preferring to call it a “Prank macro,” but WM/Concept as it became known was the first widespread … Continue reading "25 years on, Microsoft makes another stab at stopping macro malware".
TrustArc
FEBRUARY 16, 2022
Xiaomi Scores Big on User Privacy Protection User privacy has become front and center for organizations across the globe – and for a good reason. More data is being collected than ever before. Trends, such as big data and analytics, and the Internet of Things have accelerated how data is collected, stored, and used. This […].
CyberSecurity Insiders
FEBRUARY 16, 2022
Texas city is all set to sue Meta, the parent company of Facebook(FB) and is thinking of seeking billions of dollars from it as penalty. A lawsuit filed on Monday by the legal representatives of the state claims that the social media giant is misusing its user data for a Facial Recognition(FR) project that clearly violates privacy protections prevailing in the state.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Graham Cluley
FEBRUARY 16, 2022
If you don't understand what they are, don't feel too bad about it. The truth is that many people don't understand what NFTs are. It's not that people are dumb, but rather that they're too intelligent. Because NFTs simply don't make any sense to anyone with more than a peanut for a brain.
Heimadal Security
FEBRUARY 16, 2022
Did you know that in 2021, 64% of companies all over the world have experienced at least one form of cyberattack? And did you know that cyberattacks increased by 50% in 2021 compared to 2020? This does not sound very good, but luckily, business owners now have the means to fight the malicious actors targeting […]. The post Why Cybersecurity Is Important for Companies?
Cisco Security
FEBRUARY 16, 2022
We’ve all heard the phrases: An ounce of prevention is worth a pound of cure; failing to plan is planning to fail. But sometimes even the best plans fall short when attackers come calling on your enterprise. Helmuth von Moltke was famously quoted as saying, “No plan of operations extends with certainty beyond the first encounter with the enemy’s main strength.”.
CSO Magazine
FEBRUARY 16, 2022
There’s an increased push for what is being dubbed the citizen developer , coupled with the desire to empower application development and creation by non-developers. This is typically facilitated using low-code or no-code frameworks. These frameworks and tools allow non-developers to use a GUI to grab and move components to make business logic friendly applications.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
FEBRUARY 16, 2022
Mozilla is warning website developers that the upcoming Firefox 100 and Chrome 100 versions may break websites when parsing user-agent strings containing three-digit version numbers. [.].
Heimadal Security
FEBRUARY 16, 2022
Distributed Denial-of-Service (DDoS) attacks are wreaking havoc on Ukraine’s Ministry of Defense and Armed Forces, as well as two of the country’s state-owned banks, Privatbank (Ukraine’s largest bank) and Oschadbank (the State Savings Bank). What Is a DDoS Attack? As explained by my colleague Elena, DDoS refers to an online attack in which legitimate users […].
We Live Security
FEBRUARY 16, 2022
Progress is a driving force of humanity, but what does that word “progress” really mean and what part do we have to play? The post Folding the impossible into the reality of normal life appeared first on WeLiveSecurity.
Threatpost
FEBRUARY 16, 2022
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
FEBRUARY 16, 2022
Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers. The banks hit by the outage include Royal Bank of Canada (RBC), BMO (Bank of Montreal), Scotiabank, TD Bank Canada, and the Canadian Imperial Bank of Commerce (CIBC). [.].
Security Boulevard
FEBRUARY 16, 2022
Learn about the 10 critical steps to use Microsoft Teams safely while working from home and how Spanning Backup helps protect your Microsoft 365 data. The post 10 Critical Steps to Reduce Risk With Microsoft Teams While Working From Home appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 16, 2022
Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities. [.].
The Hacker News
FEBRUARY 16, 2022
VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition. As of writing, there's no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is as follows –.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
FEBRUARY 16, 2022
A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique. Further, the researcher has released a GitHub tool that can be used by anyone to reconstruct text from obscure, pixelated images. [.].
Security Boulevard
FEBRUARY 16, 2022
In recent years, there has been an exponential increase in high-profile data breaches. As data breaches at corporations, educational institutions, and government agencies continue to grow, so does the need. The post Shortage of Information Security Professionals appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 16, 2022
Microsoft has released a new Windows 11 build with a long list of improvements and fixes for known issues for all Windows Insiders that will install the Windows 11 Insider Preview Build 22557, now available in the Dev Channel. [.].
Security Boulevard
FEBRUARY 16, 2022
Increasingly, when ransomware successfully infiltrates and encrypts a large company’s data, they pay the ransom, which comes as a surprise to many. For instance, when Colonial Pipeline was hit by a ransomware attack in 2021 and shut down operations, the company paid a $4.4 million ransom to recover its business systems. It’s unthinkable that a. The post Ransomware has Pushed Backup to the Breaking Point appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
309 
Let's personalize your content