Krebs on Security
JUNE 25, 2021
Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device. One of many similar complaints on Western Digital’s user forum.
Schneier on Security
JUNE 25, 2021
News from Georgetown’s Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI system had successfully defeated human pilots during simulated dogfights. According to the Global Times report , the system had shot down several PLA pilots during a handful of virtual exercises in recent years.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JUNE 25, 2021
Mercedes-Benz USA has just disclosed a data breach impacting under 1,000 customers and potential buyers that exposed their credit card information, social security numbers, and driver license numbers. [.].
Graham Cluley
JUNE 25, 2021
Storage drive maker Western Digital is telling owners of its WD My Book Live device to disconnect it from the internet, after reports that some have had their data erased by malicious software. Read more in my article on the Tripwire State of Security blog.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JUNE 25, 2021
Windows 11 requires a TPM security processor to install or upgrade to Windows 11. Unfortunately, there has been a lot of confusion about what type of TPM you need and why you need it in the first place. [.].
Hot for Security
JUNE 25, 2021
The Western District of Washington has sentenced a Ukrainian man to seven years in prison for his role in a hacking gang that are estimated to have caused more than one billion dollars worth of damage. 33-year-old Andrii Kolpakov worked for the FIN7 gang (also sometimes known as Carbanak, Navigator Group, or Anunak) which made its fortune targeting retailers, restaurants, and gambling firms in more than 40 countries around the world, stealing tens of millions of payment card details at thousands
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
PCI perspectives
JUNE 25, 2021
PCI DSS requirements may apply to work-from-home (WFH) environments in different ways, depending on the entity’s business and security needs and how they have configured their infrastructure to support personnel working from home. Additionally, the job functions an individual is performing may also affect how PCI DSS applies—for example, whether an individual requires access to payment card account data or to the entity’s CDE, and the type of access required.
SC Magazine
JUNE 25, 2021
A young woman plays on the Electronic Arts (EA) newest product “Sims2 – Nightlife” at a Computer Gaming Convention on August 18, 2005 in Leipzig, Germany. (Photo by Andreas Rentz/Getty Images). Malicious hackers are increasingly mobbing the video game industry, with major companies suffering data breaches, having their source code sold or leaked online and games serving as playgrounds to push malware or mine cryptocurrencies.
The Hacker News
JUNE 25, 2021
A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits.
Security Boulevard
JUNE 25, 2021
There is a wide ecosystem of open source software, and distributing it has always been a challenge. There is often a central location or index where a publisher or an individual can put their software for others to access it. Finding and consuming it, though, is another matter—where do you look for new software? In. The post Open Source Package Management: Balancing Power and Security appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
JUNE 25, 2021
In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.
CyberSecurity Insiders
JUNE 25, 2021
As we close out #RansomwareWeek here on the (ISC)² blog, a timely piece of news comes from The National Institute of Standards and Technology (NIST) in the form of new draft guidance for organizations concerning ransomware attacks, according to reporting by Infosecurity Magazine. As the body responsible for one of the most revered standards frameworks in the world, NIST’s entry into the discussion is remarkable.
Security Boulevard
JUNE 25, 2021
The REvil ransomware gang continues its destructive trek around the globe, routing out and exploiting vulnerabilities at (often) high-profile targets. One of their latest victims is nearly 50-year-old UK clothing retailer French Connection whose in-your-face moniker, FCUK, raised the brand’s visibility in the 2000s. Exploiting a vulnerability in French Connection’s back-end systems that control company.
Tech Republic Security
JUNE 25, 2021
Cybercrime gangs are finding it harder to recruit partners for the affiliate programs that power ransomware attacks.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
JUNE 25, 2021
The document says less about the search for life in the universe, and more about our current cultural climate and distrust of expertise.
Tech Republic Security
JUNE 25, 2021
If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.
Bleeping Computer
JUNE 25, 2021
It has been relatively quiet this week, with few attacks revealed and few new ransomware variants released. However, some interesting information came out that we have summarized below. [.].
Security Affairs
JUNE 25, 2021
Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote attackers to execute arbitrary commands. Fortinet has recently addressed a high-severity vulnerability ( CVE-2021-22123 ) affecting its FortiWeb web application firewall (WAF), a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server configuration page.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JUNE 25, 2021
Because tech vendors have turned to over-the-air updates – the idea is to not give their customers any excuses for not keeping firmware current – Eclypsium’s discovery of a chain of four vulnerabilities in the BIOSConnect feature within Dell Client BIOS all the more alarming. The flaws, which affect 129 models of Dell laptops, desktops. The post Dell BIOSConnect Flaws Show Over-the-Air Risks appeared first on Security Boulevard.
SC Magazine
JUNE 25, 2021
A patient receives an eye exam at a free health clinic. A ransomware attack on an Iowa-based eye clinic earlier this year led to the access and possible theft of data belonging to 500,000 patients.(Photo by John Moore/Getty Images). A ransomware attack on Iowa-based Wolfe Eye Clinic earlier this year led to the access and possible theft of data belonging to 500,000 patients.
InfoWorld on Security
JUNE 25, 2021
As a cloud architect, I am amazed that cloud security is still so hard. We’ve had identity access management (IAM) for more than a decade. Now we have deep encryption services, key management, and most recently, zero trust and secure access service edge (SASE). Note that zero trust and SASE are terms defined by Forrester Research and Gartner, respectively, and not by groups of security solutions providers.
SC Magazine
JUNE 25, 2021
U.S. Attorney for the Western District of Pennsylvania Scott Brady announces warrants for the arrests of hackers associated with cybercriminal group Evil Corp. on December 5, 2019. (Photo by Samuel Corum/Getty Images). The emergence of Grief, a new ransomware program with a possible connection to a U.S. government-sanctioned cybercriminal outfit, raises an interesting question: If you make a ransom payment to an unknown adversary that only later is confirmed to be a cyber terrorist group, can yo
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
JUNE 25, 2021
A Ukrainian national and a mid-?level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33, was arrested in Spain on June 28, 2018, and subsequently extradited to the U.S.
Webroot
JUNE 25, 2021
For many U.S. workers the switch to remote work is a permanent one. That means more high-stakes work is being conducted on self-configured home networks. For others, home networks are simply hosting more devices as smart doorbells, thermostats and refrigerators now connect to the internet. Security experts warn that while the internet of things (IoT) isn’t inherently a bad thing, it does present concerns that must be considered.
The Hacker News
JUNE 25, 2021
Google's sweeping proposals to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years.
Threatpost
JUNE 25, 2021
For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Hot for Security
JUNE 25, 2021
Social media feels like the natural evolution of technology, like something that would have happened no matter what. But there’s a difference between what we would want and what we actually have. It’s too late now to re-model social media, so we have to learn to live with what we have and make better choices from here on out. That’s why the Social Media Day we celebrate on June 30 is a reason to be thankful and wary at the same time.
Threatpost
JUNE 25, 2021
Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network.
Heimadal Security
JUNE 25, 2021
Secure email gateways and security software are becoming more and more advanced in an attempt to adapt to the ever-changing phishing campaigns and for this reason, the threat actors are resorting to more unusual file formats when trying to bypass detection, therefore phishing scams made the switch to more unusual attachments like ISO or TAR […].
Herjavec Group
JUNE 25, 2021
Our Founder and CEO, Robert Herjavec, spoke with MediaPlanet to contribute to Innovating Canada’s Business Resilience Campaign. Read the full interview to learn about Robert’s insights on the importance of cyber resilience and how the cybersecurity landscape has changed over the past year. What business priorities have the unprecedented disruptions caused by the pandemic brought to the forefront?
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
290 
Let's personalize your content