Schneier on Security

DECEMBER 17, 2020

The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update –­ a Trojan horse of sorts ­– that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised. Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies.

Software 351

Software Passwords Cybercrime Government 351

Tech Republic Security

DECEMBER 17, 2020

The COVID-19 crisis enabled scammers to take advantage of the guileless, as bad actors were able to extract personal information from targets, according to a new report from First Orion.

217

217

Schneier on Security

DECEMBER 17, 2020

Sophisticated spyware, sold by surveillance tech companies to Mexican government agencies, are ending up in the hands of drug cartels : As many as 25 private companies — including the Israeli company NSO Group and the Italian firm Hacking Team — have sold surveillance software to Mexican federal and state police forces, but there is little or no regulation of the sector — and no way to control where the spyware ends up, said the officials.

Spyware 317

Spyware Surveillance Government Software 317

Tech Republic Security

DECEMBER 17, 2020

Biases in decision-making can contribute to adverse cybersecurity outcomes. Find out why being empathetic and giving others the benefit of the doubt are key when addressing these biases.

Cybersecurity 188

Cybersecurity 188

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

DECEMBER 17, 2020

FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay, threatening to send individuals to their homes. FBI is warning of a new escalation in the extortion activities of the DoppelPaymer ransomware gang, the operators have been calling victims, threatening to send individuals to their homes if they don’t pay the ransom. According to a private industry notification alert (PIN), sent by the FBI to private organizations, the Bureau is aware of extortion activities that h

Ransomware 138

Ransomware Backups Firmware Accountability 138

Tech Republic Security

DECEMBER 17, 2020

A heatmap shows PHP has the most flaws followed by C++, then Java,Net, JavaScript, and Python in Veracode's annual security report.

213

213

Tech Republic Security

DECEMBER 17, 2020

End users just want to do their job, not become cybersecurity experts. When providing users with cybersecurity help, keep these tips in mind.

Cybersecurity 172

Cybersecurity 172

Dark Reading

DECEMBER 17, 2020

Extended Detection and Response (XDR) could be the security management technology of your dreams.or not. What makes this technical 'evolution' so interesting to so many companies?

Technology 127

Technology 127

Tech Republic Security

DECEMBER 17, 2020

Whether your organization uses the vulnerable SolarWinds software or you want to defend yourself against similar exploits, here are recommendations from four sources.

Software 142

Software 142

Security Affairs

DECEMBER 17, 2020

Avast researchers reported that three million users installed 28 malicious Chrome or Edge extensions that could perform several malicious operations. Avast Threat Intelligence researchers spotted malicious Chrome and Edge browser extensions that were installed by over 3 million users. The extensions were designed to steal user’s data (i.e. birth dates, email addresses, and active devices) and redirect the victims to ads and phishing sites.

Malware 131

Malware Phishing Hacking Information Security 131

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

DECEMBER 17, 2020

Sources said the DoE suffered "damage" in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector.

Hacking 141

Hacking Government Malware 141

Tech Republic Security

DECEMBER 17, 2020

Jack Wallen shows you how easy it can be to encrypt text to be sent via email, using Apple Mail and the GPG Suite.

Encryption 123

Encryption 123

Dark Reading

DECEMBER 17, 2020

Extended Detection and Response (XDR) could be the security management technology of your dreams.or not. What makes this technical 'evolution' so interesting to so many companies?

Technology 106

Technology 106

SecureWorld News

DECEMBER 17, 2020

The University of Texas at San Antonio (USTA) recently launched a $111 million public-private partnership, the Cybersecurity Manufacturing Innovation Institute (CyManII). The institute reached a 5-year agreement with the US Department of Energy for the purpose of leading 59 proposed member institutions that will introduce a cybersecure energy-ROI. The institution will assist American manufacturers and supply chains to " adopt secure, energy-efficient approaches, ultimately securing and sustainin

Manufacturing 108

Manufacturing Cybersecurity Education Technology 108

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

DECEMBER 17, 2020

Plixer's Justin Jett, Compliance & Audit director, discusses how to do more with less when your security resources are thin.

InfoSec 126

InfoSec Education Ransomware 126

Dark Reading

DECEMBER 17, 2020

For those who work in the security industry 2020 has been a particularly challenging year. Chris Price talks to five industry leaders from different perspectives in the sector about how they coped with COVID and asks them to look forward to 2021.

101

101

Threatpost

DECEMBER 17, 2020

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.

120

120

Security Affairs

DECEMBER 17, 2020

On 11 th December 2020, the Observatory for the Protection of the National Strategic Industrial System (OSSISNa) was officially announced. On 11 th December 2020, during the international scientific conference on CBRNe events “SICC 2020”, the Observatory for the Protection of the National Strategic Industrial System (OSSISNa) was officially presented.

Hacking 100

Hacking Technology IoT Information Security 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Digital Shadows

DECEMBER 17, 2020

What happened to Joker’s Stash? In a very recent event, the Blockchain domains of Joker’s Stash, an automated vending cart. The post How Bizarre: Joker's Stash.bazar site allegedly seized by law enforcement first appeared on Digital Shadows.

Cybercrime 98

Cybercrime 98

We Live Security

DECEMBER 17, 2020

ESET researchers have uncovered a supply-chain attack on the website of a government in Southeast Asia. The post Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia appeared first on WeLiveSecurity.

Government 98

Government Malware 98

The State of Security

DECEMBER 17, 2020

Life for university students has changed massively during the coronavirus pandemic, as it has for all of us. While some in-person lectures and seminars are still taking place, there has been a big shift to remote learning. This has, perhaps understandably, led to concerns about how well students are engaging with this way of studying. […]… Read More.

Surveillance 96

Surveillance Software Risk Data privacy 96

Dark Reading

DECEMBER 17, 2020

At least 28 third-party add-ons for top social media sites, including Facebook and Vimeo, redirect users to phishing sites and steal data.

Media 143

Media Phishing 143

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Trend Micro

DECEMBER 17, 2020

We discuss TeamTNT’s latest attack, which involves the use of the group’s own IRC (Internet Relay Chat) bot. The IRC bot is called TNTbotinger and is capable of distributed denial of service (DDoS).

DDOS 90

DDOS Internet Internet Malware 90

Threatpost

DECEMBER 17, 2020

Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers.

IoT 129

IoT Government Malware Hacking 129

Dark Reading

DECEMBER 17, 2020

In addition, 14% of surveyed parents who are working from home say their children have access to their work devices, new data shows.

Accountability 95

Accountability 95

Threatpost

DECEMBER 17, 2020

Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.

Malware 93

Malware 93

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

DECEMBER 17, 2020

Agency says it has "evidence of additional initial access vectors" besides SolarWinds' Orion software.

Software 135

Software 135

Threatpost

DECEMBER 17, 2020

Two malicious software building blocks that could be baked into web applications prey on unsuspecting users.

Malware 111

Malware Software 111

Quick Heal Antivirus

DECEMBER 17, 2020

The end of a year is a time for celebration and hope. As 2020 draws to a close, The post Stay safe from scams disguised in New Year’s Eve! appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Scams 98

Scams Media Cybersecurity 98

Threatpost

DECEMBER 17, 2020

The Zodiac’s serial killer’s 340 cipher, which couldn’t be solved for 50 years, has been cracked by a remote team of mathematicians.

Cybersecurity 94

Cybersecurity 94

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.