Joseph Steinberg

FEBRUARY 2, 2021

While we have become somewhat accustomed to the data collection practices of online retailers seeking to analyze our purchase histories in order to better target their marketing efforts, many people may not realize that even some well-known retailers also use data provided by people whose purchases the retailer itself cancelled. To understand the significance of the issue, please consider a recent experience of mine: The week of Black Friday weekend, I ordered a new refrigerator from an online r

Retail 182

Retail Data collection Artificial Intelligence Marketing 182

We Live Security

FEBRUARY 2, 2021

ESET researchers publish a white paper about unique multiplatform malware they’ve named Kobalos. The post Kobalos – A complex Linux threat to high performance computing infrastructure appeared first on WeLiveSecurity.

Malware 145

Malware 145

Bleeping Computer

FEBRUARY 2, 2021

The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. [.].

Software 142

Software Hacking 142

Tech Republic Security

FEBRUARY 2, 2021

Opening up a window into your home workspace may be riskier than you think as hackers target employees to infiltrate corporate networks.

147

147

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

FEBRUARY 2, 2021

The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out. [.].

Ransomware 140

Ransomware 140

CSO Magazine

FEBRUARY 2, 2021

The surprise announcement that Jeff Bezos will leave later this year and hand over the reins to AWS leader Andy Jassy marks a remarkable rise for Jassy. He began as a marketing manager in 1997 and started AWS in 2003.

Marketing 131

Marketing 131

Zero Day

FEBRUARY 2, 2021

A bug in the Sudo app can let attackers with access to a local system to elevate their access to a root-level account.

Accountability 143

Accountability 143

Security Boulevard

FEBRUARY 2, 2021

Each week Breach Clarity compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach. The post Breach Clarity Data Breach Report: Week of Feb. 1 appeared first on Security Boulevard.

Data breaches 116

Data breaches Risk Ransomware Malware 116

Security Affairs

FEBRUARY 2, 2021

The global leader of embedded system software Wind River Systems discloses a data breach that resulted in the theft of customers’ personal information. Wind River Systems, a global leader in delivering software for smart connected systems, discloses a data breach. The company claims its technology is found in more than 2 billion products, it develops run-time software, middleware, development and simulation platforms.

Software 113

Software Data breaches Insurance Hacking 113

Security Boulevard

FEBRUARY 2, 2021

An enterprise's inability to detect cyber attacks has tangible effects on its productivity and profitability. Various reports have noted a correlation between the time it takes to spot an intrusion and the cost of recovery. The post Why Responding to a Cyber Attack with a Traditional SIEM Leaves You Vulnerable appeared first on Security Boulevard.

Cyber Attacks 113

Cyber Attacks Data breaches 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

FEBRUARY 2, 2021

All the corporate networks out there you better be aware of the incident where ransomware spreading threat actors are seen exploiting the vulnerabilities of VMware ESXi software. RansomExx Gang is seen exploiting CVE-2019-5544 and CVE-2020-3992 virtual software infecting the machines on the network with the file encrypting malware. So, companies using the said software are being requested to keep a tab on their virtual machines that are at a risk of getting encrypted soon.

Ransomware 113

Ransomware Encryption Software Malware 113

Security Boulevard

FEBRUARY 2, 2021

Understandably, most chief executive officers focus on the business aspect of the company. Their main goal is to make sure a company keeps gaining profit and everything is run smoothly. But there is one important thing that most CEOs overlook and it’s cybersecurity. The post 5 Things Every CEO Should Know About Cybersecurity appeared first on CCSI. The post 5 Things Every CEO Should Know About Cybersecurity appeared first on Security Boulevard.

Cybersecurity 111

Cybersecurity Ransomware Network Security 111

Security Affairs

FEBRUARY 2, 2021

Cyber Defense Magazine February 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 108 pages of excellent content. 108 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.

InfoSec 105

InfoSec DNS Marketing Media 105

CyberSecurity Insiders

FEBRUARY 2, 2021

In one of the astonishing revelations made in the 60 minutes report aired on an American Television channel CBS, china seems to have stolen data of almost 80% of US Adults. No wait, there is more! Recently, china based BGI Group has approached 6 of the different states with a proposal to construct R&D labs related to Corona Virus. And the company is so desperate in its aim that it has made the promise to make humongous donations in currency if the state governors help fulfill its interests.

Healthcare 110

Healthcare Cybersecurity 110

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

NSTIC

FEBRUARY 2, 2021

In 2020, NIST prioritized helping individuals and organizations shift to a more online environment to keep people safe and our economy productive. Despite the many challenges brought by the pandemic, we were fortunate to be able to continue our work on an array of new resources to help manage cybersecurity and privacy risks. As NIST looks ahead to the “new normal,” we plan to build on lessons learned during the pandemic and to be even more strategic in anticipating and tackling the many challeng

Cybersecurity 110

Cybersecurity Risk 110

Dark Reading

FEBRUARY 2, 2021

Despite multiple layers of protection, fileless malware cyberattacks remain rampant and difficult to defeat. In this, the first of The Edge's three-part series about the cyberthreat and how to fight back, you'll learn what fileless malware is and why it's so dangerous.

Malware 109

Malware 109

Hot for Security

FEBRUARY 2, 2021

Identity theft victims have doubled during COVID-19, with a record 1.4 million reports of identity theft in 2020, according to the latest FTC report. The surge in identity theft reports is closely linked to the financial hardship and nationwide rise in unemployment that prompted cybercriminals to turn their attention to government unemployment benefits.

Identity Theft 107

Identity Theft Small Business Government Internet 107

Security Affairs

FEBRUARY 2, 2021

ESET experts uncovered a previously undocumented piece of malware that had been observed targeting high-performance computing clusters (HPC). ESET analyzed a new piece of malware, dubbed Kobalos, that was employed in attacks against high-performance computing clusters (HPC). The name Kobalos comes from a small sprite from Greek mythology, a mischievous creature fond of tricking and frightening mortals.

Malware 105

Malware Internet Internet Cryptocurrency 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

FEBRUARY 2, 2021

For the second time in less than three months, Apple has patched vulnerabilities in the software for iPhone and iPad, warning that the issues are already being targeted by attackers.

Software 105

Software 105

CSO Magazine

FEBRUARY 2, 2021

Security researcher Andrei Costin started to work from home many years ago, and when it comes to security internet of things (IoT) devices, he had his fair share of eyebrow-raising moments. “There were several instances where I had replaced my home routers because the vendor did not provide security fixes nor firmware updates,” Costin says, adding that current security practices are not keeping up with the changing landscape of working from home.

IoT 105

IoT Firmware Internet Internet 105

InfoWorld on Security

FEBRUARY 2, 2021

We’ve lived through pandemics before, and the silver lining is that they eventually go away. Remote work was not a reaction to the COVID-19 crisis; it’s been an option for many during the past several years—and one that most people used at least some of the time. In many respects, enterprises were preparing for a 99% remote workforce without even knowing it.

Cloud Migration 98

Cloud Migration Risk 98

Security Boulevard

FEBRUARY 2, 2021

I’m definitely not the first to ask this. James Whitman a couple years ago published a whole book at Princeton Press called “Hitler’s American Model: The United States and the Making of Nazi Race Law” Whitman tells us of Nazi efforts to use American racist laws to help draft their Nuremberg Laws. It makes sense. … Continue reading Was Woodrow Wilson’s Administration a Blueprint for Nazi Germany?

98

98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

FEBRUARY 2, 2021

Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks. According to ZDNet , threat actors are using VMWare ESXi exploits to encrypt the disks of virtual machines deployed in enterprise environments.

Encryption 103

Encryption Ransomware System Administration Hacking 103

CyberSecurity Insiders

FEBRUARY 2, 2021

The National Cyber Security Centre, a cyber arm of UK’s GCHQ, has handed over some guidelines to businesses desiring to stay away from ransomware attacks. Citing an example of a UK based firm that was struck by a ransomware gang two times earning them close to £10 million, the government setup security organization advises not to pay when a ransomware strikes a database.

Ransomware 97

Ransomware Backups Malware Encryption 97

Tech Republic Security

FEBRUARY 2, 2021

Commentary: Open source has never been more popular, or had more need to be actively maintained. Find out how Tidelift catalogs can help.

106

106

SC Magazine

FEBRUARY 2, 2021

The Washington State Capitol Building in Olympia. (Pastajosh, CC BY-SA 4.0, via Wikimedia Commons). Malicious actors last Dec. 25 stole millions of unemployment applicants’ data from the Washington State Auditor’s Office (SAO) via a zero-day vulnerability in a 20-year-old file transfer service from Accellion, Inc. The incident and its aftermath serve as an example of the discord and miscommunications that can transpire between a third-party software provider and its users when something goes wro

Government 96

Government CISO Media Encryption 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Digital Guardian

FEBRUARY 2, 2021

China's voracious collection of U.S. healthcare data, including DNA, can pose a national security risk, not to mention harm the privacy of Americans.

Healthcare 102

Healthcare Risk 102

Security Boulevard

FEBRUARY 2, 2021

In 2015, I wrote a book about the Security Data Lake. At the time, the big data space was not as mature as today and especially the intersection of big data and security wasn’t a well understood area. Fast forward to today, people are talking about to the “Data Lakehouse“. A new concept that has […]. The post The Data Lakehouse Post 1 – My Database Wishlist – A Rant appeared first on Security Boulevard.

Big data 93

Big data 93

Digital Shadows

FEBRUARY 2, 2021

Once upon a time, a high-profile dark web marketplace seizure or exit scam would have been big news in the. The post DarkMarket’s seizure: the decline of the marketplace? first appeared on Digital Shadows.

Scams 95

Scams Cybercrime 95

Security Boulevard

FEBRUARY 2, 2021

This week, AttackIQ is proud to announce its integration with Exabeam, a modern security information and event management (SIEM) platform that helps security teams work smarter to detect and prevent attacks. How does Exabeam work, and why is this partnership important? The post AttackIQ and Exabeam, working together to elevate cybersecurity effectiveness appeared first on AttackIQ.

Cybersecurity 92

Cybersecurity 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.