Thu.Aug 05, 2021

article thumbnail

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California.

article thumbnail

Ransomware Gangs and the Name Game Distraction

Krebs on Security

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Strange World of “Good Enough” Fencing

Daniel Miessler

I’ve always been fascinated by security that was “just good enough” I think lots of security actually qualifies (see The News), but I think fencing (and maybe bike locks) take first prize. As a kid I used to love breaking into stuff. Nighttime construction sites. Abandoned buildings. Whatever. And the older I got the more I started paying attention to how silly most fences are.

Risk 289
article thumbnail

Where to find the best-paying cybersecurity jobs

Tech Republic Security

New analysis includes salary data, cost of living and how easy it is to find a job and identifies cities with the best pay and the most open positions.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cyber-Liability Insurance 101: First Party Vs. Third Party Risks

Joseph Steinberg

One of the important concepts about which people must be aware when evaluating their cybersecurity postures and related liabilities, but which, for some reason, many folks seem to be unaware, is the difference between first-party risks and third-party risks. Understanding the difference between the two is also essential when seeking to obtain – and when acquiring – cyber-liability insurance.

Insurance 141
article thumbnail

The most secure browser for transmitting sensitive data is definitely not Chrome

Tech Republic Security

Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data.

More Trending

article thumbnail

Why cloud security is the key to unlocking value from hybrid working

We Live Security

How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats? The post Why cloud security is the key to unlocking value from hybrid working appeared first on WeLiveSecurity.

142
142
article thumbnail

NSA, CISA release Kubernetes hardening guidance following Fancy Bear attacks

CSO Magazine

Earlier this week, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint document entitled Kubernetes Hardening Guidance. Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling and management of applications, usually in a cloud environment.

article thumbnail

Open Source Security: A Big Problem

eSecurity Planet

Open source security has been a big focus of this week’s Black Hat conference, but no open source security initiative is bolder than the one proffered by the Open Source Security Foundation (OpenSSF). Amid discussions on the security of open source technologies like eBPF and Hadoop, OpenSSF speakers Jennifer Fernick, SVP and head of global research at NCC Group, and Christopher Robinson, Intel’s director of security communications, outlined the group’s vision to secure open sou

Big data 138
article thumbnail

MacOS Flaw in Telegram Retrieves Deleted Messages

Threatpost

Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.

143
143
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Conti Ransomware gang plans leaked by hacker

CyberSecurity Insiders

A hacker working for Conti Ransomware has reportedly leaked some of the important document files on a hacker’s forum. The intention of the hacker on revealing the plans is unclear. But security analysts state that the hacker might have gone rogue against the Conti Ransomware group as he/she might have received less or a nil amount from the extortion money when it is divided up among his/her co-criminals involved in a cyber attack campaign.

article thumbnail

Angry Conti ransomware affiliate leaks gang's attack playbook

Bleeping Computer

A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators. [.].

article thumbnail

Amazon will pay you $10 for your palm prints. Should you be worried?

Malwarebytes

Retail giant Amazon recently offered to pay $10 USD for your palm prints. Would you offer them your hand? Many seem to home in and seethe over the price being too little for something as priceless and unique as their palm print, not realizing that when it does come to registering biometric data in general, everyone gives their prints away for free.

Retail 132
article thumbnail

Is your personal information being abused?

We Live Security

Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls. The post Is your personal information being abused? appeared first on WeLiveSecurity.

138
138
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

4 things you should know about cybersecurity pros

CSO Magazine

The 5 th annual Life and Times of Cybersecurity Professionals report from ESG and the Information Systems Security Association ( ISSA ) provides valuable insight into the challenges cybersecurity pros face, how they see themselves relative to the rest of the organization, and what brings them job satisfaction, among many other data points.

article thumbnail

BlackMatter ransomware also targets VMware ESXi servers

Security Affairs

BlackMatter gang rapidly evolves, the group has developed a Linux version that allows operators to targets VMware’s ESXi VM platform. The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. This is the last ransomware in order of time that is able to target VM platforms, some of the other ransomware operations that do the same are REvil , RansomExx/Defray , Mespinoza , HelloKitty , and Babuk.

article thumbnail

Linux version of BlackMatter ransomware targets VMware ESXi servers

Bleeping Computer

?The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. [.].

article thumbnail

Italian energy company ERG hit by LockBit 2.0 ransomware gang

Security Affairs

ERG SPA, an Italian energy company, reports a minor impact on its operations after the recent ransomware attack conducted by LockBit 2.0 gang. Recently the Italian energy company ERG was hit by the LockBit 2.0 ransomware gang, now the company reported “only a few minor disruptions” for its ICT infrastructure. The company is active in the production of wind energy, solar energy, hydroelectric energy and high-yield thermoelectric cogeneration energy with low environmental impact. ̶

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Deloitte acquires industrial Cybersecurity solution provider aeCyberSolutions

CyberSecurity Insiders

IT giant Deloitte has announced that it is going to acquire aeCyberSolutions that is into the business of industrial Cybersecurity. The financial terms of the deal are yet to be known, but reports are in that the deal only includes assets belonging to the cyber arm of the Applied Engineering Solutions (aeSolutions) and not other businesses. Trade analysts say that the deal will strengthen the stand of Deloitte in the development of business related to industrial risk advisory and security assess

article thumbnail

Salesforce Release Updates — A Cautionary Tale for Security Teams

The Hacker News

On the surface, Salesforce seems like a classic Software-as-a-Service (SaaS) platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform's capabilities.

Marketing 132
article thumbnail

Supply Chain Security – Not As Easy As it Looks

Security Boulevard

The massive exploit of SolarWinds is a prime example of what is called a “supply chain” vulnerability. The vast majority of those impacted by the Russian SolarWinds attack probably had never even heard of the company SolarWinds, and did not realize that they were dependent upon that company for critical infrastructure. Indeed, modern supply chains, The post Supply Chain Security – Not As Easy As it Looks appeared first on Security Boulevard.

article thumbnail

CISOs: Do you know what's in your company’s products?

CSO Magazine

In the guidance issued by the Cybersecurity and Infrastructure Security Agency (CISA) in April 2021 on securing one’s supply chain, a portion of the guidance was dedicated to the threat vector posed to entities during their design phase. The question COOs should be asking their CISO’s is: “How can I make my product and processes the most secure and operate within acceptable risk parameters for the company and our customers?

CISO 126
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Conti ransomware affiliate leaked gang’s training material and tools

Security Affairs

An affiliate of the Conti RaaS has leaked the training material shared by the group with its network along with the info about one of the operators. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one of the operators. The Conti Ransomware operators offer their services to their affiliates and maintain 20-30% of each ransom payment.

article thumbnail

Linux tutorial: How to disable the login banner

Tech Republic Security

You'll also learn why disabling the Linux login banner helps make your Linux servers more secure.

152
152
article thumbnail

Health Care Security Must Mature With 5G

Security Boulevard

It’s clear that 5G technology is rapidly coming of age, and is enjoying wide adoption across every industry. According to Gartner, the market for 5G infrastructure was predicted to hit $4.2 billion over the past year, with two-thirds of companies deploying the technology. Health care is a leading application for 5G, and providers are looking. The post Health Care Security Must Mature With 5G appeared first on Security Boulevard.

Marketing 124
article thumbnail

Microsoft Edge just got a 'Super Duper Secure Mode' upgrade

Bleeping Computer

Microsoft has announced that the Edge Vulnerability Research team is experimenting with a new feature dubbed "Super Duper Secure Mode" and designed to bring security improvements without significant performance losses. [.].

124
124
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

United States to use Amazon, Google and Microsoft to bolster security against Ransomware Attacks

CyberSecurity Insiders

As more and more companies are becoming soft targets for ransomware spreading gangs, United States is all set to knock the doors of big technology companies like Amazon, Google, and Microsoft to offer protecting collaboratively. Named as Joint Cyber Defense Collaboration, the initiative will allow the Department of Homeland Security to officially seek help from tech companies against sophisticated cyber attacks such as ransomware and espionage related malware attacks.

article thumbnail

Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

The Hacker News

Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorized login to the CPU module, and even cause a denial-of-service (DoS) condition.

119
119
article thumbnail

CISA teams up with Microsoft, Google, Amazon to fight ransomware

Bleeping Computer

CISA has announced the launch of Joint Cyber Defense Collaborative (JCDC), a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats. [.].

article thumbnail

A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service

The Hacker News

Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.