Sun.May 15, 2022

article thumbnail

College Closing Another Sad Milestone for Ransomware Impact

Lohrman on Security

Lincoln College in Illinois announced they were closing their doors as a result of COVID-19 and cyber attack disruptions. Who’s next?

article thumbnail

How to spot the signs of a virtual kidnap scam

Malwarebytes

Threats and bluster play a key role in most online attacks: Ransomware has its ransom note; trolls threaten to ramp up the pressure; tech support scammers insist your PC needs urgent assistance. Some take it a step further, leaning in with a more direct approach, ranging from death threats to sextortion, and even kidnap claims. These tactics have been around for a very long time.

Scams 122
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Four ways to combat the cybersecurity skills gap

Acunetix

The lack of cybersecurity talent is nothing new. It’s a problem that all businesses have been facing for several years and it’s getting worse. There have been many proposals on how to narrow the gap, but so far all efforts have been futile. Let’s have. Read more. The post Four ways to combat the cybersecurity skills gap appeared first on Acunetix.

article thumbnail

Four ways to combat the cybersecurity skills gap

Security Boulevard

The lack of cybersecurity talent is nothing new. It’s a problem that all businesses have been facing for several years and it’s getting worse. There have been many proposals on how to narrow the gap, but so far all efforts have been futile. Let’s have. Read more. The post Four ways to combat the cybersecurity skills gap appeared first on Acunetix. The post Four ways to combat the cybersecurity skills gap appeared first on Security Boulevard.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Russia launched multiple cyber attacks on Eurovision Song Contest

CyberSecurity Insiders

Eurovision Song Contest has experienced multiple numbers of cyber threats from Russian Federation and the reason is that Ukraine had fair enough of chances to win the competition through Kalush Orchestra. Killnet hacking group that is being funded by Kremlin was assigned the duty to disrupt the servers of Eurovision to block Ukraine winning all the accolades.

article thumbnail

College Closing Another Sad Milestone for Ransomware Impact

Security Boulevard

Lincoln College in Illinois announced they were closing their doors as a result of COVID-19 and cyber attack disruptions. Who’s next? The post College Closing Another Sad Milestone for Ransomware Impact appeared first on Security Boulevard.

More Trending

article thumbnail

Hackers are exploiting critical bug in Zyxel firewalls and VPNs

Bleeping Computer

Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. [.].

Firewall 100
article thumbnail

Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers

The Hacker News

A 28-year-old Ukrainian national has been sentenced to four years in prison for siphoning thousands of server login credentials and selling them on the dark web for monetary gain as part of a credential theft scheme. Glib Oleksandr Ivanov-Tolpintsev, who pleaded guilty to his offenses earlier this February, was arrested in Poland in October 2020, before being extradited to the U.S.

Hacking 97
article thumbnail

Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT

Security Affairs

Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign conducted by Armageddon APT using GammaLoad.PS1_v2 malware. Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign using messages with subject “On revenge in Kherson!” and containing the “Plan Kherson.htm” attachment. The HTM-file will decode and create an archive named “Herson.rar”, which contains a file-shortcut named “Plan of approach and planting

article thumbnail

Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity

The Hacker News

The European Parliament announced a "provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called "NIS2" (short for network and information systems), is expected to replace the existing legislation on cybersecurity that was established in July 2016.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

May 08 – May 14 Ukraine – Russia the silent cyber conflict

Security Affairs

This post provides a timeline of the events related to Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing Russia invasion that occurred in the previous weeks: May 14 – The LEGION collective calls to action to attack the final of the Eurovision song contest. The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest.

DDOS 94
article thumbnail

Windows admins frustrated by Quick Assist moving to Microsoft Store

Bleeping Computer

Windows admins have been expressing their dismay at Microsoft's decision to move the Quick Assist remote assistance tool to the Microsoft Store. [.].

100
100
article thumbnail

10 Reasons Why Project Management Is Vital To Organizations

SecureBlitz

In this post, I will show you 10 reasons why project management is vital to organizations. You’re missing out on chances for exponential growth and optimized efficiency if you don’t have active protocols for project management. Project management is the secret sauce of successful businesses that continuously excel and stay afloat. If you have yet. The post 10 Reasons Why Project Management Is Vital To Organizations appeared first on SecureBlitz Cybersecurity.

article thumbnail

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

Microsoft reported that the Sysrv botnet is targeting Windows and Linux servers exploiting flaws in the Spring Framework and WordPress. Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. Threat actors use the botnet in a cryptomining campaign targeting Windows and Linux servers.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The Future of Cybersecurity for Automotive OEMs

SecureWorld News

It is safe to assume that the automotive OEMs don't enjoy being regulated. And yet, regulation is a fact of life for the folks in the car business, and that's the reason every OEM needs to pay careful attention to a document titled ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering (August 2021). ISO/SAE 21434 specifies the practices that safeguard against design, development, production, operation, maintenance, and decommissioning risks in the electrical and electronic systems of road vehi

article thumbnail

Fake Pixelmon NFT site infects you with password-stealing malware

Bleeping Computer

A fake Pixelmon NFT site entices fans with free tokens and collectibles while infecting them with malware that steals their cryptocurrency wallets. [.].

Malware 96
article thumbnail

Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

Security Affairs

Researchers from threat intelligence firm Cyble analyzed the Eternity Project Tor website which offers any kind of malicious code. Researchers at cybersecurity firm Cyble analyzed a Tor website named named ‘Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The experts discovered the marketplace during a routine investigation, they also discovered that its operators also have a Telegram channel with around 500 subscribers

article thumbnail

Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?

Naked Security

A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.

83
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Security Affairs newsletter Round 365 by Pierluigi Paganini

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. The LEGION collective calls to action to attack the final of the Eurovision song contest OpRussia update: Anonymous breached other organizations Pro-Russian hacktivists target Italy government websites SonicWall urges customers to fix SMA 1000 vulnerab

Hacking 74
article thumbnail

Kali Linux 2022.2 Release (GNOME 42, KDE 5.24 & hollywood-activate)

Kali Linux

It’s that time of year again, time for another Kali Linux release! Quarter #2 - Kali Linux 2022.2. This release has various impressive updates, all of which are ready for immediate download or updating. The summary of the changelog since the 2022.1 release from February 2022 is: GNOME 42 - Major release update of the popular desktop environment KDE Plasma 5.24 - Version bump with a more polished experience Multiple desktop enhancements - Disabled motherboard beep on Xfce, alternative panel

article thumbnail

MSSP’s Mitigation Responsibilities Against Ransomware

Security Boulevard

The threat of ransomware is real and growing. To protect your organization, it’s essential to partner with a Managed Security Service Provider (MSSP) that can help you mitigate the risk. Because there are new ransomware variants and attacks every day, […]. The post MSSP’s Mitigation Responsibilities Against Ransomware appeared first on WeSecureApp :: Simplifying Enterprise Security!

article thumbnail

FBI Warrantless Searches, Passwordless Sign-Ins, Keylogging Web Forms

Security Boulevard

The FBI searched emails, texts and other electronic communications of 3.4 million U.S. residents without a warrant, Apple, Google, and Microsoft have announced they will support a new passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium, and details about how some websites are keylogging your data as you type […].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Google announces new security and privacy improvements at Google I/O

Security Boulevard

Last week, Google held its annual developer conference, Google I/O , and discussed new products and services that they plan to rollout. These range from new features on YouTube, Google Meet, advances in AI technology used in Google Maps, and the world’s largest, publicly available machine learning hub. For a full rundown of the improvements and features announced, check out Google’s recap of the keynote address delivered by Google and Alphabet CEO Sundar Pichai at the event.

article thumbnail

Security BSides Sofia 2022 – Svetlomir Balevski’s ‘Application Security Into DevOps’

Security Boulevard

Our thanks to Security BSides Sofia for publishing their Presenter’s Security BSides Sofia 2022 superb security videos on the organization’s’ YouTube channel. Permalink. The post Security BSides Sofia 2022 – Svetlomir Balevski’s ‘Application Security Into DevOps’ appeared first on Security Boulevard.

article thumbnail

Security BSides Sofia 2022 – Stoyan Kolev’s, Lyubomir Vanyov’s And Vladimir Dimitrov’s ‘Vulnerabiltiy Full Disclosure’

Security Boulevard

Our thanks to Security BSides Sofia for publishing their Presenter’s Security BSides Sofia 2022 superb security videos on the organization’s’ YouTube channel. Permalink. The post Security BSides Sofia 2022 – Stoyan Kolev’s, Lyubomir Vanyov’s And Vladimir Dimitrov’s ‘Vulnerabiltiy Full Disclosure’ appeared first on Security Boulevard.

article thumbnail

Escaping Groundhog Day

Security Boulevard

Before digging into this post, I need to set some context. Friday, May 13, 2022 was my last day at my, now, former employer of nearly seven years. I’m not mentioning the company name1 because this post is not about them2. This post is about burnout and the importance of continuous monitoring and maintenance of. Continue reading ?. The post Escaping Groundhog Day appeared first on Security Boulevard.

52
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

CommitStrip ‘Your Smart Home’s Achilles’ Heel’

Security Boulevard

via the textual amusements of Thomas Gx , along with the Illustration talents of Etienne Issartia and superb translation skillset of Mark Nightingale - the creators of CommitStrip ! Permalink. The post CommitStrip ‘Your Smart Home’s Achilles’ Heel’ appeared first on Security Boulevard.

52
article thumbnail

LogicHub Security Roundup: May 2022

Security Boulevard

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be covering a broad view of this past month’s threats, a series of informative use cases seen this month by our teams, and a series of recommended articles, podcasts, and other useful resources. Watch the LogicHub Monthly Security RoundUp - May 2022. Security Safari: New Threats in the Wild.