Joseph Steinberg

JANUARY 26, 2022

The FBI recently warned the public that many people are still falling prey to a Google Voice scam that the FTC warned about months ago. Here is what you need to know to keep yourself safe: What is the common Google Voice scam about which the FBI warned? The particular Google Voice scam that is presently wreaking havoc involves a fraudster contacting a would-be victim – for our case let’s assume that they are targeting you – perhaps in response to a post that you made offering something for sale

Scams 313

Scams Authentication Accountability Artificial Intelligence 313

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a screen stating, “WARNING: Your files have been locked by DeadBolt”… […].

Ransomware 217

Ransomware Firewall Encryption Internet 217

Tech Republic Security

JANUARY 26, 2022

Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.

Phishing 174

Phishing 174

Graham Cluley

JANUARY 26, 2022

Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.

Hacking 141

Hacking 141

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 26, 2022

Since the start of the pandemic, some 83% of those polled by Anomali have seen an increase in attempted cyberattacks, while most have witnessed a rise in phishing emails.

Phishing 143

Phishing 143

CyberSecurity Insiders

JANUARY 26, 2022

Tesla company owner Elon Musk announced last year that his SpaceX Starlink internet service will reach to the remote places on continents like Africa and Asia providing connectivity to the people in rural areas who lack at least the basic communication services. China is all set to follow the same path as it has applied for a license to access spectrum for a ‘national network of satellites’ dubbed “Mega Constellation” in 2020.

Internet 134

Internet Internet Mobile Cybersecurity 134

Appknox

JANUARY 26, 2022

In the world of heinous and sophisticated crimes, cryptography is the next-gen solution needed to resolve the concern. Whitebox cryptography combines encryption and obfuscation methods to embed secret keys in application code. The aim is to combine code and key in such a way that an attacker cannot distinguish between the two and the new "white-box" program can be safely executed in an insecure environment.

Encryption 119

Encryption Engineering 119

Cisco Security

JANUARY 26, 2022

Artificial Intelligence (AI) is increasingly part of our everyday lives, and this transformation requires a thoughtful approach to innovation. Cisco is committed to delivering technologies and services by managing AI development in a way that augments our security, data privacy, and human rights focus – fostering a more inclusive future for all. Today, I am proud to announce Cisco’s Responsible AI initiative, a governance framework that guides internal development and provides a vital communicat

Technology 119

Technology Artificial Intelligence Government Data privacy 119

Heimadal Security

JANUARY 26, 2022

QNAP Systems, Inc. is a Taiwanese company that specializes in network-attached storage equipment for applications such as file sharing, virtualization, storage management, and surveillance. What Happened? The DeadBolt ransomware organization is encrypting QNAP NAS systems all around the globe, claiming that they are exploiting a zero-day vulnerability in the device’s firmware to do so.

Ransomware 121

Ransomware Firmware Surveillance Encryption 121

Malwarebytes

JANUARY 26, 2022

Microsoft is warning Office 365 users to watch out for a phishy emails asking you to install an app called Upgrade. The app requests multiple permissions which could cause problems on a network if granted: Creating inbox rules Read and write emails and calendar items Read contacts. This is only the beginning of a potentially very nasty scaling of the security ladders.

Phishing 117

Phishing Security Intelligence Scams Passwords 117

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JANUARY 26, 2022

Merck, the Pharma giant from New Jersey, has won a legal battle with its insurer for covering costs related to the NotPetya ransomware attack that crippled its computer networks to the core incurring losses in millions. Moving ahead into the details, the year 2017 witnessed many companies falling prey to NotPetya ransomware hackers. A Russian funded hacking group was behind the spread that initially targeted companies operating in Ukraine, but soon distributed it to global networks, causing bill

Ransomware 112

Ransomware Insurance Cyber Insurance Hacking 112

Heimadal Security

JANUARY 26, 2022

The National Cyber Security Centre (NCSC) is a government organization in the United Kingdom that advises and supports the public and private sectors on how to prevent computer security threats. Its headquarters are in London, and it began operating in October 2016. The agency is now announcing the release of NMAP Scripting Engine scripts to […].

Engineering 113

Engineering Government Cybersecurity 113

Identity IQ

JANUARY 26, 2022

How Do You Avoid Tax Scams? IdentityIQ. Tax season is here, and it’s essential to watch out for common tax scams. The IRS reports that in the last nine years tax scams have cost victims more than $23 million. Here are two scams to be aware of and a few tips for how you can help avoid them. Phone Scams. A phone scam is a common tax scam where someone calls and claims to be from the IRS.

Scams 105

Scams Identity Theft Phishing Accountability 105

CyberSecurity Insiders

JANUARY 26, 2022

A distributed denial of service attack, fondly known as DDoS, has reportedly hit North Korea in early hours of Wednesday, bringing down whole of the connectivity to a near halt. South Korea launched the attack in retaliation for the Kim Jong Un’s fifth missile test conducted a few days ago. “Nearly all the web and email services in the said nation were shut down by the deluge of web traffic that hit the servers all at once,” said Mr.

Cyber Attacks 103

Cyber Attacks DDOS Internet Internet 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Webroot

JANUARY 26, 2022

Phishing attacks sustain historic highs. In their latest report, IDG and the pros behind Carbonite + Webroot spoke with 300 global IT professionals to learn the current state of phishing. We learned that 93% of IT executives are still concerned about phishing – and it’s no wonder, as companies averaged 28 attacks each over the previous 12 months. Luckily, the report details how to fight back.

Phishing 103

Phishing DNS Backups Security Awareness 103

CSO Magazine

JANUARY 26, 2022

Data residency laws require that companies operating in a country keep data about its citizens on servers located in that country. For companies that have customers or employees in multiple countries, the regulatory requirements can be onerous and difficult to keep up with.

101

101

Cisco Security

JANUARY 26, 2022

It’s been more than 3 years since the EU’s General Data Protection Regulation (GDPR) went into effect, and over two-thirds of the world’s countries have now enacted privacy laws. The ongoing COVID-19 pandemic has presented challenges in keeping personal data safe, and most have reaffirmed their commitment to privacy’s requirements and principles. Even more importantly, customer requirements and business value have driven organizations to ensure data is well protected as privacy has become missio

Data privacy 101

Data privacy Artificial Intelligence Government Accountability 101

Malwarebytes

JANUARY 26, 2022

Four Attorneys General (AG) from the District of Columbia and the states of Indiana, Texas, and Washington have filed separate lawsuits agains Google for allegedly misleading its users into believing that they are no longer tracking their location when they deliberately pause the “Location History” setting on mobile devices. All four AG’s allege that users are still being tracked by Google without them knowing unless they also turn off the settings in the Web & App Activity

Accountability 100

Accountability Surveillance Mobile Advertising 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JANUARY 26, 2022

The BfV German domestic intelligence services (short for Bun­des­amt für Ver­fas­sungs­schutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group. [.].

Hacking 98

Hacking 98

Digital Guardian

JANUARY 26, 2022

A new survey suggests there's been an uptick in ransomware groups reaching out to employees in hopes they can help them carry out attacks against their company.

Ransomware 104

Ransomware 104

Dark Reading

JANUARY 26, 2022

"BotenaGo" contains exploits for more than 30 vulnerabilities in multiple vendor products and is being used to spread Mirai botnet malware, security vendor says.

Malware 104

Malware IoT Risk 104

eSecurity Planet

JANUARY 26, 2022

Virtual Private Networks (VPNs) provide secure access to business files for remote workers , making them a crucial part of an enterprise’s technology stack. But they need the right protocols to run properly. A VPN protocol creates the tunnels that your traffic travels through when you use a VPN to keep your communications private. WireGuard and OpenVPN are two popular open-source VPN protocols that businesses and users can choose from when they sign up for a VPN service.

VPN 98

VPN Mobile Wireless Marketing 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

We Live Security

JANUARY 26, 2022

Should you beware of wearables? Here’s what you should know about the potential security and privacy risks of your smartwatch or fitness tracker. The post Every breath you take, every move you make: Do fitness trackers pose privacy risks? appeared first on WeLiveSecurity.

Risk 98

Risk Internet Internet 98

Bleeping Computer

JANUARY 26, 2022

Let's Encrypt will begin revoking certain SSL/TLS certificates issued within the last 90 days starting January 28, 2022. The move could impact millions of active Let's Encrypt certificates. [.].

Encryption 98

Encryption 98

Security Boulevard

JANUARY 26, 2022

Situation. Due to the ongoing degradation in Ukrainian and Russian relations, today, intelligence agencies from major NATO member nations have issued a warning against imminent nation state cyber threats from Russia. For example, the US Department of Homeland Security issued a warning of an 'imminent cyber threat' against both American companies and government agencies.

Cyber threats 98

Cyber threats Government 98

Bleeping Computer

JANUARY 26, 2022

QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain. [.].

Ransomware 98

Ransomware Encryption Internet Internet 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JANUARY 26, 2022

Note: This OSINT analysis has been originally published at my current employer's Web site - [link] where I'm currently acting as a DNS Threat Researcher since January, 2021. Dear blog readers, I've decided to share a recently obtained portfolio of personal emails belonging to the "Jabber ZeuS" also known as "Aqua ZeuS" gang members with the idea to assist everyone on their way to track down and monitor the botnet masters behind the botnet including to assist in possible cyber attack campaign

DNS 98

DNS Cyber threats Cyber Attacks Cybercrime 98

Bleeping Computer

JANUARY 26, 2022

Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs. [.].

Hacking 98

Hacking 98

Security Boulevard

JANUARY 26, 2022

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® ! Permalink. The post Joy Of Tech® ‘James Webb Is Deployed!’ appeared first on Security Boulevard.

98

98

The Hacker News

JANUARY 26, 2022

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers.

Cybercrime 98

Cybercrime 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.