Krebs on Security
APRIL 6, 2021
Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible.
Joseph Steinberg
APRIL 6, 2021
While ransomware may seem like a straightforward concept, people who are otherwise highly-knowledgeable seem to cite erroneous information about ransomware on a regular basis. As such, I would like to point out 8 essential points about ransomware. 1. Paying a demanded ransom may not get you your files back, and may not prevent a leak of your information.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
APRIL 6, 2021
A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. What’s clever about this scam is that the victim is an Uber driver and the scammer is the passenger, so the driver is naturally busy and can’t see what the scammer is doing.
Tech Republic Security
APRIL 6, 2021
IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Last Watchdog
APRIL 6, 2021
As digital transformation kicks into high gear, it’s certainly not getting any easier to operate IT systems securely, especially for small- and medium-sized businesses. Related: Business-logic attacks target commercial websites. SMBs are tapping into cloud infrastructure and rich mobile app experiences, making great leaps forward in business agility, the same as large enterprises.
Tech Republic Security
APRIL 6, 2021
Automating cloud security is a process still in its infancy for many organizations, says Unit 42.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
APRIL 6, 2021
A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago. [.].
We Live Security
APRIL 6, 2021
ESET Research uncovers a new threat that targets organizations operating in various sectors in Brazil. The post Janeleiro, the time traveler: A new old banking trojan in Brazil appeared first on WeLiveSecurity.
Hot for Security
APRIL 6, 2021
Tassilo Heinrich, a California resident arrested a few months ago by the FBI for alleged involvement in a Shopify data breach, has been indicted by a grand jury. When we hear of data breaches, we usually assume they’re the work of outsiders, but that’s not always the case. Sometimes, breaches have causes other than hackers, like negligence or insider threats.
WIRED Threat Level
APRIL 6, 2021
The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
APRIL 6, 2021
This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg. In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Contained within the zip file was a PowerShell script masquerading as a link to a Bitcoin wallet. Upon analysis, the obfuscated PowerShell downloader initiated a chain of infection leading to a lesser-known malware called Saint Bot.
CSO Magazine
APRIL 6, 2021
The trial of Xiaorong You is set to begin today, April 6, in Greenville, TN. She is accused of trade secret theft and economic espionage after allegedly stealing bisphenol-A-free (BPA-free) technologies owned by several companies, including her former employers Coca-Cola and Eastman Chemical Company. The value placed on the development of the stolen technologies is $119.6 million.
Bleeping Computer
APRIL 6, 2021
Ireland's Data Protection Commission (DPC) is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users. [.].
Tech Republic Security
APRIL 6, 2021
More than half of the cyberattacks reported to Keeper Security involved stolen credentials.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CSO Magazine
APRIL 6, 2021
A group of criminals behind a stealthy backdoor known as more_eggs is targeting professionals with fake job offers tailored to them based on information from their LinkedIn profiles. The gang is selling access to systems infected with the backdoor to other sophisticated cybercrime groups including FIN6, Evilnum and Cobalt Group that are known to target organizations from various industries. [ Check out these 11 phishing prevention tips for best technology practices, employee education and social
Malwarebytes
APRIL 6, 2021
Users primarily located in Germany are experiencing malware that downloads and installs on their Gigaset mobile devices—right out of the box! The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app. This app is not only the mobile device’s system updater, but also an Auto Installer known as Android/PUP.Riskware.Autoins.Redstone.
CyberSecurity Insiders
APRIL 6, 2021
Several organizations belonging to European Union were targeted by a cyber attack in March this year and news is out that it did partially impact the IT infrastructure of agencies, institutions and private bodies to a certain extent. The spokesperson of the European Commission made few details available to the media as the investigation is still going on.
Malwarebytes
APRIL 6, 2021
If you’re an Android phone user, now might be a good time to invest in a good pair of ear plugs. Fans of iPhones aren’t known for being shy when it comes to telling Android users that Apple products are superior, and things may be about to get worse, thanks to a new research paper (pdf). . Researchers of the School of Computer Science and Statistics at Trinity College Dublin, Ireland decided to investigate what data iOS on an iPhone shares with Apple and what data Google Android on
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
APRIL 6, 2021
Threat actors are targeting mission-critical SAP enterprise applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks. [.].
Malwarebytes
APRIL 6, 2021
This post was authored by Hossein Jazi. As tensions between Azerbaijan and Armenia continue, we are still seeing a number of cyber attacks taking advantage of this situation. On March 5th 2021, we reported an actor that used steganography to drop a new.Net Remote Administration Trojan. Since that time, we have been monitoring this actor and were able to identify new activity where the threat actor switched their RAT from.Net to Python.
Bleeping Computer
APRIL 6, 2021
A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers note. As its popularity increased, the developer kept improving it to avoid detection from security solutions. [.].
Malwarebytes
APRIL 6, 2021
Unless you keep your social media at a pole’s distance, you have probably heard that an absolutely enormous dataset—containing over 500 million phone numbers—has been made public. These phone numbers have been in the hands of some cybercriminals since 2019 due to a vulnerability in Facebook that allowed personal data to be scraped from the social media platform, until it was patched it in 2019.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Hot for Security
APRIL 6, 2021
Video game publisher Activision has warned the gaming community of hidden RAT Trojans masquerading as Call of Duty cheat tools. The company behind Call of Duty: Warzone and the popular Guitar Hero series said it examined the hacking tool that was promoted for use against gamers on multiple hacking forums. According to a recent report, threat actors posted a free “newbie friendly” and “effective” method for spreading a RAT – promoting the malicious software as a video game cheat program, as
Threatpost
APRIL 6, 2021
Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further.
CSO Magazine
APRIL 6, 2021
What if a big crack appeared overnight in the internet's security layer? What if the fracture reached deep into the mathematical foundations of the cryptographic algorithms? That appeared to happen in early March when a paper dropped with a tantalizing conclusion in the abstract: “This destroys the RSA cryptosystem.
The Hacker News
APRIL 6, 2021
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecurityTrails
APRIL 6, 2021
Learn about the latest successful round of funding that will aid us in delivering on our promise of being the best all-in-one platform for Total Internet Inventory.
The Hacker News
APRIL 6, 2021
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.
Security Boulevard
APRIL 6, 2021
It is no secret that early security testing is beneficial. However, do you know how advantageous it is and what are the potential consequences of the lack of early testing? Here are 5 top benefits of early security testing along with the risks of late. Read more. The post 5 Major Benefits of Early Security Testing appeared first on Acunetix. The post 5 Major Benefits of Early Security Testing appeared first on Security Boulevard.
SC Magazine
APRIL 6, 2021
Today’s columnist, Amos Stern of Siemplify, says while the heyday of SOCs may have passed because of the pandemic, security pros have adjusted and need to focus on the threats at hand: insecure home networks, cloud adoption and phishing. PacificNorthwestNationalLaboratory CreativeCommons Credit: CC BY-NC-SA 2.0. About seven years ago, when serving as the cyber and intelligence director for Israel’s largest defense contractor, one of the biggest projects I oversaw was building a training simulato
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
333 
Let's personalize your content