Schneier on Security
FEBRUARY 10, 2021
Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the company’s data, among last year’s top earners, there were groups like Ryuk, Maze (now-defunct), Doppelpaymer, Netwalker ( disrupted by authorities ), Conti, and REvil (aka Sodinokibi).
Tech Republic Security
FEBRUARY 10, 2021
A new breach analysis from CI Security found that cybercriminals are going after medical billing and insurance companies.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
FEBRUARY 10, 2021
This month’s relatively humble bundle of security updates fixes 56 vulnerabilities, including a zero-day bug and 11 flaws rated as critical. The post Microsoft patches actively exploited Windows kernel flaw appeared first on WeLiveSecurity.
Tech Republic Security
FEBRUARY 10, 2021
Malicious Valentine's Day-themed phishing campaigns are up 29% from last year, according to Check Point Research.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
FEBRUARY 10, 2021
Hackers whose intention was to kill the citizens by inducting poison into their drinking water consumption facility targeted a small town in Florida. However, the massacre was averted by timely reaction of the administrator of the water utility. Going with the details, Oldsmar, a small town in FL consisting 14,000 people as populace, was hit by a cyber attack on February 5th of 2021.
Tech Republic Security
FEBRUARY 10, 2021
While it's logical to assume seniors would be primary targets, a new report revealed that millennials were actually the most targeted demographic group of the more than 50 billion spam calls made in 2020.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Anton on Security
FEBRUARY 10, 2021
SOC Threat Coverage Analysis?—?Why/How? As I mentioned in Detection Coverage and Detection-in-Depth , the topic of threat detection coverage has long fascinated me. Back in my analyst days, we looked at it as a part of a security use case lifecycle process. For example, we focused on things like number and quality of alerts per SIEM use case, false/useless alert (“false positive”) numbers and ratios (to useful alerts), escalations to incident response, tuning, etc.
Security Boulevard
FEBRUARY 10, 2021
Organizations are overwhelmed by the choice of cyber security tools in the market. They need to balance prioritizing and remediating vulnerabilities with managing their secure configurations. What’s more, many organizations are using hybrid clouds where they need to protect assets that are hosted both on premises and in the cloud. This complexity requires a thoughtful […]… Read More.
Veracode Security
FEBRUARY 10, 2021
In light of the current pandemic, our healthcare industry has been challenged like never before. Healthcare workers heroically stepped up to the plate, caring for those in need, while the industry itself digitally transformed to keep up with the influx of patient data and virtual wellness appointments. The increase of digital activity has brought about new security threats with cyberattackers targeting patient data.
Tech Republic Security
FEBRUARY 10, 2021
Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
FEBRUARY 10, 2021
As a seasoned IT risk management professional, you already know that staying on top of security is a. Read More. The post Transforming Your IT Risk Management from Reactive to Proactive in 5 Steps appeared first on Hyperproof. The post Transforming Your IT Risk Management from Reactive to Proactive in 5 Steps appeared first on Security Boulevard.
Zero Day
FEBRUARY 10, 2021
An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer.
Security Boulevard
FEBRUARY 10, 2021
How do the current DMCA laws impact those who hack digital devices? And why doesn’t our basic right to repair our devices extend into the digital world? To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, founded secureparis.org, a group of infosec experts who are volunteering to fight for the right to repair. The post The Hacker Mind Podcast: The Right To Repair appeared first on Security Boulevard.
Threatpost
FEBRUARY 10, 2021
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Hot for Security
FEBRUARY 10, 2021
The US Federal Bureau of Investigation has issued a private industry notification after a cyberattack that targeted a water plant in the state of Florida. As reported earlier this week , the Oldsmar water treatment systems were remotely accessed by an unknown threat actor via TeamViewer, the popular software tool designed for remote control, desktop sharing, online meetings, and file transfer between computers.
CSO Magazine
FEBRUARY 10, 2021
On Monday, February 8, a press conference hosted by Pinellas County, Florida, sheriff Bob Gualtieri dropped an industrial cybersecurity bombshell that reverberated worldwide. Gualtieri, along with the mayor and city manager of Oldsmar (population 15,000), revealed that a hacker had infiltrated the Oldsmar water treatment system to change the city’s water supply levels of sodium hydroxide from 100 parts per million to 11,100 parts per million.
CyberSecurity Insiders
FEBRUARY 10, 2021
Most Small and Medium Scale Businesses(SMBs) are finding it difficult to manage a fleet of mobile devices, especially when half of their workforce is remotely working. So, in such situations, it becomes extremely tedious for administrators to manage the fleet. This is where Google is offering Android based Enterprise Mobility Management (EMM) tools to break the complexity faced by SMBs regards to security management.
Security Affairs
FEBRUARY 10, 2021
Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs. The anti-malware solutions provider Emsisoft disclosed last week a data breach. The company revealed that a third-party had accessed a publicly exposed database containing technical logs. The root cause of the incident was a misconfiguration of a database, used in a test environment, that was exposed to the Internet.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
FEBRUARY 10, 2021
Some might say it was inevitable that, once law enforcement and intelligence agencies realized the power of COVID-19 contact tracing applications to confirm proximity between persons, privacy would become a secondary issue. They would be right. Australia: Incidental COVID-19 App Data Collection The Office of the Inspector General of Intelligence and Security conducted a study.
The Hacker News
FEBRUARY 10, 2021
A previously known Windows remote access Trojan (RAT) with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos researchers said in a Tuesday analysis.
CSO Magazine
FEBRUARY 10, 2021
Industry rhetoric suggests that cybersecurity is an important topic in corporate boardrooms and C-suites, but according to a recent ESG survey, this is only partly true. While 58% of senior cybersecurity and business managers say that their organization’s C-level executives' commitment and buy-in to cybersecurity is “very good,” the remaining 42% say that their organization’s C-level executives' commitment and buy-in to cybersecurity is “adequate, fair, or poor.
Bleeping Computer
FEBRUARY 10, 2021
Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
FEBRUARY 10, 2021
SAP released seven new security notes on February 2021 Security Patch Day, including a Hot News note for a critical issue affecting SAP Commerce. SAP released seven new security notes on February 2021 Security Patch Day and updated six previously released notes. The new security notes include a Hot News note that addresses a critical vulnerability, tracked as CVE-2021-21477, in SAP Commerce.
Zero Day
FEBRUARY 10, 2021
Facebook's crackdown on lookalike domains last year has touched some of the domains security firm Proofpoint was using for security awareness training exercises.
SC Magazine
FEBRUARY 10, 2021
Nine major TCP/IP stacks are vulnerable to a decades old attack, and some have yet to be patched. The so-called Mitnick attack capitalizes on an improperly generated random number, known as an initial sequence number, used to prevent collisions in TCP/IP connections. If hackers can guess the number, they can insert themselves as a man in the middle.
Security Boulevard
FEBRUARY 10, 2021
Throughout these challenging times, our channel partners have kept their finger on the pulse of network security for small and medium businesses (SMBs). In our recent “Voice of the Channel” survey, they gave us some interesting insights on how businesses met the challenges in 2020, and what’s in store for 2021. It’s safe to say […]. The post How SMBs met the 2020 challenge and predictions for 2021 first appeared on Untangle.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
PCI perspectives
FEBRUARY 10, 2021
When she’s not perfecting her lock-picking skills, Angel Grant is busy building a diverse team who have the right attributes for the dynamic world of technology. In this edition of our podcast series, Angel explains that since your future job probably doesn’t exist yet, the keys to success are your transferrable skills.
CSO Magazine
FEBRUARY 10, 2021
I’m old enough to remember the screeching sound of a modem as it connected to the internet. Now we hold in our pockets more technology than I used with Netscape Navigator and Altavista to explore the World Wide Web, and web browsers have become the portal through which we access most of our critical apps and services. As we enter the era of cloud computing and the end of Adobe Flash, it’s time for enterprises to not only standardize on a web browser, but to ensure that your settings and deployme
Security Boulevard
FEBRUARY 10, 2021
In our last post on S3 buckets, we discussed “Why a modern approach is needed to protect S3 buckets.” In this post we’ll take this …. The post Protecting S3 from exfiltration attacks appeared first on Cyral. The post Protecting S3 from exfiltration attacks appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 10, 2021
French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company's operations. BleepingComputer has learned. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
299 
Let's personalize your content