Schneier on Security

JANUARY 28, 2022

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices. “To understa

Telecommunications 316

Telecommunications Government 316

Krebs on Security

JANUARY 28, 2022

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.

Ransomware 255

Ransomware Accountability Cybercrime Malware 255

Tech Republic Security

JANUARY 28, 2022

The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.

160

160

Joseph Steinberg

JANUARY 28, 2022

Top cybersecurity influencer, Joseph Steinberg, was recently interviewed by Bob Geller, President of Fusion PR, as part of the latter’s series of monthly interviews of influential people in the world of public relations. Throughout their conversation, the two business leaders discussed both the state of the cybersecurity space, as well as how cybersecurity technology companies can stand out in a crowded market.

Technology 130

Technology Artificial Intelligence Cybersecurity Marketing 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JANUARY 28, 2022

Today, the world is more connected than ever before. As a result, the rate at which data is being produced is growing exponentially every year. While many organizations have prioritized managing and securing this data, the topic of data privacy has also come into question particularly given the rise of connected devices and AI surveillance features.

Data privacy 141

Data privacy Surveillance Data collection 141

CyberSecurity Insiders

JANUARY 28, 2022

The 5G technology appears to be perfect from a distance, with its grand claims of fostering efficient interconnectivity and speedy data transfers between people, objects, and devices. From this claim alone, everything seems too good to be true. Despite the massive inclination that we might have to believe these claims, we must scrutinize the legitimacy of the claims being made by 5G providers and get to the reality of the situation to maintain a robust cybersecurity landscape for the long run.

IoT 131

IoT Technology Mobile Software 131

eSecurity Planet

JANUARY 28, 2022

Microsoft in November fended off a massive distributed denial-of-service (DDoS) attack in its Azure cloud that officials said was the largest ever recorded, the latest in a wave of record attacks that washed over the IT industry in the second half of 2021. The enterprise software and cloud giant said in a blog post this week that during the last six months of the year, there was a 40 percent increase in the number of DDoS attacks worldwide over the first half of 2021, with an average of 1,955 at

DDOS 126

DDOS IoT Engineering DNS 126

Security Boulevard

JANUARY 28, 2022

Cryptocurrency scammers love social media—especially Meta’s platforms. Hundreds of millions of dollars were scammed from U.S. consumers in 2021. The post Fake Cash Scams Thrive on Facebook and Insta—FTC appeared first on Security Boulevard.

Scams 127

Scams Cryptocurrency Media Social Engineering 127

CyberSecurity Insiders

JANUARY 28, 2022

The technological revolution of agriculture is here. Particularly in the context of climate change and a growing global population , the role of emerging technology in the farming industry will be critical to the success and thriving of future generations. In fact, when looking at the numbers, the importance of smart technology in agriculture becomes abundantly clear.

Technology 125

Technology Wireless Manufacturing IoT 125

Bleeping Computer

JANUARY 28, 2022

Exploit broker Zerodium has announced a pay jump to 400,000 for zero-day vulnerabilities that allow remote code execution (RCE) in Microsoft Outlook email client. [.].

127

127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JANUARY 28, 2022

As cybersecurity professionals, it’s critical to stay on top of potential cyberthreats that your organization may face to better prepare and build a proactive defense. Cybercrime in 2021 highlighted new trends with threats and breaches that have escalated the need…. The post 2022 Cybersecurity Predictions appeared first on LogRhythm. The post 2022 Cybersecurity Predictions appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity Cybercrime Network Security 119

CyberSecurity Insiders

JANUARY 28, 2022

For many businesses, penetration testing is an important part of their security protocol. In order to build a reputation and gain their customer’s trust, they need to ensure that they are secure against any risks that the digital realm may pose. However, penetration testing can be costly and difficult to find the right service for your needs.

Penetration Testing 114

Penetration Testing Data breaches Social Engineering Security Awareness 114

Security Boulevard

JANUARY 28, 2022

On January 26th, the US Government issued a memorandum, relating to the adoption of zero trust security practices. The memo can be viewed here. What are the main points and how will it shine a light on the role of identity and access management? Page 2 of the document, immediately sets the scene with “significant […]. The post The Cyber Hut Comment: Moving the U.S.

Government 115

Government Cybersecurity 115

Acunetix

JANUARY 28, 2022

The White House is following up with a new cybersecurity directive to further improve the security posture for federal agencies. The memo strongly encourages the adoption of zero trust architecture as a way to ensure that, in the process of securing their software landscape, federal. Read more. The post Zero trust countdown: New OMB memo stresses urgency for modern AppSec appeared first on Acunetix.

Architecture 113

Architecture Software Cybersecurity 113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JANUARY 28, 2022

Data has become a valuable possession since the boom of technology for the past decade. Massive amounts of data are stored every day in every sector for various reasons. Though. The post 10 Important Data Privacy Questions You Should be Asking Now appeared first on Indusface. The post 10 Important Data Privacy Questions You Should be Asking Now appeared first on Security Boulevard.

Data privacy 109

Data privacy Technology 109

The Hacker News

JANUARY 28, 2022

The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives.

Malware 109

Malware Hacking 109

CompTIA on Cybersecurity

JANUARY 28, 2022

Many IT professionals often start their career bright-eyed and bushy-tailed, however high pressure aspects can cause stress. Here are five common mental health stressors that IT professionals face and proactive, healthy strategies to address them.

107

107

CyberSecurity Insiders

JANUARY 28, 2022

Health care data has become a focus for many recent cybersecurity efforts. The medical industry has become a favorite target of cybercriminals, with one in five Americans having their information exposed in a breach. Regulations like HIPAA require medical organizations to protect patient data, but they often don’t specify how. It’s up to the covered entities themselves to determine what specific protections can help them achieve these ends.

Penetration Testing 105

Penetration Testing Encryption Social Engineering Phishing 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JANUARY 28, 2022

Apple's updates this week included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.

Technology 110

Technology 110

SecureBlitz

JANUARY 28, 2022

For this Lookout app review, we will be looking at what it is and how it works. We will also be reviewing, its apps, features, customer support and pricing. Furthermore, we will identify its pros and cons and finally ratings. The Lookout application is not new to the security and privacy market so this might. The post Unbiased Lookout App Review 2022 [Reliable Mobile Security] appeared first on SecureBlitz Cybersecurity.

Mobile 106

Mobile Marketing Cybersecurity 106

Threatpost

JANUARY 28, 2022

The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.

Malware 104

Malware Engineering Phishing Hacking 104

Security Boulevard

JANUARY 28, 2022

Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community ICQ UINs: 999008. 9773639. 974763. 97254007. 95211861. 92754913. 914506. 89531566. 8923240. 86958674. 802820. 7777

Cybercrime 103

Cybercrime Cyber threats Cyber Attacks 103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

JANUARY 28, 2022

Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool.

Phishing 102

Phishing Authentication Accountability 102

Bleeping Computer

JANUARY 28, 2022

The European Systemic Risk Board (ESRB) proposed a new systemic cyber incident coordination framework that would allow EU relevant authorities to better coordinate when having to respond to major cross-border cyber incidents impacting the Union's financial sector. [.].

Risk 101

Risk 101

Security Boulevard

JANUARY 28, 2022

In my years as a security analyst I have worked with many clients who were in very dire straits. A website compromise is never a pleasant experience but there are a number of cases that stick out in my mind as particularly memorable: The ecommerce website owner whose business was on the brink of disaster after having to pay thousands of dollars in fines to Visa due to the presence of a credit card skimmer.

eCommerce 98

eCommerce Education Network Security 98

Bleeping Computer

JANUARY 28, 2022

The Federal Communications Commission (FCC) has revoked China Unicom Americas' license, one of the world's largest mobile service providers, over "serious national security concerns." [.].

Risk 99

Risk Mobile 99

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JANUARY 28, 2022

Our sincere thanks to Security BSides Dublin for publishing their tremendous videos from the Security BSides Dublin 2021 Conference on the organization’s YouTube channel. Additionally, the Security BSides Dublin organization has slated their eponymous Security BSides Dublin 2022 confab at the The Convention Centre Dublin ( CCD ) on 2022/03/19. Just a month and a half away.

Education 98

Education InfoSec Information Security Cybersecurity 98

Bleeping Computer

JANUARY 28, 2022

Threat analysts have observed a new campaign named 'OiVaVoii', targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts. [.].

Accountability 99

Accountability Phishing 99

Security Boulevard

JANUARY 28, 2022

Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community IM screen names: aim:goim?

Cybercrime 98

Cybercrime Cyber threats Cyber Attacks 98

Bleeping Computer

JANUARY 28, 2022

Finland's National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats. [.].

Phishing 98

Phishing Accountability 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.