Tue.Oct 12, 2021

article thumbnail

Airline Passenger Mistakes Vintage Camera for a Bomb

Schneier on Security

I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday. American Airlines Flight 4817 from Indianapolis — operated by Republic Airways — made an emergency landing at LaGuardia just after 3 p.m., and authorities took a suspicious passen

322
322
article thumbnail

Patch Tuesday, October 2021 Edition

Krebs on Security

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What it costs to hire a hacker on the Dark Web

Tech Republic Security

Though the final price for a cybercriminal's services is usually negotiated, personal attacks are the most expensive, says Comparitech.

217
217
article thumbnail

Microsoft thwarts record?breaking DDoS attack

We Live Security

The attack, which clocked in at 2.4 Tbps, targeted one of Azure customers based in Europe. The post Microsoft thwarts record‑breaking DDoS attack appeared first on WeLiveSecurity.

DDOS 144
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Top 5 tips for remote security

Tech Republic Security

With more workers at home than ever before, security has become an even bigger concern. Tom Merritt shows us how to be extra safe.

163
163
article thumbnail

October is high season for cyberattacks, InfoSec Institute study shows

CSO Magazine

There has been an exponential increase in cyberattacks around the globe in the last five years and a major chunk of it happened in October each year, according to a study by InfoSec Institute. A similar offensive appears to be building up this month, judging from the study's projections for an "October surprise" as well as observations of cyberattacks that have occurred so far.

InfoSec 144

More Trending

article thumbnail

Edge computing: The architecture of the future

CSO Magazine

To fully digitize the last mile of business, you need to distribute compute power where it's needed most -- right next to IoT devices that collect data from the real world.

article thumbnail

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

Threatpost

The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a "great" flaw that can be used for jailbreaks and local privilege escalation.

Mobile 135
article thumbnail

Study reveals Android phones constantly snoop on their users

Bleeping Computer

A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. [.].

Mobile 145
article thumbnail

US businesses lost $21 billion to ransomware attacks

CyberSecurity Insiders

US businesses reportedly lost $21 billion in a series of ransomware attacks propelled downtime that took place last year. And the results were released by a survey carried out by research firm Comparitech. After analyzing information from several resources such as data breach reports, IT news bits, and some reporting tools by states, researchers from Comparitech said that the figures were meager estimate and the actual loss could be far high from what was being estimated.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Cyberattack shuts down Ecuador's largest bank, Banco Pichincha

Bleeping Computer

Ecuador's largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. [.].

Banking 139
article thumbnail

Get lifetime access to 9 courses to help you pass the most popular CompTIA exams

Tech Republic Security

You can develop the skills to qualify you for a variety of tech careers all online and on your own schedule.

145
145
article thumbnail

Photo editor Android app STILL sitting on Google Play store is malware

Bleeping Computer

An Android app sitting on the Google Play store touts itself to be a photo editor app. But, it contains code that steals the user's Facebook credentials to potentially run ad campaigns on the user's behalf, with their payment information. The app has scored over 5K installs, with similar spyware apps having 500K+ installs. [.].

Spyware 134
article thumbnail

Remote security: 5 tips

Tech Republic Security

Tom Merritt shows us how to be extra safe while more workers than ever before are working from their home offices.

142
142
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Microsoft: Azure customer hit by record DDoS attack in August

Bleeping Computer

Microsoft has mitigated a record 2.4 Tbps (terabytes per second) Distributed Denial-of-Service (DDoS) attack targeting an European Azure customer during the last week of August. [.].

DDOS 136
article thumbnail

The different types of sudo and su in Linux

Tech Republic Security

Jack Wallen demystifies these two Linux admin tools because knowing which sudo or su command to run is important.

140
140
article thumbnail

To Transform or Not to Transform: That is the Question

Cisco Security

Claudius. Iago. Richard III. Epic villains who used malicious, deceitful acts to cause pain and destruction in Shakespeare’s greatest dramatic plays. Cybersecurity threat actors are no different. Through malware, phishing, and other exploitive activities, these villains take advantage of vulnerabilities and seek to cause harm. And it’s no secret that the shift to hybrid work has emboldened and provided new opportunities for these cybersecurity threat actors.

article thumbnail

Microsoft mitigated a record 2.4 Tbps DDoS attack in August

Security Affairs

Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represents the largest DDoS attack recorded to date. The attack was aimed at an Azure customer in Europe, but Microsoft did not disclose the name of the victim.

DDOS 120
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Securing the edge: 4 trends to watch

CSO Magazine

The COVID-19 pandemic and the disruption to workplace and operational environments that it triggered have accentuated and, in some cases, exacerbated some of the security concerns around edge computing. Edge computing is a model where organizations, instead of relying solely on centralized datacenters, distribute processing and storage capacities closer to where the data is generated—IoT devices for instance—and to the users and applications consuming the data. [ Learn 5 best practices for edge

CSO 117
article thumbnail

Non-Human Identities Sprawl Challenges Security

Security Boulevard

Move over, humans. With the rise of non-human identities, you may no longer be the weakest link when it comes to security. As the workforce is increasingly augmented by robotic process automation (RPA) in the form of software bots, physical robots and IoT systems, a Forrester report noted that “when the digital identities of non-human. The post Non-Human Identities Sprawl Challenges Security appeared first on Security Boulevard.

IoT 118
article thumbnail

Hacker steals and wipes off patient data

CyberSecurity Insiders

For the first time in the history of 2020-21, a hacker reportedly stole patient data and then wiped it off from the database of a hospital in New Mexico. In what is known to our Cybersecurity Insiders, the IT network that was compromised belonged to the San Juan Regional Medical Center that was in Farmington and the breach took place at the same time last year leaking data such as patient names, DoBs, Social Security Numbers, Driving License Numbers, Passport Info, Financial Account Numbers, Hea

article thumbnail

Patching Process Remains a Security Bottleneck

Security Boulevard

Patching continues to be overly complex, cumbersome and time-consuming, trends that are likely to persist as remote work increases the complexity and scale of patch management. And that’s a major security risk. This was the central conclusion drawn from an Ivanti survey of more than 500 enterprise IT and security professionals across North America and.

Risk 116
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Chinese hackers use Windows zero-day to attack defense, IT firms

Bleeping Computer

A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT). [.].

Hacking 122
article thumbnail

Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’

Security Boulevard

The former chief software officer for the US Air Force, Nicolas Chaillan, says the U.S. is falling far behind China in cybersecurity. The post Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’ appeared first on Security Boulevard.

Software 111
article thumbnail

Olympus US systems hit by cyberattack over the weekend

Bleeping Computer

Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada and Latin America) following a cyberattack that hit its network Sunday, on October 10, 2021. [.].

article thumbnail

Protecting OT Networks from Cyber Attacks

Security Boulevard

Heavy industrial firms provide crucial infrastructure for the global economy, whether they create or transmit power or extract or refine oil, gas, or minerals. As a result, cyber-criminals find them appealing targets. By 2018, approximately 60% of firms polled had experienced a compromise in their industrial control (ICS) or supervisory control and data acquisition (SCADA) technologies.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Google creates a Cybersecurity Action Team

CyberSecurity Insiders

Google seems to have taken a pledge to safeguard the security and digital transformation of governments, critical infrastructure managing companies and enterprises-large and small by creating a new cybersecurity advisory team. Dubbed as Google Cybersecurity Action Team, the aim of such a team is to play an active role in offering advisory, support related to trust and compliance, draft solutions that are related to security of customer and engineering and start threat intelligence against cyber

article thumbnail

BrandPost: How to Defend Against at Least 77% of ATT&CK (Sub)-techniques

CSO Magazine

The Center for Internet Security (CIS) Community Defense Model (CDM) v2.0 can be used to design, prioritize, implement, and improve an enterprise’s cybersecurity program. Enterprises naturally want to know how effective the CIS Critical Security Controls (CIS Controls) are against the most prevalent types of attacks. The CDM was created to help answer that and other questions about the value of the Controls based on currently available threat data from industry reports.

Internet 105
article thumbnail

Russia launches some devastating ransomware attacks

CyberSecurity Insiders

Lindy Cameron, the head of the National Cyber Security Centre (NCSC) has openly announced that Russia launches devastating ransomware attacks on its critical infrastructure. The lady also expressed her anguish on how the Putin led government was showing a deaf ear against their repeated complaints n reminders on how hackers from Russian country were launching cyber warfare across the globe on a digital note.

article thumbnail

Inside Apple: How macOS attacks are evolving

Malwarebytes

The start of fall 2021 saw the fourth Objective by the Sea (OBTS) security conference, which is the only security conference to focus exclusively on Apple’s ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security conference for so long, were primed and ready to share all kinds of good information.

Malware 100
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.