Schneier on Security

FEBRUARY 15, 2021

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside. The interaction plays out almost exactly like it did in the department — when Devermont starts asking questions, Fair turns on the music.

Media 344

Media Accountability Hacking 344

Krebs on Security

FEBRUARY 15, 2021

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.

Retail 299

Retail Accountability Banking Risk 299

Schneier on Security

FEBRUARY 15, 2021

At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild.

Technology 296

Technology Software Hacking 296

Adam Shostack

FEBRUARY 15, 2021

Abhay Bhargav has a really excellent post on Better OKRs for Security through Effective Threat Modeling. I really like how he doesn’t complain about the communication issues between security and management, but offers up a concrete suggestion for improvement. Key quote: “Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program.” I like the post so much

239

239

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 15, 2021

The US Cyber Command has released a series of ten Valentine’s Day “Cryptography Challenge Puzzles.” Slashdot thread. Reddit thread. (And here’s the archived link, in case Cyber Command takes the page down.).

245

245

The Last Watchdog

FEBRUARY 15, 2021

Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so. In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention.

Education 178

Education CISO Security Awareness Cybersecurity 178

CyberSecurity Insiders

FEBRUARY 15, 2021

Although many organizations are using email protection solutions, millions of email attacks are still going undetected in corporate networks, says a research carried out by Barracuda. Barracuda Email Threat Scanner was used to scan the computer networks of 4550 organizations and out 2,600,531 mailboxes, over 2,029,413 were found to be targeted by unique cyber attacks.

Cyber Attacks 139

Cyber Attacks Threat Detection Phishing Scams 139

Security Boulevard

FEBRUARY 15, 2021

In January 2020, no one could have predicted how unpredictable the coming year would be. But despite the seismic changes to the way we work, the biggest network security threats to organizations were mostly the same old threats we’ve been facing for the past five years. Yet even the largest enterprises with the most advanced, The post Network Security: 5 Fundamentals for 2021 appeared first on Security Boulevard.

Network Security 145

Network Security Cybersecurity 145

Tech Republic Security

FEBRUARY 15, 2021

To keep your Linux servers and desktops as secure as possible, you should check for (and remove) legacy communication services. Jack Wallen shows you how.

136

136

SecureList

FEBRUARY 15, 2021

Figures of the year. In 2020: The share of spam in email traffic amounted to 50.37%, down by 6.14 p.p. from 2019. Most spam (21.27%) originated in Russia. Kaspersky solutions detected a total of 184,435,643 malicious attachments. The email antivirus was triggered most frequently by email messages containing members of the Trojan.Win32.Agentb malware family.

Phishing 137

Phishing Malware Scams Accountability 137

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

FEBRUARY 15, 2021

High-severity and critical bugs disclosed in 2020 outnumber the sum total of vulnerabilities reported 10 years prior. The post Record‑breaking number of vulnerabilities reported in 2020 appeared first on WeLiveSecurity.

141

141

Bleeping Computer

FEBRUARY 15, 2021

Microsoft released Windows Terminal Preview v1.5 this week, and it comes with some useful improvements, including full support for clickable hyperlinks, command palette improvements, emoji icon support, and more. [.].

137

137

Security Boulevard

FEBRUARY 15, 2021

Despite the move to the cloud, many government entities grapple with long-standing, cloud-related cybersecurity challenges. Consider a recent survey from data security provider Netwrix, based on responses from 937 IT professionals. This survey showed that, while security challenges persist, many cybersecurity woes in the federal government are self-inflicted.

Government 137

Government Cybersecurity Risk 137

Bleeping Computer

FEBRUARY 15, 2021

The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group. [.].

Hacking 136

Hacking 136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

FEBRUARY 15, 2021

With so many organizations relying on cloud computing, keeping data protected while using cloud services has become a high priority. Yet, even though there is a greater emphasis on overall cybersecurity for the cloud, data privacy has been slower to evolve. That could be for any number of reasons – the emphasis on data privacy. The post Overcoming Privacy Inertia to Protect Data appeared first on Security Boulevard.

Data privacy 134

Data privacy Cybersecurity Security Awareness 134

Bleeping Computer

FEBRUARY 15, 2021

The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. [.].

Cryptocurrency 140

Cryptocurrency DDOS 140

Security Boulevard

FEBRUARY 15, 2021

Oftentimes, how organizations measure risk determines how they will prioritize investments. For IT professionals, building a set of metrics for security needs is often accompanied by feelings of anxiety, because if measurements look at the wrong data or indicators, they may lead to a false sense of security. Security programs are made up of many. The post Measuring Security Risk vs.

Risk 133

Risk CISO Security Awareness Mobile 133

Security Affairs

FEBRUARY 15, 2021

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack. Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company’s analysis of the malicious code involved in the hack suggests it was the work of a thousand developers.

Government 128

Government Engineering Surveillance Authentication 128

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

FEBRUARY 15, 2021

A threatening social media post targeting an executive, employee, brand, or any other asset often has merit to it, and investigating the online accounts associated with the threat actor is imperative in the process of assessing risk. By mapping social media accounts operated by the threat actor, you can build a more comprehensive profile of the user and better assess the risk posed.

Media 131

Media Accountability Risk 131

Malwarebytes

FEBRUARY 15, 2021

The UK’s National Crime Agency (NCA)—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorney’s Office of Santa Clara California—spearheaded the arrest of eight British citizens in the UK and Scotland, aged between 18 to 26, for a string of SIM swapping attacks that occurred in 2020. These attacks targeted thousands of people and netted some high-profile victims such as online influencers, sports stars, and musicians.

Social Engineering 126

Social Engineering Cryptocurrency Accountability Authentication 126

Bleeping Computer

FEBRUARY 15, 2021

Microsoft is adding new security warnings to the Security and Compliance Center (SCC) default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants. [.].

Phishing 125

Phishing 125

Security Boulevard

FEBRUARY 15, 2021

In early February, SlashNext debuted “Phish Stories,” a?videocast?and podcast series?designed to educate cybersecurity professionals?about?the latest, most innovative?phishing attacks challenging businesses today.??? In each episode,?cybersecurity experts?discuss?new?zero-hour?phishing attacks?— their latest strategies, attack vectors, and technologies used?

Phishing 125

Phishing CISO Education Technology 125

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CyberSecurity Insiders

FEBRUARY 15, 2021

A France-based hospital was reportedly hit by a ransomware attack and confirmed sources speak in that the healthcare network was hit by those spreading Egregor Ransomware. The hospital that has been hit is Center Hospitalier de Dax Cote d Argent and sources say that the medical facility was hit by ransomware on February 8h,2021. Avast, a Cybersecurity vendor reports the malware attack has disrupted the hospital services so much that it has brought the patient care to a halt as email services and

Ransomware 120

Ransomware Healthcare Malware Encryption 120

Security Affairs

FEBRUARY 15, 2021

French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

VPN 118

VPN Software Internet Internet 118

Graham Cluley

FEBRUARY 15, 2021

A 33-year-old man has been arrested after allegedly hacking into his former employer's computer system to plant ransomware.

Ransomware 142

Ransomware Hacking Malware 142

Bleeping Computer

FEBRUARY 15, 2021

Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future. [.].

117

117

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

FEBRUARY 15, 2021

Russian Cybersecurity firm Kaspersky has warned all those who have a used to the habit of storing digital currency in their e-wallets, and this includes those dealing with cryptocurrency like Bitcoins and Monero as well. The Eugene Kaspersky led firm has warned the mobile wallet industry that their USD $1.9 billion transactions that take place on an annual note are on the verge of being hacked at any point of time.

Cyber Attacks 114

Cyber Attacks Mobile Cryptocurrency Banking 114

The Hacker News

FEBRUARY 15, 2021

Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google.

114

114

Zero Day

FEBRUARY 15, 2021

Most cryptocurrency money laundering is concentrated in a few online services, opening the door for law enforcement actions.

Cryptocurrency 136

Cryptocurrency 136

The Hacker News

FEBRUARY 15, 2021

Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. The issues were discovered by Italy-based Shielder in iOS, Android, and macOS versions of the app.

Cybersecurity 112

Cybersecurity 112

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.