Daniel Miessler

APRIL 20, 2021

Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security terminology. Casey also added that Acceptable Risk would be being willing to get punched in the face. threat actor = someone who wants to punch you in the face threat = the punch being thrown vulnerability = your inability to defend against the punch risk = the likelihood of getting punched in the face — cje (@caseyjohnellis) April 19, 2021.

Risk 335

Risk Information Security 335

Schneier on Security

APRIL 20, 2021

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will leave it to those with experience in foreign relations to convince me that the response is sufficient to deter future operations.

Hacking 294

Hacking 294

Krebs on Security

APRIL 20, 2021

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [ NYSE:IT ] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry. Earlier this month, a reader pointed my attention to the following notice from Gartner to clients who are seeking to promote Gartner reports about technology products and services: What that notice says is that KrebsOnSecurity is somehow

Marketing 212

Marketing Technology Software Cybercrime 212

Tech Republic Security

APRIL 20, 2021

As the use of cryptocurrency increases, so does the risk of being a target for scammers. Tom Merritt offers five tips for defending against cryptocurrency scams.

Cryptocurrency 215

Cryptocurrency Scams Risk 215

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Joseph Steinberg

APRIL 20, 2021

Poorly-designed processes and shoddy information-systems, coupled with a prevailing atmosphere of general mismanagement, have created a privacy nightmare for Americans being vaccinated against COVID-19; some of the problems being created now will likely still impact people many years after the pandemic ends. And, ironically, while so many pundits continue to raise privacy concerns about “vaccine passports” – properly implemented passports would likely create far fewer privacy issues than we have

Healthcare 162

Healthcare Insurance Computers and Electronics Data collection 162

Tech Republic Security

APRIL 20, 2021

A former pro baseball player and coach turned sports psychologist believes there is much cybersecurity pros can learn from sports mental conditioning. He wants to help them hit more home runs.

Cybersecurity 184

Cybersecurity 184

Tech Republic Security

APRIL 20, 2021

The new platform is a combination of SASE, access control and cloud-native endpoint security that the company said is the only solution of its kind on the market.

Marketing 148

Marketing 148

Security Boulevard

APRIL 20, 2021

As we head deeper into 2021, it’s beginning to feel like there’s a light at the end of the tunnel and we can all take a deep breath. 2020 was a tumultuous year, one marked by a global pandemic, natural disasters and civil unrest. Last year also saw record number cybercrime complaints, with the FBI […]. The post Ransomware 2021 has evolved. Are you keeping up with network security?

Network Security 145

Network Security Ransomware Cybercrime Phishing 145

Tech Republic Security

APRIL 20, 2021

As the use of cryptocurrency increases, so does the risk of being a target for scammers. Tom Merritt offers five tips for defending against cryptocurrency scams.

Cryptocurrency 139

Cryptocurrency Scams Risk 139

The Hacker News

APRIL 20, 2021

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware.

Internet 145

Internet Internet Advertising Malware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

APRIL 20, 2021

More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. Sources state hundreds of customer networks have been breached in the incident, expanding the scope of this system breach to beyond just Codecov's systems. [.].

Hacking 144

Hacking 144

We Live Security

APRIL 20, 2021

The malware sends automated replies to messages on WhatsApp and other major chat apps. The post WhatsApp in pink? Watch out for this fake update appeared first on WeLiveSecurity.

Malware 142

Malware Mobile 142

Bleeping Computer

APRIL 20, 2021

Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. [.].

Manufacturing 139

Manufacturing 139

SC Magazine

APRIL 20, 2021

A sign is posted in front of the LinkedIn headquarters in Mountain View, California. (Photo by Justin Sullivan/Getty Images). Some 10,000 U.K. nationals have been lured on LinkedIn over the past five years by fake profiles tied to hostile nation-state threat actors. The story was first reported by BBC, which attributed the news to MI5, the British spy agency made popular in James Bond movies.

Social Engineering 139

Social Engineering Government Architecture Media 139

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

APRIL 20, 2021

Sophisticated, nation-state attacks on prominent federal agencies tend to capture the majority of cybersecurity headlines. But security pros know the greater risk to their organizations comes from a more mundane, but more prevalent threat: email phishing attacks. In fact, in a September 2020 GreatHorn survey of 1,123 U.S. users, 38% of respondents reported that a.

Phishing 138

Phishing Risk Cybersecurity Malware 138

Bleeping Computer

APRIL 20, 2021

Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say. [.].

Cryptocurrency 134

Cryptocurrency Government 134

Dark Reading

APRIL 20, 2021

Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.

InfoSec 131

InfoSec IoT 131

CSO Magazine

APRIL 20, 2021

The CEO’s email landed in Maurice Stebila’s inbox around midnight, the message asking whether Stebila, the company’s CISO at the time, had heard about the latest news-making cyber event. “He had no idea we were already looking at this event,” Stebila says. Stebila already had regular conversations with the CEO and other executives, but that late-night email cemented his plans to develop a weekly report updating the C-suite about cyberthreats. [ Learn 12 tips for effectively presenting cybersecur

CSO 128

CSO CISO Cybersecurity 128

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The State of Security

APRIL 20, 2021

Whilst employment has taken a downward curve over the last year or so, there are a variety of approaches I use when applying for a role to help my CV stand out. One key point is knowing what the job entails before submitting my cover letter and CV. This allows me to tailor my message […]… Read More. The post What in the World Is a CISO? appeared first on The State of Security.

CISO 127

CISO 127

WIRED Threat Level

APRIL 20, 2021

Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out.

Hacking 127

Hacking 127

CyberSecurity Insiders

APRIL 20, 2021

A ransomware hack on a Taiwan-based Technology Company dubbed Quanta Computer is said to have leaked technically product Blueprints related to Apple Inc. Those spreading REvil aka Sodinokibi said that data will be published online if the victim company fails to bow down to the demands of their hackers. To strengthen their claims that they are indeed in possession of the true data REvil ransomware spreading gang posted 21 screen shots showing MacBook Schematics and are demanding $50 million in re

Ransomware 122

Ransomware Wireless Technology Hacking 122

Graham Cluley

APRIL 20, 2021

The social network has goofed again. But this time it's Facebook's PR team's handling of a data breach rather than its users who have been left exposed.

Data breaches 131

Data breaches Media 131

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SC Magazine

APRIL 20, 2021

The San Francisco Giants celebrate winning the 2014 World Series. Derin McMains, now director of mental conditioning at ReliaQuest, served as peak performance coordinator for the Giants organization that year. (Getty Images – Doug Pensinger /Staff). Baseball can be a game of heart-stopping pressure. One that requires patience, perseverance, stamina and resilience.

Cybersecurity 120

Cybersecurity Media InfoSec Passwords 120

Tech Republic Security

APRIL 20, 2021

The open source community delivered vital help to companies affected by the SolarWinds attack.

151

151

Digital Shadows

APRIL 20, 2021

In the first quarter of 2021, several high-severity vulnerabilities were used as a conduit to solicit several malicious campaigns. This. The post Q1 Vulnerability Roundup first appeared on Digital Shadows.

Internet 119

Internet Internet Cybercrime 119

Malwarebytes

APRIL 20, 2021

Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is one of these people. He has submitted at least a hundred reports to Facebook which have been resolved, making Facebook a safer platform along the way. Generally speaking, people may refer to this work as being a bug bounty hunter, but there is more to it than that.

Hacking 118

Hacking Penetration Testing Education Accountability 118

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

APRIL 20, 2021

Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited a now-fixed bug in their website to steal the driver’s licenses for policyholders for several weeks.

Insurance 118

Insurance Data breaches Hacking Information Security 118

Bleeping Computer

APRIL 20, 2021

Eversource, the largest power supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server. [.].

Data breaches 121

Data breaches 121

Hot for Security

APRIL 20, 2021

The UK’s National Fraud & Cyber Crime Reporting Center (Action Fraud) has launched a national awareness campaign to warn citizens about the importance of protecting their pensions from fraudsters. Although pension scam reports have decreased considerably since 2014, the agency has received 107 notifications from swindled savers between January and March 2021 – a 45% increase compared to the same period in 2020.

Scams 116

Scams Financial Services Media Banking 116

CSO Magazine

APRIL 20, 2021

As an infosec professional, you may be already familiar with decades-old network monitoring and security tools like Nmap, Wireshark or Snort, and password crackers like Ophcrack. Having these applications at your disposal has been an indispensable part of the gig.

InfoSec 115

InfoSec Passwords 115

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.