Schneier on Security

AUGUST 12, 2022

Twitter accidentally exposed the personal information—including phone numbers and email addresses—for 5.4 million accounts. And someone was trying to sell this information. In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted em

Accountability 237

Accountability Government Risk 237

Troy Hunt

AUGUST 12, 2022

It was all a bit last minute today after travel, office works and then a quick rebuild of desk and PC before doing this livestream (didn't even have time to comb my hair!) So yes, I took a shortcut with the description of this video, but it all worked out well in the end IMHO with plenty of content that wasn't entirely data breach related, but yeah, that does seem to be a bit of a recurring theme in these vids.

Data breaches 224

Data breaches Passwords 224

Schneier on Security

AUGUST 12, 2022

My personal definition of a brilliant idea is one that is immediately obvious once it’s explained, but no one has thought of it before. I can’t believe that no one has described this taxonomy of access control before Ittay Eyal laid it out in this paper. The paper is about cryptocurrency wallet design, but the ideas are more general. Ittay points out that a key—or an account, or anything similar—can be in one of four states: safe Only the user has access, loss No one has

Cryptocurrency 240

Cryptocurrency Accountability Passwords Hacking 240

Tech Republic Security

AUGUST 12, 2022

Though the number of breaches reported in the first half of 2022 were lower than those for the same period in 2021, Flashpoint expects the final numbers to be similar. The post Almost 2,000 data breaches reported for the first half of 2022 appeared first on TechRepublic.

Data breaches 147

Data breaches Cybersecurity 147

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Heimadal Security

AUGUST 12, 2022

There are concerns that patient data may have been the target of a ransomware attack on a software supplier that affected the NHS throughout the UK. The UK business Advanced, which was the target of the attack last week, announced that it was cooperating with law enforcement in the wake of the event, including the […]. The post UK NHS Hit with Ransomware Attack appeared first on Heimdal Security Blog.

Ransomware 117

Ransomware Software Cybersecurity 117

Tech Republic Security

AUGUST 12, 2022

Security professionals need penetration testing tools to understand the security posture of every software environment. Check out our list of the best penetration testing tools in 2022. The post Best penetration testing tools: 2022 buyer’s guide appeared first on TechRepublic.

Penetration Testing 147

Penetration Testing Software 147

Tech Republic Security

AUGUST 12, 2022

Intel introduced at Black Hat USA, a Tunable Replica Circuit to help protect against certain types of physical fault injection attacks without requiring any interaction with the computer owner. The post Intel increases its arsenal against physical hardware attacks appeared first on TechRepublic.

Cybersecurity 143

Cybersecurity 143

The State of Security

AUGUST 12, 2022

Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday. The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack. Read more in my article on the Tripwire State of Security blog.

Ransomware 107

Ransomware Retail 107

Security Boulevard

AUGUST 12, 2022

Cisco got hacked by a ransomware gang—a broker for the UNC2447 threat actor, which has “a nexus to Russia.”. The post Cisco Pwned by ‘Russian’ Gang — Data Leaked, Egg on Face appeared first on Security Boulevard.

Ransomware 105

Ransomware Hacking Social Engineering VPN 105

We Live Security

AUGUST 12, 2022

Our Security evangelist's take on this first day of Black Hat 2022, where cyberdefense was on every mind. The post Black Hat 2022‑ Cyberdefense in a global threats era appeared first on WeLiveSecurity.

102

102

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureBlitz

AUGUST 12, 2022

In the modern world of e-commerce, there are a huge number of different online platforms for every taste. But if. Read more. The post What is Magento? Everything You Need To Know appeared first on SecureBlitz Cybersecurity.

Cybersecurity 99

Cybersecurity 99

Dark Reading

AUGUST 12, 2022

Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.

99

99

Bleeping Computer

AUGUST 12, 2022

ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a "customer" spotted a vulnerability. [.].

Hacking 99

Hacking 99

The Hacker News

AUGUST 12, 2022

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature.

Firmware 98

Firmware 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

AUGUST 12, 2022

Some signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) used by Windows could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads. [.].

Firmware 98

Firmware 98

Malwarebytes

AUGUST 12, 2022

A group of security researchers have discovered a series of vulnerabilities in Electron, the software underlying popular apps like Discord, Microsoft Teams, and many others, used by tens of millions of people all over the world. Electron is a framework that allows developers to create desktop applications using the languages used to build websites: HTML5, CSS, and JavaScript.

Computers and Electronics 98

Computers and Electronics Software Media Engineering 98

Security Boulevard

AUGUST 12, 2022

Cowbell Cyber this week allied with Swiss Re to provide cybersecurity insurance to organizations with up to $750 million in revenue that deploy applications on the Amazon Web Services (AWS) cloud. The two companies have also integrated the risk assessment tools created by Cowbell and risk monitoring technology developed by Swiss Re. Cowbell’s Cowbell Factors.

Insurance 98

Insurance Risk Technology Cybersecurity 98

Security Affairs

AUGUST 12, 2022

Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide. Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries.

Authentication 98

Authentication Small Business Hacking Engineering 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

AUGUST 12, 2022

The UK feeling pained following a ransomware attack on the NHS, 18 tech & cyber companies launch new security standard for sharing cybersecurity information. The post Cybersecurity News Round-Up: Week of August 8, 2022 appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Ransomware 98

Digital Guardian

AUGUST 12, 2022

Twitter’s latest security incident, ransomware gangs, and state-sponsored hackers have taken over the news this past week. Catch up on all the latest with this week’s Friday Five!

Ransomware 96

Ransomware 96

Security Boulevard

AUGUST 12, 2022

Amazon is rolling out its Amazon One payment service to 65 Whole Foods stores in California. The service uses high-tech checkout devices that allow customers to pay simply by scanning their palms. Customers sign up for Amazon One by registering their palmprint with a connected credit card and phone number at special kiosks in participating stores. Once registered, customers can pay for their groceries by hovering their bare hand above the checkout device.

Network Security 98

Network Security 98

Bleeping Computer

AUGUST 12, 2022

Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems. [.].

Malware 96

Malware Marketing 96

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

AUGUST 12, 2022

The growing threat landscape has made organizations rethink the way they handle business processes like onboarding and offboarding. These processes can& be tedious and time-consuming for an enterprise – and the risk is real. Insider threats from disgruntled departing employees are more than an IT issue. They're a business issue. And enterprise leaders see the importance of cybersecurity in situations like.

Risk 98

Risk Cybersecurity 98

Bleeping Computer

AUGUST 12, 2022

Security analysts have found weaknesses in the implementation of the trusted execution environment (TEE) in MediaTek-powered Xiaomi smartphones, which could enable third-party unprivileged apps to disable the payment system or forge payments. [.].

Mobile 96

Mobile 96

Security Boulevard

AUGUST 12, 2022

Insight #1. "Penetration testing and vulnerability scanning are two different things. Penetration testing will give you information about exploiting vulnerabilities whereas a vulnerability scan will just provide you with potential avenues for exploitation. These two should be used in tandem as one of the many tools in your security toolbox to find and fix true positive vulnerabilities.". .

CISO 97

CISO Penetration Testing Cybersecurity Risk 97

The Hacker News

AUGUST 12, 2022

Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices.

Mobile 96

Mobile 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

AUGUST 12, 2022

A range of factors, driven in part by the COVID-19 pandemic, accelerated by the work-from-home (WFH) trend and exacerbated by the Russia-Ukraine conflict, has caused midmarket organizations to grapple with a high number of cyberattacks that put every organization at great risk. As a result, a greater number of IT professionals are apprehensive as the.

Risk 97

Risk Insurance Security Awareness Mobile 97

Security Affairs

AUGUST 12, 2022

The U.S. State Department announced a $10 million reward for information related to five individuals associated with the Conti ransomware gang. The U.S. State Department announced a $10 million reward for information on five prominent members of the Conti ransomware gang. The government will also reward people that will provide details about Conti and its affiliated groups TrickBot and Wizard Spider.

Ransomware 96

Ransomware Government Hacking Information Security 96

Security Boulevard

AUGUST 12, 2022

If you leave cybersecurity responsibilities only to the security team, your organization is setting itself up for a major cybersecurity incident. Security teams are already battling conditions that leave them ripe for burnout. But when non-security staff isn’t held responsible for keeping up with even the most minor security steps, it opens the door for.

Cybersecurity 97

Cybersecurity Security Awareness 97

The Hacker News

AUGUST 12, 2022

Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services.

Encryption 94

Encryption Backups Media 94

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.