Schneier on Security

AUGUST 27, 2021

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked.

Mobile 330

Mobile Hacking Data breaches 330

Tech Republic Security

AUGUST 27, 2021

According to a ransomware report, the average ransom payment in the first half of 2021 jumped to $570,000. Learn more in TechRepublic's Karen Roby interview with writer Lance Whitney.

Ransomware 184

Ransomware 184

Bleeping Computer

AUGUST 27, 2021

Today, T-Mobile's CEO Mike Sievert said that the hacker behind the carrier's latest massive data breach brute forced his way through T-Mobile's network after gaining access to testing environments. [.].

Mobile 145

Mobile Data breaches 145

Tech Republic Security

AUGUST 27, 2021

Five malicious Docker container images were recently detected on Docker Hub, totaling more than 120,000 pulls.

217

217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

AUGUST 27, 2021

It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity.

Data breaches 145

Data breaches Cybersecurity 145

Tech Republic Security

AUGUST 27, 2021

On Thursday, the company sent warnings to "thousands" of its cloud computing customers, explaining that "intruders" could have access to Microsoft Azure's Cosmos DB databases, according to Reuters.

148

148

Bleeping Computer

AUGUST 27, 2021

Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service (DDoS) attacks. [.].

DDOS 132

DDOS Malware 132

Tech Republic Security

AUGUST 27, 2021

A new analysis shows that infosec analysts, sysadmins and network architects will see the most growth over the next decade.

InfoSec 147

InfoSec 147

eSecurity Planet

AUGUST 27, 2021

The COVID pandemic has highlighted the challenges of ensuring security across an expanding enterprise network forced to support more and more remote workers , an ever-increasing diversity of devices, and frequent mobility. Praveen Jain, founder and CEO of cloud networking startup WiteSand, spoke with eSecurity Planet about the challenges of maximizing security in today’s environment, the value of a zero trust model – and three key questions to address to make sure you’re on the right

Network Security 130

Network Security IoT Authentication Mobile 130

Elie

AUGUST 27, 2021

In this UX research we identify the key cybersecurity challenges faced by political campaigns as they face increasing threats from well-funded, sophisticated attackers, especially nation-states.

Cybersecurity 118

Cybersecurity 118

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

AUGUST 27, 2021

Cyberattacks caused by supply chain vulnerabilities mean organizations need a renewed perspective on how to address third-party security. In a developing market, third-party risk management (TPRM) software and tools could be the answer to helping organizations fill the gap. Also known as vendor risk management (VRM), TPRM goes beyond the general risk management and governance, risk, and compliance (GRC) solutions by specializing in the onboarding, risk assessment, and due diligence for organizat

Risk 129

Risk Marketing Software Cybersecurity 129

We Live Security

AUGUST 27, 2021

ESET research discovers SideWalk backdoor – Why data breach costs have never been higher – 620,000 personal pictures stolen from iCloud accounts. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Data breaches 122

Data breaches Accountability 122

Security Affairs

AUGUST 27, 2021

Microsoft has fixed a critical flaw in Cosmos DB that allowed any Azure user to remotely take over other users’ databases without any authorization. Researchers from Cloud security company Wiz disclosed technical details of a now-fixed Azure Cosmos database vulnerability, dubbed ChaosDB , that could have been potentially exploited by attackers to gain full admin access to other customers’ database instances without any authorization.

Accountability 119

Accountability Firewall Hacking Risk 119

Cisco Security

AUGUST 27, 2021

Securing today’s dynamic enterprise applications requires deep visibility, automated recommendations, and efficiency at scale. With hybrid and multi-cloud adoption, traditional network-based security ran into limitations in mitigating modern day threats. As organizations move their applications and workloads to the cloud, the complexity of their environment increases.

Firewall 119

Firewall Encryption Risk 119

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

AUGUST 27, 2021

Microsoft has applied a compatibility hold on systems running older versions of CryptoPro CSP, blocking them from being offered or installing Windows 10, version 2004 or later. [.].

118

118

The Hacker News

AUGUST 27, 2021

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S.

Cybersecurity 129

Cybersecurity Government Risk 129

Bleeping Computer

AUGUST 27, 2021

Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization. [.].

115

115

Security Affairs

AUGUST 27, 2021

Ragnarok ransomware operators are ceasing their operations and released the master key that can allow their victims to decrypt files for free. The Ragnarok ransomware group has been active since at least January 2020 and hit dozens of organizations worldwide. The news was reported by Bleeping Computer that also noticed that ransomware operators have replaced all the victims on their leak site, leaving only the instruction on how to decrypt files along with a link to an archive containing the mas

Ransomware 114

Ransomware Hacking Cybercrime Information Security 114

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

AUGUST 27, 2021

Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service (DDoS) attacks. [.].

DDOS 112

DDOS Malware 112

Malwarebytes

AUGUST 27, 2021

The Microsoft 365 Defender Threat Intelligence Team posted an article stating that they have been tracking a widespread credential phishing campaign using open redirector links. Open redirects have been part of the phisher’s arsenal for a long time and it is a proven method to trick victims into clicking a malicious link. What are open redirects? The Mitre definition for “open redirect” specifies: “An http parameter may contain a URL value and could cause the web application to redirect the requ

Phishing 112

Phishing Password Management Passwords Social Engineering 112

Bleeping Computer

AUGUST 27, 2021

The Boston Public Library (BPL) has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. [.].

120

120

Threatpost

AUGUST 27, 2021

The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims’ files on its dark web portal.

Ransomware 122

Ransomware Malware 122

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Digital Guardian

AUGUST 27, 2021

Tech companies pledge billions to bolster security, a ransomware group shuts down, and the top data breach culprits - catch up on the infosec news of the week with the Friday Five!

InfoSec 105

InfoSec Data breaches Ransomware 105

Tech Republic Security

AUGUST 27, 2021

Learn how Android users can protect themselves against such malicious apps.

Social Engineering 148

Social Engineering Engineering Accountability 148

Heimadal Security

AUGUST 27, 2021

Yesterday, all the organizations that had their files encrypted with Ragnarok ransomware received some good news! It seems that the threat actor decided to abandon its operations and also made public the master key that will decrypt its victims’ files. Why Did the Ragnarok Ransomware Group Discontinue Operations? The reason why the gang shutdown is […].

Ransomware 104

Ransomware Encryption Cybersecurity 104

SiteLock

AUGUST 27, 2021

What if your website account has been suspended and your website is offline displaying a message that says “Please contact your hosting provider for details.” Panic sets in, what does this mean? Why is this happening? How do I get the website back online? These questions and more begin to race through your mind. Let’s start with what this means. Your website account has been suspended, which means the hosting provider has temporarily taken it offline.

Malware 105

Malware Accountability Firewall Phishing 105

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

AUGUST 27, 2021

IT and security management solutions provider Kaseya has recently released security patches to tackle server-side Kaseya Unitrends zero-day bugs discovered by cybersecurity specialists at the Dutch Institute for Vulnerability Disclosure (DIVD). The two weaknesses included an authenticated remote code execution bug on the server and a privilege escalation vulnerability from read-only user to admin on […].

Authentication 105

Authentication Cybersecurity 105

SiteLock

AUGUST 27, 2021

What is a chatbot? Put in simple words, a chatbot is a software solution that uses machine learning to have a conversation (or chat as it is called) with another user online. You’ve likely seen these when you visit a website for a bank, or credit card company, a car sales website, or even a software business. A few seconds after you land on the page, or sometimes upon arrival, a pop-up will appear that says something like “Hi, how can I help you?

Risk 105

Risk Authentication Passwords DDOS 105

Bleeping Computer

AUGUST 27, 2021

Microsoft announced today that after investigating other potentially compatible processors for Windows 11, they only found one 7th generation Intel CPU to be compatible, and no first generation AMD Zen CPUs. [.].

104

104

Security Boulevard

AUGUST 27, 2021

Make sure you know how to address these 4 common eCommerce problems around security, shipping, returns, and shifting customer bases because there’s plenty of competition to step up if you fumble. The post 4 New Solutions for 4 Well-Known eCommerce Problems appeared first on Security Boulevard.

eCommerce 105

eCommerce 105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.