Tue.Nov 16, 2021

article thumbnail

Wire Fraud Scam Upgraded with Bitcoin

Schneier on Security

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam : As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company. After the mark is convinced, the scammer will have them get cash (sometimes out of investment or retirement accounts), and head to an ATM that sells cryptocurrencies and suppor

Scams 265
article thumbnail

14 tactics to use during a ransomware negotiation

Tech Republic Security

Security researchers analyzed 700 incidents to understand the economics of these threats as well as what bargaining tactics work.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why I Hate Password Rules

Schneier on Security

The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~. Which was rejected by the site, because it didn’t meet their password security rules. It took me a minute to figure out what was wrong with it.

Passwords 335
article thumbnail

Fear and shame are making it harder to fight ransomware and accidental data loss, report finds

Tech Republic Security

A third of employees admit lying to hide the fact that they accidentally deleted data, most doing so out of embarrassment or fear of punishment. Even more would lie about a ransomware infection.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Strategic web compromises in the Middle East with a pinch of Candiru

We Live Security

ESET researchers have discovered strategic web compromise (aka watering hole) attacks against high‑profile websites in the Middle East. The post Strategic web compromises in the Middle East with a pinch of Candiru appeared first on WeLiveSecurity.

Malware 143
article thumbnail

SoNot SoSafe: Android malware disguises itself as secure messaging app

Malwarebytes

If you haven’t heard of SoSafe Chat, you will now. This Android app, purported as a secure messaging application that uses end-to-end encryption, is the latest ruse cybercriminals put upon smartphone users, particularly those based in India, to infect their devices with GravityRAT, a piece of malicious software that is known to spy on people and steal their data.

Malware 133

More Trending

article thumbnail

Over $27billion worth Cyber Crime prevented during COVID-19 Pandemic

CyberSecurity Insiders

According to a study made by security firm Bugcrowd, ethical hackers have prevented over $27 billion worth of cyber crime during the spread of Corona virus 2019. Bugcrowd’s Inside the Mind of a Hacker report compiled from the data collected in between May 1st, 2020 to August 31st, 2021 states that security vulnerabilities have increased since the start of COVID-19 pandemic, as most companies opted for work from home operations.

article thumbnail

Ethical Hackers Prevented $27B in Cybercrime

Security Boulevard

Ethical hackers proved their worth over the 14 months that the pandemic ravaged economies and organizations were at their most vulnerable, preventing $27 billion in cybercrime during the time when flaws threatened to overwhelm security teams worldwide. During the period from May 1, 2020 to August 31, 2021, eight in 10 ethical hackers found a. The post Ethical Hackers Prevented $27B in Cybercrime appeared first on Security Boulevard.

article thumbnail

6 key points of the new CISA/NSA 5G cloud security guidance

CSO Magazine

5G, or 5th generation mobile networks , is among the most talked about technologies. At a high level, it promises to connect virtually any entity spanning devices, objects, and machines. 5G improves on 4G communication networks in key areas such as latency, speed, and reliability. Cloud computing will play a pivotal role in the use and success of 5G networks.

Mobile 128
article thumbnail

OWASP Addresses API Security

Security Boulevard

API attacks are skyrocketing. According to Salt Security’s State of API Security report, “overall API traffic increased 141% while malicious traffic grew 348%.” These attacks are getting past traditional security systems, turning APIs into a top application attack vector. These findings are in line with a Cloudentity State of API Security, Privacy and Governance report.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Five James Bond gadgets which use real world technologies

CyberSecurity Insiders

As much as James Bond is known for his licence to kill and his insatiable love of Martinis (shaken, not stirred, of course), a large part of 007’s film legacy is the wide spectrum of gadgets he uses to vanquish his dastardly foes. From the extravagant, like the jetpack used in Thunderball, to the slightly ridiculous, such as the bird-wetsuit from Goldfinger, the list of gadgets that Bond has used since his cinematic debut is almost endless.

article thumbnail

Rowhammer Redux: ‘Blacksmith’ Fuzzing—Panic Now?

Security Boulevard

Researchers have cast serious doubt on claims that modern DRAM is safe against Rowhammer bit-flip attacks. The post Rowhammer Redux: ‘Blacksmith’ Fuzzing—Panic Now? appeared first on Security Boulevard.

article thumbnail

Here are the new Emotet spam campaigns hitting mailboxes worldwide

Bleeping Computer

The Emotet malware kicked into action yesterday after a ten-month hiatus with multiple spam campaigns delivering malicious documents to mailboxes worldwide. [.].

Malware 143
article thumbnail

2022 Cybersecurity predictions

CyberSecurity Insiders

The adoption of 5G will drive the use of edge computing even further. In 2020, we saw cybersecurity move from a technical problem to become a business enabler. In 2022, we will see 5G go from new technology to a business enabler bringing previously unimaginable use cases because of its high bandwidth and lower latency. Data from the current AT&T Cybersecurity Insights Report shows that 5G technology is being driven by the line of business and has been siloed between IT and OT organizations.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Spike in encrypted malware poses dual challenge for CISOs

CSO Magazine

Without proper inspection, encrypted data can be a significant security threat as the volume of malware in encrypted traffic grows. Most organizations are unprepared to conduct proper traffic analysis to cope with the issue. That’s the takeaway from two sets of new research into the threat malware hidden in encrypted traffic poses to organizations.

article thumbnail

SMB Companies Beware: The Ransomware Hunter is Aiming at You

Security Boulevard

Ransomware attackers aren’t always after the biggest fish. In fact, so-called “mid game hunting” — as opposed to “big game” hunting — where attackers identify smaller targets that are less likely to trigger a legal or governmental response, appears to be on the rise. The post SMB Companies Beware: The Ransomware Hunter is Aiming at You appeared first on Security Boulevard.

article thumbnail

Apple brings feature back that allow users to report fraudulent apps

CyberSecurity Insiders

Apple iOS 15 has brought back a feature that allows users to report fraudulent apps before anyone could lose money fraudulently. The feature “Report a Problem’ allows users to report any kind of discrepancy in applications that can lead to scams, abusive content or espionage. Also, some apps these days promise to their users about money back refund as soon as they opt out of the in-app purchases due to total dissatisfaction. iPhone giant has allowed users report any such frauds before they can t

Scams 120
article thumbnail

Windows 10 21H2 is released, here are the new features

Bleeping Computer

Microsoft has released Windows 10 21H2, also known as the November 2021 Update, and it is available to users running Windows 10 2004 or later as an optional update in Windows Update. [.].

123
123
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Emotet is back again: what does it mean?

Digital Shadows

Emotet is back again on the scene and, to be fair, we’re not surprised. Its predictable return has come just. The post Emotet is back again: what does it mean? first appeared on Digital Shadows.

article thumbnail

SharkBot Android banking Trojan cleans users out

Malwarebytes

Researchers have discovered and analyzed a new Android banking Trojan that allows attackers to steal sensitive banking information such as user credentials, personal information, current balance, and even to perform gestures on the infected device. According to the researchers, SharkBot demonstrates: “…how mobile malwares are quickly finding new ways to perform fraud, trying to bypass behavioural detection countermeasures put in place by multiple banks and financial services during t

Banking 107
article thumbnail

WordPress sites are being hacked in fake ransomware attacks

Bleeping Computer

A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration. [.].

Hacking 124
article thumbnail

SharkBot Android Trojan Steals Banking and Crypto Accounts

Heimadal Security

A new malware has made its way onto the threat landscape. Security experts have revealed the emergence of the SharkBot Android trojan. It apparently targets crypto and banking services from the U.S., the U.K., and Italy. It works by exploiting devices accessibility features having the goal of credentials theft. Characteristics of SharkBot Android Trojan According […].

Banking 106
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Microsoft adds AI-driven ransomware protection to Defender

Bleeping Computer

Microsoft has introduced an AI-driven ransomware attack detection system for Microsoft Defender for Endpoint customers that complements existing cloud protection by evaluating risks and blocking actors at the perimeter. [.].

article thumbnail

New Mac malware raises more questions about Apple’s security patching

Malwarebytes

Apple’s reputation on security has been taking a beating lately. As mentioned in some of our previous coverage, security researcher Joshua Long recently shone a light on problems with Apple’s security patching strategy. His findings showed a shocking number of cases where Apple patched a vulnerability, but did not do so in all of the vulnerable system versions.

Malware 104
article thumbnail

Data and the Cat-and-Mouse Game of Security

Security Boulevard

Security has always been a cat-and-mouse game. Hackers find a way to breach security. Security teams fix the holes and implement new controls. Then bad actors find a way to circumvent those new measures. Rinse and repeat. The odds, unfortunately, are in the attackers’ favor. It’s not a matter of if but when the next. The post Data and the Cat-and-Mouse Game of Security appeared first on Security Boulevard.

article thumbnail

Mandiant links Ghostwriter operations to Belarus

Security Affairs

Security researchers at the Mandiant Threat Intelligence team believe that Ghostwriter APT group is linked to the government of Belarus. Mandiant Threat Intelligence researchers believe that the Ghostwriter disinformation campaign (aka UNC1151) was linked to the government of Belarus. In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Top 5 Considerations When Looking for reCAPTCHA Alternative

Security Boulevard

Hey bots, GOTCHA! Sadly, that is no longer the case with reCAPTCHA. Bots are evolving at a break-neck speed and digital businesses need an efficient reCAPTCHA alternative for long-term protection CAPTCHA is an acronym for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’. The technology was developed more than two decades ago […].

article thumbnail

Google Chrome 96 breaks Twitter, Discord, video rendering and more

Bleeping Computer

Google Chrome 96 was released yesterday, and users are reporting problems with Twitter, Discord, and Instagram caused by the new version. [.].

Software 134
article thumbnail

Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform

The Hacker News

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country.

109
109
article thumbnail

DHS offers program to recruit and retain talent in Cybersecurity

CyberSecurity Insiders

Department of Homeland Security, shortly known as DHS, has launched a Cyber Talent Management System (CTMS) that offers a scope to recruit and retail cybersecurity talent. It is a kind of methodical approach made by the law enforcement agency to hire, develop, and retain the best talent in security. As Information Technology usage is growing, the same old traditional hiring techniques won’t work while hiring for critical vacancies.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.