Krebs on Security

MARCH 17, 2023

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “ Pompompurin ” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums , a remarkably similar crime forum that the FBI infiltrated and dismantled in 20

Data breaches 356

Data breaches Cybercrime Insurance Internet 356

Troy Hunt

MARCH 17, 2023

Why can't I audio right? It's my 339th video and I still make mistakes 🙂 But it came good and we got a decent show out of it with lots of interesting engagement even though doing this a lot later in the day than usual. I found the discussion around IoT door locks especially interesting as it's a real nexus of security, usability and a bit of critical thinking about real world risks.

IoT 54

IoT Financial Services Data breaches Risk 54

Tech Republic Security

MARCH 17, 2023

Some 12% of employees take customer details, health records, sales contracts and other confidential data when leaving a company, according to DTEX. The post How to prevent data theft by existing and departing employees appeared first on TechRepublic.

Risk 190

Risk Cybersecurity 190

Graham Cluley

MARCH 17, 2023

Well, this isn’t good. Google has issued a warning that some Android phones can be hacked remotely, without the intended victim having to click on anything.

Hacking 145

Hacking 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

MARCH 17, 2023

Whether you have one year or ten years of IT experience, you'll have an edge when applying to the best cybersecurity positions by preparing for certifications with this e-learning bundle. The post Turbocharge your IT career with cybersecurity training for just $50 appeared first on TechRepublic.

Cybersecurity 36

Cybersecurity 36

CyberSecurity Insiders

MARCH 17, 2023

After Rubrik, Hitachi Energy issued a public statement that some of its customer accounts might have been compromised, after a ransomware attack took place on a third-party software called Fortra GoAnywhere MFT. Clop ransomware gang is the company that managed to infiltrate the servers and siphon data and a portion of employee data might have been compromised.

Software 136

Software Ransomware Data breaches Financial Services 136

Security Boulevard

MARCH 17, 2023

Federal Communications Commission rules to block illegal text messages. What took you so long? The post FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work? appeared first on Security Boulevard.

Scams 131

Scams Social Engineering IoT Engineering 131

Bleeping Computer

MARCH 17, 2023

Microsoft is working on a non-custodial built-in Ethereum crypto wallet for Microsoft Edge to allow users to send and receive cryptocurrency and NFTs. [.

Cryptocurrency 133

Cryptocurrency 133

Dark Reading

MARCH 17, 2023

DDoS cyberattack campaigns from the pro-Russian group have spiked significantly.

DDOS 126

DDOS Healthcare 126

Bleeping Computer

MARCH 17, 2023

The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen. [.

Data breaches 125

Data breaches 125

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

MARCH 17, 2023

A common misconception of small business owners is that they can fly under the radar when it comes to ransomware, social engineering, and other cyberattacks. But it turns out that the opposite is true. The post The Small Business Fallacy – Why You Need Cybersecurity and Insurance More Than Ever appeared first on Security Boulevard.

Small Business 122

Small Business Insurance Social Engineering Cybersecurity 122

eSecurity Planet

MARCH 17, 2023

Whether you’re operating a global enterprise network or a small family business, your network’s security needs to be optimized with tools, teams, and processes to protect customer data and valuable business assets. Network security is an umbrella term for all facets of your network’s cybersecurity posture, with an emphasis on developing and using policies, procedures, best practices and tools that safeguard every piece of your network’s overall infrastructure.

Network Security 121

Network Security Penetration Testing Firewall Software 121

We Live Security

MARCH 17, 2023

How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends – and at your expense The post SVB’s collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity

Banking 120

Banking Scams 120

IT Security Guru

MARCH 17, 2023

When you think of cybersecurity threats, what comes to mind? If you pictured faceless criminals (or a team of them) in a dimly-lit headquarters working tirelessly to steal your most precious digital assets, you’re not alone. Yet, cybercrime doesn’t always look like a scene from a Hollywood movie. Sometimes, cyber threats are closer to home, making them all the more surprising (and frustrating) for many organizations.

Risk 117

Risk Phishing Threat Detection Cybercrime 117

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

MARCH 17, 2023

Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. [.

Data breaches 117

Data breaches Ransomware 117

Security Boulevard

MARCH 17, 2023

Unlock the power of Cybersecurity Mesh Architecture (CSMA) to enhance SaaS security. Discover how it can improve compliance and protect your organization. The post Using a Cybersecurity Mesh Architecture (CSMA) for SaaS Secu appeared first on Security Boulevard.

Architecture 115

Architecture Cybersecurity 115

CSO Magazine

MARCH 17, 2023

Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released. One vulnerability affects all supported versions of Outlook for Windows and allows attackers to steal Net-NTLMv2 hashes and then use them in NTLM (New Technology LAN Manager) relay attacks against other systems.

Technology 114

Technology Internet Internet 114

The Hacker News

MARCH 17, 2023

U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill.

Hacking 112

Hacking 112

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Graham Cluley

MARCH 17, 2023

Security researchers have released a new decryption tool which should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free. Read more in my article on the Tripwire State of Security blog.

Ransomware 111

Ransomware Encryption Malware 111

Security Boulevard

MARCH 17, 2023

If a new survey from API and application protection vendor ThreatX is accurate, a majority of U.S. consumers are less likely to work with a company following a data breach. At least, they claim that they are. The ThreatX survey highlighted consumers’ evolving attitudes toward data breach concerns and their purported willingness to pay more. The post Will Consumers Punish Vendors That Suffer a Data Breach?

Data breaches 111

Data breaches Data privacy Risk Government 111

The Hacker News

MARCH 17, 2023

An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said.

Malware 111

Malware Phishing Cybersecurity 111

Dark Reading

MARCH 17, 2023

Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim.

108

108

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Naked Security

MARCH 17, 2023

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Mobile 108

Mobile 108

Bleeping Computer

MARCH 17, 2023

Ukraine's cyberpolice has arrested the developer of a remote access trojan (RAT) malware that infected over 10,000 computers while posing as game applications. [.

Malware 107

Malware 107

The Hacker News

MARCH 17, 2023

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.

Ransomware 107

Ransomware Government Cybersecurity 107

Heimadal Security

MARCH 17, 2023

In operation since 2020, the Makop ransomware gang is classified as a tier-B ransomware gang. The threat actor has successfully targeted companies in Europe and Italy with its hybrid arsenal of custom-developed and off-the-shelf software tools despite its low classification. The Makop ransomware operators started their criminal business back in 2020, leveraging a new variant […] The post Makop Ransomware: The Arsenal of Cybercriminals Becomes Known appeared first on Heimdal Security Blog.

Ransomware 105

Ransomware Software Cybersecurity 105

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Trend Micro

MARCH 17, 2023

Contestants gather at Pwn2Own Vancouver to showcase their skills and uncover vulnerabilities

Cyber threats 101

Cyber threats IoT Ransomware 101

Heimadal Security

MARCH 17, 2023

Stack smashing is a type of vulnerability that can lead to serious security breaches. This vulnerability occurs when a hacker exploits a flaw in a program’s memory allocation, causing the program to crash or execute arbitrary code. In this article, we will explore what stack smashing is, how it works, and what you can do […] The post What Is Stack Smashing?

105

105

We Live Security

MARCH 17, 2023

Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse The post Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Banking 99

Banking 99

The Hacker News

MARCH 17, 2023

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks.

DDOS 99

DDOS Malware 99

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!