Krebs on Security

JUNE 20, 2022

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

Scams 317

Scams Media 317

Schneier on Security

JUNE 20, 2022

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.

Manufacturing 220

Manufacturing Encryption 220

The Last Watchdog

JUNE 20, 2022

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety.

Ransomware 232

Ransomware Marketing Data collection VPN 232

Schneier on Security

JUNE 20, 2022

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.

Manufacturing 182

Manufacturing Encryption 182

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

JUNE 20, 2022

Specialization continues to advance apace in the cybercriminal ecosystem. Related: How cybercriminals leverage digital transformation. Initial access brokers, or IABs , are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered and widely exploited in Windows servers deployed globally in enterprise networks.

Ransomware 227

Ransomware Digital transformation Marketing Software 227

Bleeping Computer

JUNE 20, 2022

This month's Windows Server updates are causing a wide range of issues for administrators, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. [.].

VPN 142

VPN 142

The State of Security

JUNE 20, 2022

In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide range of online platforms. The classic email phishing attack technique has increased slightly, while other […]… Read More.

Phishing 127

Phishing 127

Security Boulevard

JUNE 20, 2022

In Carpenter v. United States, the Supreme Court noted that, in order for law enforcement officials to obtain location data for cell phones, they needed to have a warrant signed by a neutral and detached magistrate, establish probable cause to believe that the location data was relevant to a criminal case and ensure that the. The post Uvalde Shooting Investigation Reveals Major Privacy Violation appeared first on Security Boulevard.

Data privacy 125

Data privacy Mobile Cybersecurity 125

CyberSecurity Insiders

JUNE 20, 2022

In a survey conducted by broadband service provider Konnect, over 4 million people were found hacking neighbors’ Wi-Fi, if there was a down or to avoid paying a fat subscription fee. A study that included a response from about 2000 respondents also confirmed that on average a hacking person was found using the internet of their neighbor without permission for a time frame of 52 days, while over 20 people were found using the connection all year long.

Hacking 124

Hacking Passwords Internet Internet 124

Security Affairs

JUNE 20, 2022

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO think tank Joint Air Power Competence Center in Germany.

Hacking 122

Hacking Accountability Malware Cybersecurity 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JUNE 20, 2022

Google has finally taken a stringent decision against the use of its email and passwords on third-party apps. The internet juggernaut has prompted a password re-entry on apps that are not trusted by its email servers. So, users need to either go for a 2FA on such apps in order to use their Google email address and password on other applications such as Outlook, Thunderbird, and other such email clients.

Passwords 119

Passwords Accountability Authentication Internet 119

Security Boulevard

JUNE 20, 2022

The BlackCat ransomware that caused headaches for over 60 organizations worldwide is now decryptable, thanks to the effort of security researchers. Yes, you read that correctly. The ransomware, first spotted in the wild in October 2019, can now be decrypted […]. The post BlackCat Ransomware That Breached Over 60 Organizations appeared first on WeSecureApp :: Simplifying Enterprise Security!

Ransomware 117

Ransomware Security Awareness Phishing 117

We Live Security

JUNE 20, 2022

How crypto mixers, also known as crypto tumblers, are used to obscure the trail of digital money. The post Crypto mixers: What are they and how are they used? appeared first on WeLiveSecurity.

127

127

Naked Security

JUNE 20, 2022

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples.

Scams 138

Scams Social Engineering Engineering 138

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

JUNE 20, 2022

Graham Cluley Security News is sponsored this week by the folks at SolCyber. Thanks to the great team there for their support! If the bad guys aren’t discriminating who they are attacking, how can your business settle for anything less than Fortune 500 level security? SolCyber has brought to market a new way to consume … Continue reading "How to get Fortune 500 cybersecurity without the hefty price tag".

Cybersecurity 112

Cybersecurity Marketing 112

Heimadal Security

JUNE 20, 2022

A new DeadBolt ransomware campaign has been brought to the attention of individuals and enterprises who use network-attached storage (NAS) machines manufactured by QNAP Systems, which is located in Taiwan. As HELPNETSECURITY explained, there also seems to be a fresh ech0raix/QNAPCrypt campaign that is now running; however, QNAP has not yet commented on this matter. […].

Ransomware 109

Ransomware Manufacturing Cybersecurity 109

Security Affairs

JUNE 20, 2022

Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The vulnerability, tracked as CVE-2022-22620 , was fixed for the first time in 2013, but in 2016 experts discovered a way to bypass the fix. “Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the ro

Hacking 106

Hacking Software Cybersecurity Data breaches 106

The State of Security

JUNE 20, 2022

According to IBM’s Cost of a Data Breach report In 2021, data breach costs rose from $3.86 million to $4.24 million, exhibiting the highest average total cost in the 17-year history of their report. A new report from the Department for Culture, Media, and Sport (DCMS) has revealed that data breaches have become more costly […]… Read More.

Data breaches 105

Data breaches Media 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JUNE 20, 2022

Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box.

Cybersecurity 105

Cybersecurity 105

Security Boulevard

JUNE 20, 2022

Specialization continues to advance apace in the cybercriminal ecosystem. Related: How cybercriminals leverage digital transformation. Initial access brokers, or IABs , are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered … (more…). The post RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague appeared first on Security Boulevard.

Digital transformation 104

Digital transformation Ransomware Security Awareness 104

Malwarebytes

JUNE 20, 2022

This blog post was authored by Jérôme Segura. We have seen and heard less buzz about ‘Magecart’ during the past several months. While some marketing playbooks continue to rehash the same breaches of yesteryear, we have been wondering if some changes took place in the threat landscape. One thing we know is that if the Magecart threat actors decided to switch their operations exclusively server-side then the majority of companies, including ours, would lose visibility overnight.

VPN 103

VPN Marketing Phishing Hacking 103

CSO Magazine

JUNE 20, 2022

MongoDB CISO Lena Smart wants to make a good impression on prospective employees. So she’s attentive to what goes into the ads she posts when seeking to hire. “I think people forget that these are the first introductions that many candidates have to their companies, and first impressions matter,” she says. That may matter more today than ever before, given how much movement there is in the labor market overall and, more specifically, how fierce competition is for cybersecurity talent.

CISO 103

CISO Marketing Cybersecurity 103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JUNE 20, 2022

A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. [.].

Healthcare 100

Healthcare Manufacturing Phishing Software 100

Malwarebytes

JUNE 20, 2022

Going on vacation has never been more talked about and anticipated. I mean—for many of us, it’s been a while. But before you get lost in dreamy thoughts of sun, sea, and sand, you might want to set aside some time to plan on how to keep your devices, and your data, safe while you are relaxing. Your devices need some prepping, too. Before anything else, know which devices you’ll bring and which ones you’ll leave at home.

Internet 99

Internet Internet VPN Scams 99

The Security Ledger

JUNE 20, 2022

Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixGill talks to host Paul Roberts about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities. The post Episode 239: Power shifts from Russia to China in the Cyber Underground appeared first on The. Read the whole entry. » Click the icon below to listen.

Cyber Risk 98

Cyber Risk Government Healthcare Hacking 98

Security Boulevard

JUNE 20, 2022

In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide range of online platforms. The classic email phishing attack technique has increased slightly, while other […]… Read More.

Phishing 98

Phishing 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JUNE 20, 2022

A new Windows NTLM relay attack called DFSCoerce has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain. [.].

99

99

Malwarebytes

JUNE 20, 2022

Digital currency fraud is a growing issue on social media, and LinkedIn is no different. In fact, according to according to Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento, California, field offices, cryptocurrency scams are big business on LinkedIn. “It’s a significant threat. This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims.” How cryptocurrency scams work on LinkedIn.

Scams 98

Scams Cryptocurrency Accountability Media 98

Heimadal Security

JUNE 20, 2022

COPENHAGEN, June 20th, 2022 – Heimdal™ Security (HEIMDAL) announced a new addition to its executive team. Following a period of significant growth, the company has landed Mark Wrighton as Chief Revenue Officer. Mark will lead the sales, success, and support teams to foster deeper relationships with customers, as Heimdal™ continues its upmarket trajectory.

98

98

Security Boulevard

JUNE 20, 2022

Every industry is on high alert when it comes to cyberattacks, and rightly so. A cyberattack can halt business, add unexpected costs to mitigate, damage a company’s reputation and more. Cybercriminals can take many forms: They may steal your credentials; they may pilfer personally identifiable information, or they will cut to the chase and directly threaten.

Security Awareness 98

Security Awareness Cybersecurity 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.