Schneier on Security

DECEMBER 10, 2020

The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the patients : Neither the company nor Finnish investigators have released many details about the nature of the breach, but reports say the attackers initially sought a payment of about 450,000 euros to protect about 40,000 patient records.

Data breaches 335

Data breaches Healthcare Cybercrime Cybersecurity 335

Krebs on Security

DECEMBER 10, 2020

Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.

Ransomware 320

Ransomware Financial Services Cyber threats Banking 320

Tech Republic Security

DECEMBER 10, 2020

From Apple to Google to Toyota, companies across the world are pouring resources into developing AI systems with machine learning. This comprehensive guide explains what machine learning really means.

218

218

Security Affairs

DECEMBER 10, 2020

Microsoft warns of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings. Microsoft warned of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings and inject ads into search results pages. Users are redirected to fraudulent domains where they are tricked into installing tainted software.

Malware 123

Malware Advertising Media Engineering 123

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 10, 2020

These phishing emails promise compensation, test results, and other lures about the coronavirus to trick unsuspecting users, says Armorblox.

Phishing 217

Phishing 217

Threatpost

DECEMBER 10, 2020

Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life.

117

117

Dark Reading

DECEMBER 10, 2020

Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.

Cybersecurity 109

Cybersecurity 109

Tech Republic Security

DECEMBER 10, 2020

Do-it-yourself apps that don't use the official API from Apple and Google raised privacy concerns due to unsecure design, says Guardsquare.

Risk 197

Risk 197

The State of Security

DECEMBER 10, 2020

It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from […]… Read More.

Software 101

Software 101

Tech Republic Security

DECEMBER 10, 2020

Cyberconflict is an unfortunate growing trend impacting businesses and governments. Learn the risks and possible solutions from an industry expert.

Government 140

Government Risk 140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

DECEMBER 10, 2020

Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases.

Ransomware 112

Ransomware Hacking 112

Tech Republic Security

DECEMBER 10, 2020

Jack Wallen shows you how to install and configure fail2ban on the latest release of Fedora Linux.

153

153

Security Affairs

DECEMBER 10, 2020

The proof-of-concept exploit code for the Kerberos Bronze Bit attack was published online, it allows intruders to bypass authentication and access sensitive network services. The proof-of-concept exploit code for the Kerberos Bronze Bit attack, tracked as CVE-2020-17049 , was published online this week. The hacking technique could be exploited by attackers to bypass the Kerberos authentication protocol in Windows environments and access sensitive network-connected services.

Authentication 101

Authentication Encryption Passwords Hacking 101

Threatpost

DECEMBER 10, 2020

The threat group is increasing its espionage activity in light of the current political climate and recent events in the Middle East, with two new backdoors.

Phishing 106

Phishing Malware 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations

Malware 100

Malware Phishing Government Data collection 100

We Live Security

DECEMBER 10, 2020

LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in Mongolian supply-chain attack. The post Operation StealthyTrident: corporate software under attack appeared first on WeLiveSecurity.

Software 98

Software Malware 98

Approachable Cyber Threats

DECEMBER 10, 2020

Category Cybersecurity Fundamentals, Guides. Risk Level. Whether you own a small business, or are the Senior Director of IT at a Fortune 100 company, you are forced into the annual tradition of budgeting. I get it - no one likes budgeting (at least they don’t admit it out loud). Add to that the feeling that going into 2021 is more uncertain than ever and we understand it's truly at the bottom of your list.

Cybersecurity 98

Cybersecurity Small Business Mobile Software 98

TrustArc

DECEMBER 10, 2020

On 9 December, the Commerce Committee of the U.S. Senate held a hearing on the consequences of the Schrems-II decision and the future of U.S. – EU data transfers. The Committee invited five experts to provide evidence and respond to the Senators questions. The hearing made clear there is no consensus yet on a new […]. The post Report: U.S.

98

98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

DECEMBER 10, 2020

Security company GreatHorn shared some of the latest ways cybercriminals are trying to take your money. Here's how to avoid them.

Scams 103

Scams Phishing 103

McAfee

DECEMBER 10, 2020

Everyone deserves a break after surviving this past year and I cannot think of better way to celebrate than to share some of our greatest accomplishments from 2020. 1. January 2020 Gartner Peer Insights VOC Customers’ Choice for CASB. McAfee was the only vendor to be named the January 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Cloud Access Security Brokers (CASBs).

Policy Compliance 98

Policy Compliance Technology Information Security Media 98

We Live Security

DECEMBER 10, 2020

While shopping for the perfect presents, be on the lookout for naughty cybercriminals trying to ruin your Christmas cheer by tricking you out of both gifts and money. The post Cybersecurity Advent calendar: Tips for buying gifts and not receiving coal appeared first on WeLiveSecurity.

Cybersecurity 98

Cybersecurity 98

SecureWorld News

DECEMBER 10, 2020

With the Pfizer COVID-19 vaccine right around the corner, it appears to have the potential to be one of the world's most desired medical breakthroughs in modern history. There is little doubt there will be a mad scramble for distributing the vaccine, as well as people finding ways to get it themselves. It will hopefully be effective enough to end this global pandemic that we have all been suffering through for nearly a year now.

Data breaches 93

Data breaches Cyber Attacks Government 93

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Privacy and Cybersecurity Law

DECEMBER 10, 2020

Chantal Bernier, National Practice Leader, Privacy and Cybersecurity, Dentons Canada LLP Former Interim Privacy Commissioner of Canada. C-11, An Act to enact the Consumer Privacy Protection Act (CPPA) and the Personal Information and Data Protection Tribunal Act, is arguably so balanced and pragmatic that it is reasonable to expect it will become law, essentially as is, before the end of 2021 – barring an election.

Artificial Intelligence 89

Artificial Intelligence Technology Risk Marketing 89

Trend Micro

DECEMBER 10, 2020

Gootkit has been tied to Cobalt Strike as well as other ransomware attacks in the past. Some of these recent victims later suffered SunCrypt ransomware attacks, although it is unclear if this was because of the Gootkit threat actor or if access was sold to other threat actors.

Ransomware 88

Ransomware Cyber threats Malware 88

Threatpost

DECEMBER 10, 2020

Ransomware attacks targeting hospitals have exacted a human cost as well as financial.

Ransomware 127

Ransomware Healthcare 127

Dark Reading

DECEMBER 10, 2020

Aftermath of the FireEye breach by Russia's foreign service agency raises concerns over what the attackers could do next - and how to defend against it.

131

131

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

DECEMBER 10, 2020

The attack that hit the University of Vermont Medical Center at the end of October is costing the hospital about $1.5 million a day. In October, ransomware operators hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The ransomware attack took place on October 28 and disrupted services at the UVM Medical Center and affiliated facilities.

Ransomware 87

Ransomware Cyber Attacks Malware Hacking 87

Tech Republic Security

DECEMBER 10, 2020

Some apps in the Google Play Store are impersonating legitimate apps and stealing users' money.

107

107

Security Affairs

DECEMBER 10, 2020

Cisco addressed a new critical RCE vulnerability that affects several versions of Cisco Jabber for Windows, macOS, and mobile platforms. Cisco has released security updates to address a critical remote code execution (RCE) flaw affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms. Cisco Jabber is an instant messaging and web conferencing desktop app that delivers messages between users using the Extensible Messaging and Presence Protocol (XMPP).

Mobile 85

Mobile Software Hacking Accountability 85

Threatpost

DECEMBER 10, 2020

Threat actors accessed Pfizer vaccine documentation submitted to EU regulators in the latest cyberattack trying to profit off pandemic suffering. .

Government 92

Government Hacking 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.