Thu.May 12, 2022

article thumbnail

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

article thumbnail

GUEST ESSAY: Rising global tensions put us a few lines of code away from a significant cyber event

The Last Watchdog

Reflecting on the threats and targets that we are most concerned with given the Russia-Ukraine war, cybersecurity is now the front line of our country’s wellbeing. Cyber threats endanger businesses and individuals — they can affect supply chains, cause power grid failures, and much more. Related: Reaction to Biden’s cybersecurity order. This growing environment of risks and increasingly aggressive adversaries demand our readiness, yet our national response continues to be largely reactive

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Surveillance by Driverless Car

Schneier on Security

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them.

article thumbnail

How password fatigue can cost organizations time, money and mental energy

Tech Republic Security

On average, companies lose $480 worth of productivity per employee per year due to the time spent dealing with password problems, says Beyond Identity. The post How password fatigue can cost organizations time, money and mental energy appeared first on TechRepublic.

Passwords 165
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

10 reasons why we fall for scams

We Live Security

The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud. The post 10 reasons why we fall for scams appeared first on WeLiveSecurity.

Scams 145
article thumbnail

Ransomware: How executives should prepare given the current threat landscape

Tech Republic Security

As the number of ransomware attacks continue to increase, the response at C-level must be swift and decisive. The post Ransomware: How executives should prepare given the current threat landscape appeared first on TechRepublic.

More Trending

article thumbnail

Virtual credit cards coming to Chrome: What you need to know

Malwarebytes

When you’re buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US, with recently announced plans to offer a virtual credit card service for Chrome.

Banking 144
article thumbnail

Microsoft: May Windows updates cause AD authentication failures

Bleeping Computer

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. [.].

article thumbnail

College closes down after ransomware attack

Malwarebytes

Lincoln College, one of the few rural schools in Illinois, said that it will permanently close on Friday, May 13, after 157 years, partly due to the impacts of the COVID-19 pandemic and partly due to a long recovery after a ransomware attack in December 2021. The institution notified the Illinois Department of Higher Education and Higher Learning Commission and posted a goodbye note on its website. “Lincoln College has survived many difficult and challenging times – the economic crisis of

article thumbnail

Nokia starts a Cybersecurity Testing Lab for 5G Networks

CyberSecurity Insiders

Nokia, once renowned for its amazing mobile phones, has now developed a testing lab completely dedicated to cybersecurity in the United States. The new Dallas, Texas-based Advanced Security Testing and Research (ASTaR) Lab will be fully based on a 5G network and will be useful in putting IoT products based on 5G to test against known and unknown cybersecurity threats.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

The Hacker News

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.

Scams 132
article thumbnail

BPFdoor: Stealthy Linux malware bypasses firewalls for remote access

Bleeping Computer

A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. [.].

Firewall 136
article thumbnail

Hackers Are Going After Managed Security Providers

Heimadal Security

Australia, Canada, New Zealand, the United Kingdom, and the United States are the members of the intelligence partnership known as the “Five Eyes,” sometimes abbreviated as “FVEY.” These nations are signatories to the multilateral UKUSA Agreement, which is a pact for coordinating their efforts in the field of signals intelligence.

article thumbnail

9 questions you should ask about your cloud security

InfoWorld on Security

In order for cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and applications, they need to think like General George S. Patton (or rather like George C. Scott, the actor who won the Best Actor Oscar for his portrayal of the general in the 1970 film Patton ). In an early scene, the camera focuses on a book Patton is reading by German General Erwin Rommel.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Equifax’s Jamil Farshchi: Security shouldn’t be a trade secret

CSO Magazine

Equifax CISO Jamil Farshchi has pulled back the curtains on cybersecurity operations, saying that he believes “transparency to all stakeholders to the deepest degree reasonable” makes for a more secure company. “If we have transparency, it makes sure we’re up to snuff in every facet of our program. It makes sure that no one is looking at a patch log and says ‘It’s no big deal,’ because they know everybody is looking,” he says.

CSO 113
article thumbnail

Nerbian RAT Malware, New Threat on The Market

Heimadal Security

Nerbian RAT, a novel malware variant that comes with a long list of capabilities, including the ability to avoid detection and analysis by security researchers, has been recently spotted. The new remote access trojan is written in the Go programming language, compiled for 64-bit systems, and it’s currently being distributed through a small-scale email distribution […].

Marketing 108
article thumbnail

Smashing Security podcast #274: Hands off my biometrics, and a wormhole squirmish

Graham Cluley

Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole? All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault. And don't miss our featured interview with Artur Kane of GoodAccess.

Internet 114
article thumbnail

South Asian Governments Targeted by Bitter APT Group

Heimadal Security

Bitter, an APT group reportedly engaged in cyber espionage activities, has been observed targeting the Bangladesh government by leveraging new malware that shows remote file execution functionalities. The campaign has been active since at least August 2021 and represents a good example of what the Bitter scope is. Bitter APT Group Campaign: More Details Threat […].

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsegmentation and Zero-Trust Security

Security Boulevard

Zero-trust security is much more than just a buzzword. It is a critical mindset for organizations to consider as they encounter security challenges related to the growing distributed workforce that is accessing corporate assets from anywhere and everywhere and business workloads performed in hybrid environments. To overcome the challenge of securing access to corporate assets.

article thumbnail

Clearview AI banned from selling facial recognition data in the US

Malwarebytes

Clearview AI, a facial recognition software and surveillance company, is permanently banned from selling its faceprint database within the United States. The company also cannot sell its database to state and law enforcement entities in Illinois for five years. This is a historic win for the American Civil Liberties Union (ACLU). This nonprofit organization filed a lawsuit against Clearview in 2020, alleging the company has built its business around secretly taking facial recognition data from p

article thumbnail

Network Footprints of Gamaredon Group

Cisco Security

Below research is reflecting our observations during month of March 2022. We also would like to thank Maria Jose Erquiaga for her contribution in introduction and support during the process of writing. Overview. As the Russian-Ukrainian war continues over conventional warfare, cybersecurity professionals witnessed their domain turning into a real frontier.

Malware 105
article thumbnail

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

Threatpost

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

Malware 115
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Is The Cost Of Predictive Cyber Security Worth The Investment?

Security Boulevard

Is The Cost Of Predictive Cyber Security Worth The Investment? Cybersecurity Events Becoming More Predictable ? With the advancements in cybersecurity science, mathematics and physics, and, of course, a good dose of luck, there is light at the end of the tunnel regarding predictable cybersecurity capabilities. In the early 1990s, the Internet industry needed to move packets as fast as possible because some marketing genius came up with the idea that everyone could have “Unlimited Internet Access

article thumbnail

A year later, Biden’s cybersecurity executive order driving positive change

CSO Magazine

A year ago today, U.S. President Joe Biden released the ambitious Executive Order on Improving the Nation’s Cybersecurity following a series of devastating and destructive cyberattacks. The executive order (EO) triggered an avalanche of rulemakings across the federal government to meet dozens of now mainly achieved deadlines to implement the order's objectives.

article thumbnail

NVIDIA has open-sourced its Linux GPU kernel drivers

Bleeping Computer

NVIDIA has published the source code of its kernel modules for the R515 driver, using a dual licensing model that combines the GPL and MIT licenses, making the modules legally re-distributable. [.].

98
article thumbnail

EU Has Lost the Plot, Will Ban Encryption — Think of the Children

Security Boulevard

The European Union “is failing to protect children.” Something must be done—and, yes, what they’re proposing is indeed something. The post EU Has Lost the Plot, Will Ban Encryption — Think of the Children appeared first on Security Boulevard.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

What Is RMM Software?

Heimadal Security

RMM software (short for Remote Monitoring and Management Software) is a software type used by IT professionals and organizations to remotely manage and monitor networks and endpoints. How Does RMM Software Work? A service provider has to deploy the agent software on the client’s endpoints and servers to be able to connect the RMM software to the […].

article thumbnail

How to Protect Your Web Apps Using Anti-CSRF Tokens?

Security Boulevard

The most common protection methods against Cross-Site Request Forgery (CSRF) attacks are anti-CSRF tokens. A CSRF attack is where unsuspecting authenticated users submit malicious requests unknowingly to the web app. The post How to Protect Your Web Apps Using Anti-CSRF Tokens? appeared first on Indusface. The post How to Protect Your Web Apps Using Anti-CSRF Tokens?

article thumbnail

Black Hat Asia: Firmware Supply-Chain Woes Plague Device Security

Dark Reading

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.

article thumbnail

Why Data Protection is the First Step to Mitigating Insider Risk

Security Boulevard

Much is written about the corporate threat from shadowy remote hackers. A cybercrime economy worth trillions has certainly made this disparate bunch of financially motivated threat actors a major force to be reckoned with. But the biggest risk to corporate data and cybersecurity may in fact be closer to home. The post Why Data Protection is the First Step to Mitigating Insider Risk appeared first on Security Boulevard.

Risk 98
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.