Thu.Nov 25, 2021

article thumbnail

Get 1,000 hours of cybersecurity training for $21 this Black Friday

Tech Republic Security

Stay up to date for a lifetime with this cybersecurity training bundle with more than 1,000 hours of instruction.

article thumbnail

Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure

Graham Cluley

Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. Read more in my article on the Tripwire State of Security blog.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The triangle of holiday shopping: Scams, social media and supply chain woes

We Live Security

‘Tis the season to avoid getting played by scammers hijacking Twitter accounts and promoting fake offers for PlayStation 5 consoles and other red-hot products. The post The triangle of holiday shopping: Scams, social media and supply chain woes appeared first on WeLiveSecurity.

Scams 141
article thumbnail

Britain introduces IOT Device Security Legislation

CyberSecurity Insiders

A new legislation was introduced in the Britain’s parliament last week aiming to better protect IoT devices from sophisticated hackers. Dubbed as “The Product Security and Telecommunications Infrastructure(PSTI) bill, it requests those involved in the manufacturing of Internet of Things such as smart TVs, CCTVs, smart phones and fitness trackers; to follow basic standards while offering service and products to consumers.

IoT 139
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection. Security researchers from Sansec have discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. Threat actors hides the malware in the task names, then the malicious code is constructed using several layers of compression and base64 decoding.

Malware 136
article thumbnail

Samsung offers Mobile Security protection as below

CyberSecurity Insiders

Samsung released a summary of how it protects its smart phones from cyber attacks and the content is as follows-. From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world.

Mobile 132

More Trending

article thumbnail

New Linux malware hides in cron jobs with invalid dates

Bleeping Computer

Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. [.].

Malware 137
article thumbnail

VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client

The Hacker News

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.

128
128
article thumbnail

Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure

Security Boulevard

Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that at least two large facilities working on manufacturing bio-drugs and vaccines have been hit by […]… Read More.

article thumbnail

FBI warns of crooks targeting online shoppers during the holiday season

Security Affairs

The Federal Bureau of Investigation (FBI) warns of cybercriminals targeting online shoppers during the holiday season. The FBI warns of cyber criminals targeting online shoppers during the holiday season. In this period netizens hope to take advantage of online bargains and are more active online, for this reason they are more exposed to the risk of scams.

Scams 124
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Enhancing zero trust access through a context-aware security posture

CSO Magazine

As an onslaught of ransomware attacks accelerates, cybercriminal organizations are demonstrating increasing levels of sophistication and guile. Most recently, the Federal Bureau of Investigation (FBI) revealed that some hackers are targeting organizations facing time-sensitive financial events to maximize leverage over their victims. These events include planned earnings report releases as well as mergers and acquisitions (M&A).

article thumbnail

Ransomware threat to elders and youngsters falling for Instagram Cyber Scams

CyberSecurity Insiders

In the latest report released by Avast, it was revealed that ransomware spreading hackers were constantly targeting elderly people and youngsters were being lured into Instagram or TikTok scams. As most of the aged community, i.e. those above 65 are using desktop or laptops, hackers are seeing them as easy prey to spread ransomware, bank related customer support scams and Trojans and botnets through video calling apps.

Scams 117
article thumbnail

A Guide to Protecting Your Privacy Online | Avast

Security Boulevard

There has never been a more important time to protect your online privacy than now. Data breaches continue to expose millions of users and their passwords, ransomware attacks remain prevalent, and the Covid-19 pandemic has motivated criminals to bombard businesses with phishing lures to try to leverage their malware and compromise more users. These activities can empty your bank accounts, steal your identity to set up credit cards in your name, or buy things online that get shipped to someone yo

article thumbnail

Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild

The Hacker News

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit.

Malware 114
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Beware card skimmers this Black Friday

Malwarebytes

The UK’s top cybercops are urging owners of small online shops to “ protect their customers and profits ” by guarding against card skimmers in the frenetic shopping period that starts with Black Friday, which lands on November 26 this year. The warning comes from the National Cyber Security Centre (NCSC)—which is part of GCHQ, the UK’s equivalent to the NSA—which says it identified 4,151 compromised online shops up to the end of September.

Retail 104
article thumbnail

How cybercriminals adjusted their scams for Black Friday 2021

Bleeping Computer

Black Friday is approaching, and while shoppers prepare to open their wallets, cybercriminals hone their malware droppers, phishing lures, and fake sites. [.].

Scams 127
article thumbnail

Improving security for mobile devices: CISA issues guides

Malwarebytes

The Cybersecurity and Infrastructure Security Agency (CISA) has released two actionable Capacity Enhancement Guides (CEGs) to help users and organizations improve mobile device cybersecurity. Consumers. One of the guides is intended for consumers. There are an estimated 294 million smart phone users in the US, which makes them an attractive target market for cybercriminals.

Mobile 97
article thumbnail

This New Stealthy JavaScript Loader Infecting Computers with Malware

The Hacker News

Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021.

Malware 102
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsoft Defender for Endpoint fails to start on Windows Server

Bleeping Computer

Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems. [.].

113
113
article thumbnail

If You're Not Using Antivirus Software, You're Not Paying Attention

The Hacker News

Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.

Antivirus 100
article thumbnail

Discord malware campaign targets crypto and NFT communities

Bleeping Computer

A new malware campaign on Discord uses the Babadeda crypter to hide malware that targets the crypto, NFT, and DeFi communities. [.].

Malware 127
article thumbnail

Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

The Hacker News

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines.

Malware 100
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

JavaScript Loader RATDispenser Infects Windows PCs with RATs

Heimadal Security

RATDispenser, a novel secretive JavaScript loader, is being employed in phishing campaigns to infect devices with a range of Remote Access Trojans (RATs). The new loader quickly formed distribution agreements with at least eight malware families, all of which were developed to steal data and give attackers access over victim machines. As explained by BleepingComputer, […].

article thumbnail

New Twists on Gift-Card Scams Flourish on Black Friday

Threatpost

Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.

Scams 101
article thumbnail

A Microsoft MSHTML Exploited By Hackers

Heimadal Security

It seems that a newly found Iranian threat actor is stealing Google and Instagram credentials from Farsi-speaking targets all around the world employing a new PowerShell-based stealer named PowerShortShell. The data stealer is also used for Telegram monitoring and gathering system information from infected machines, which is then delivered to attacker-controlled servers along with the […].

Malware 90
article thumbnail

Try out 1Password 8 for Windows, where security meets productivity

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! 1Password 8 for Windows has been reimagined with productivity improvements, enhanced security and privacy features, and a new, modern design. 1Password 8 helps you manage, access, and protect your sensitive information more easily … Continue reading "Try out 1Password 8 for Windows, where security meets productivity".

91
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

30% of Android Smartphones Impacted by Mediatek Vulnerabilities

Heimadal Security

Researchers have discovered four Mediatek vulnerabilities that, if successfully exploited would have permitted malicious hackers to perform a series of actions like Android phone calls eavesdropping, commands execution and increased rights elevation. Three of the discovered flaws were fixed by the company along with the MediaTek Security Bulletin from last month and the fourth will […].

article thumbnail

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials

Security Affairs

An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug. Researchers from SafeBreach Labs spotted a new Iranian threat actor that is using an exploit for a Microsoft MSHTML Remote Code Execution (RCE) flaw in attacks aimed at Farsi-speaking victims. The exploit is used to install a PowerShell stealer, tracked by the researchers as PowerShortShell, that steals Google and Instagram credentials of the victims.

article thumbnail

Online Shoppers at Risk of Losing Over $53 Million

Heimadal Security

The Federal Bureau of Investigation has warned that internet buyers might lose more than $53 million during the holiday season this year. The FBI Internet Crime Complaint Center (IC3) received over 17,000 complaints about the non-delivery of goods during the 2020 holiday shopping season, resulting in losses of more than $53 million. Due to speculations […].

Risk 82
article thumbnail

New CronRAT malware infects Linux systems using odd day cron jobs

Bleeping Computer

Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. [.].

Malware 95
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.