The Last Watchdog

MAY 12, 2021

A permissions glut is giving rise to an explosion of new exposures in modern business networks. Related: Securing digital identities. Companies are adopting multi-cloud and hybrid cloud infrastructures and relying on wide-open app development like never before. In doing so, permissions to make myriad software connections are proliferating. Taken together these man-to-machine and machine-to-machine connections result in cool new digital services.

Cloud Migration 212

Cloud Migration Accountability Software Internet 212

Tech Republic Security

MAY 12, 2021

Government and business both need to step up to combat ransomware attacks against critical systems before they spiral further out of control.

Ransomware 217

Ransomware Government 217

Joseph Steinberg

MAY 12, 2021

Colonial Pipeline, which operates a 5,500-mile system that transports nearly 45% of the fuel consumed on the East Coast of the United States, shut down on Friday critical portions of its fuel distribution network in response to a crippling ransomware attack that devastated the American fuel pipeline operator; since then, fuel prices have creeped up across the United States, and 17 US States and Washington DC have declared states of emergency.

Energy and Utilities 149

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks 149

Tech Republic Security

MAY 12, 2021

Attackers are not only demanding ransom from organizations, but also threatening their customers, users and other third parties.

Ransomware 218

Ransomware 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MAY 12, 2021

I have 80 copies of my 2000 book Beyond Fear available at the very cheap price of $5 plus shipping. Note that there is a 20% chance that your book will have a “BT Counterpane” sticker on the front cover. Order your signed copy here.

153

153

Tech Republic Security

MAY 12, 2021

A new HP Wolf Security study focuses on shifting cybersecurity threats in the age of remote working as employees use work devices for personal entertainment.

Cybersecurity 183

Cybersecurity 183

Tech Republic Security

MAY 12, 2021

According to the software company Egress, 85% of organizations using Microsoft 365 have experienced an email data breach.

Data breaches 181

Data breaches Software 181

The Hacker News

MAY 12, 2021

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.

145

145

CyberSecurity Insiders

MAY 12, 2021

Your staff members may fail to notice how they expose their business to security risks. Beware of the most common insider threats and learn how to resist. Let us assume you do your best to protect your business from security risks. But do you know that a good deal of the danger accounts for insiders? Dealing with insider threats is an awfully bad experience for too many businesses so far.

Accountability 144

Accountability Scams Risk Software 144

Security Boulevard

MAY 12, 2021

In the course of reading this article, you’ll likely interact with several connected devices. And you probably wouldn’t have even given it a second thought if we hadn’t just called it out. The post End-to-End IoT Device Security: What You Need to Know appeared first on Security Boulevard.

IoT 143

IoT 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

MAY 12, 2021

Newly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices (including computers, smartphones, and smart devices) going back as far as 1997. [.].

142

142

The Last Watchdog

MAY 12, 2021

A new report from Sophos dissects how hackers spent two weeks roaming far-and-wide through the modern network of a large enterprise getting into a prime position to carry out what could’ve been a devasting ransomware attack. Related: DHS embarks on 60-day cybersecurity sprints. This detailed intelligence about a ProxyLogon-enabled attack highlights how criminal intruders are blending automation and human programming skills to great effect.

Ransomware 118

Ransomware Hacking Firewall Digital transformation 118

Security Boulevard

MAY 12, 2021

The global pace at which technology is evolving and accelerating is incredible. People and companies are becoming less concerned with having “physical” assets or solutions. Tom Goodwin, Senior VP of Strategy and Innovation at Havas Media, said, “Uber, the world’s largest taxi company, owns no vehicles. Facebook, the world’s most popular media owner, creates no content.

Risk 139

Risk Retail Media Technology 139

Trend Micro

MAY 12, 2021

Trend Micro Research has found dozens of Darkside ransomware samples in the wild and investigated how the ransomware operates as well as the organizations that are typically targeted.

Ransomware 140

Ransomware 140

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MAY 12, 2021

Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader. [.].

Malware 133

Malware Phishing 133

We Live Security

MAY 12, 2021

Apple also claims to have foiled US$1.5 billion worth of potentially fraudulent transactions. The post 1 million risky apps rejected or removed from Apple’s App Store in 2020 appeared first on WeLiveSecurity.

Mobile 129

Mobile 129

Bleeping Computer

MAY 12, 2021

Multiple editions of Windows 10 versions 1803, 1809, and 1909 have reached their End of Service (EOS) on this month's Patch Tuesday, as Microsoft reminded customers yesterday. [.].

126

126

Malwarebytes

MAY 12, 2021

Late last week, the business network systems of Colonial Pipeline , the biggest supplier of fuels on the East Coast of the United States, were compromised due to a ransomware attack , forcing the company to temporarily shut down its operations while investigations are underway. Monday morning, Pacific time, the FBI confirmed that the ransomware culprit is DarkSide, a fairly new strain that started making a name roughly in mid- to late-2020.

Ransomware 126

Ransomware Encryption Government Antivirus 126

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

MAY 12, 2021

Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks. Some the flaws discovered by the experts date back as far back as 1997.

Hacking 126

Hacking Encryption Authentication Internet 126

Hot for Security

MAY 12, 2021

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has imposed a three-month ban prohibiting Facebook from gathering and processing German WhatsApp users’data. On Tuesday, the top German privacy watchdog told Facebook officials to stop processing user data from its instant messaging service, saying the app’s most recent privacy policy update that could violate EU’s General Data Protection Regulation (GDPR). “The order is intended to safeguar

Media 122

Media Accountability 122

Bleeping Computer

MAY 12, 2021

Microsoft has resolved a known issue preventing managed devices from receiving the May 2021 Patch Tuesday security updates. [.].

141

141

The Hacker News

MAY 12, 2021

Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data.

118

118

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

eSecurity Planet

MAY 12, 2021

MITRE added a new wrinkle to its latest endpoint detection and response (EDR) evaluations, a test of endpoint security products’ ability to stop an adversarial attack. Previous MITRE evaluations and the first part of the latest evaluation, Carbanak+FIN7 , focused on the ability of vendors to detect attacks and alert security staff. That approach focuses more on the strengths of EDR tools, which essentially add a centralized management layer to endpoint security, the ability to detect and r

Antivirus 116

Antivirus Marketing Malware Cybersecurity 116

Hot for Security

MAY 12, 2021

Facebook announced a few months ago that the upcoming policy changes would require non-European users to accept new terms and conditions or be forced to stop using the service. From the looks of it, Facebook won’t require it from the start, but aims to make the user experience terrible for those who don’t accept. Facebook caused an uproar when it announced that non-European users would need to agree with new terms and conditions allowing the company to share some of the data from WhatsApp

Accountability 116

Accountability 116

Security Boulevard

MAY 12, 2021

Inside BNP Paribas' Digital Banking Innovation: Cloud, Data, AI. michelle. Wed, 05/12/2021 - 14:34. Featuring BNP Paribas Global CIO Bernard Gavgani. May 12, 2021. The banking sector, for many decades, has relied on legacy processes and systems to serve its customers. But today, the rise of online banking, digital applications, and challenger banks has caused significant disruption across financial services.

Banking 113

Banking Digital transformation Technology Financial Services 113

CSO Magazine

MAY 12, 2021

SOAR: Meaning and definition. SOAR is the name for a relatively new kind of security platform that coordinates information produced by a wide range of security tools and automate much of their analysis and protective responses. SOAR, which stands for security orchestration, automation, and response, is a term coined by Gartner in 2015 and since embraced by the industry as companies grapple with increasing security threats, a tight labor market, and an increasing flood of information they need to

Marketing 112

Marketing 112

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Webroot

MAY 12, 2021

Aging infrastructure in the United States is not confined to crumbling roads and bridges. Recent events have shown that connected devices in our pipelines, water treatment facilities and power grids are also vulnerable to exploitation. As of now, we still don’t know much about the ransomware attack against the operators of the Colonial Pipeline. Details about how and when cybercriminals were able to compromise Colonial’s network have yet to emerge.

Insurance 112

Insurance IoT Ransomware Cybersecurity 112

Bleeping Computer

MAY 12, 2021

Microsoft has launched a new open-source project that aims to add to Windows the benefits of eBPF, a technology first implemented in Linux that allows attaching programs in both kernel and user applications. [.].

Technology 110

Technology 110

Security Boulevard

MAY 12, 2021

The post 10 Exploits Cybersecurity Professionals are Concerned About appeared first on Digital Defense, Inc. The post 10 Exploits Cybersecurity Professionals are Concerned About appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity 109

Hot for Security

MAY 12, 2021

Scammers continue to piggyback on the pandemic and vaccination campaigns in a new giveaway vaccine survey scam purportedly from pharmaceutical giant Pfizer. According to Bitdefender Antispam Lab’s latest telemetry, the survey scam has reached over 200,000 consumers since April. Our analysis shows a geo-targeted dispersal of the spam campaign, with 69.98% of the targeted users in the US.

Scams 110

Scams Banking Accountability Identity Theft 110

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.