Wed.Feb 17, 2021

article thumbnail

Browser Tracking Using Favicons

Schneier on Security

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.). Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less track

VPN 346
article thumbnail

Top 5 things to know about adversarial attacks

Tech Republic Security

Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.

190
190
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Clubhouse under scrutiny for sending data to Chinese servers

Malwarebytes

The audio-chat app Clubhouse is the latest rage in the social media landscape. What makes it so popular and, now it’s part of the social media landscape, can we trust it? The Clubhouse app. Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It is different from other social media in that it focuses on the spoken word.

Media 144
article thumbnail

Microsoft's Power BI gets new tools to prevent leakage of confidential data

Tech Republic Security

Information protection makes sure that only people with permissions see data in Power BI, while retaining the ability to share top-level trends, balancing productivity and security.

174
174
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Top 2021 banking and fintech security regulations

Security Boulevard

As more people move to fintech and digital banking, financial data security compliance is becoming tougher. Here’s what app developers need to know for 2021. The post Top 2021 banking and fintech security regulations appeared first on Intertrust Technologies. The post Top 2021 banking and fintech security regulations appeared first on Security Boulevard.

Banking 137
article thumbnail

Kaspersky: Goofing off a little at work may help security teams stay focused

Tech Republic Security

The security company found that 85% of workers spend up to five hours a week watching YouTube, listening to podcasts, or exercising during work hours.

150
150

More Trending

article thumbnail

Overcoming IoT Asset Management Challenges

Security Boulevard

The ability to track anything — from the level of coffee left in your pot to a real-time inventory of goods in a warehouse — is compelling in any industry. With the number of IoT devices expected to reach 55.7 billion worldwide by 2025, security teams face increasing complexity and challenges in discovering, managing and. The post Overcoming IoT Asset Management Challenges appeared first on Security Boulevard.

IoT 134
article thumbnail

Kia Motors America suffers ransomware attack, $20 million ransom

Bleeping Computer

Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data. [.].

article thumbnail

Adversarial attacks: 5 things to know

Tech Republic Security

Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.

124
124
article thumbnail

How to defend against OAuth-enabled cloud-based attacks

CSO Magazine

Recently Malwarebytes reported that the SolarWinds hackers accessed its internal emails using the same intrusion vector they used in other attacks. The vector appears to abuse applications with privileged access to Microsoft Office 365 and Azure environments. The representative stated that “the investigation indicated the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft starts removing Flash from Windows devices via new KB4577586 update

Zero Day

Windows 10 users are reporting seeing a new update this week that permanently removes Flash from their systems.

142
142
article thumbnail

Egregor ransomware takes a hit after arrests in Ukraine

CSO Magazine

A cybercriminal group associated with the Egregor ransomware was dismantled in Ukraine following a joint action by US, French and Ukrainian authorities. The website used by the Egregor group to post information about victims in an attempt to coerce them has been shut down and the command-and-control server has also been disrupted. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters.

article thumbnail

Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

Zero Day

The owners of the once-legitimate Android app insist that a buyer was responsible for a malicious update with far-reaching consequences.

Scams 127
article thumbnail

Microsoft force installs Windows 10 update to remove Flash Player

Bleeping Computer

Microsoft is force installing a Windows 10 update that removes the embedded 32-bit version of Adobe Flash Player from the operating system. [.].

145
145
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Yandex sysadmin caught selling access to email accounts

Malwarebytes

Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The company says it spotted the breach after a routine check by its security team. They found that one of their system administrators with access to customer accounts was allowing third-parties to see some of these accounts “for personal gain” Yandex made it clear in its off

article thumbnail

Zero Trust Meets OS Patch Management

Duo's Security Blog

We are always facing new vulnerabilities in our software, especially in operating systems in the EU and worldwide. Apple issued a security update release for iOS 14.4 recently, as a patch for three actively exploited Zero Days in iOS 14.2, likely being used as an exploit chain. This is an example of many vulnerabilities that can be mitigated with an available patch.

CISO 104
article thumbnail

Automated cars are vulnerable to Cyber Attacks

CyberSecurity Insiders

A study carried out by Trend Micro has revealed that there are multiple possibilities for the automated cars to be targeted by Cyber Attacks. Researchers from the security firm revealed that those into manufacturing of connected cars have to focus more on keeping their automatives safe from the prying eyes of the threat actors. Trend Micro says that most of the Intelligent Transportation systems (ITS) of connected cars could be susceptible to DdoS attacks launched by state funded actors.

article thumbnail

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Threatpost

A new version of the Masslogger trojan has been targeting Windows users - now using a compiled HTML (CHM) file format to start the infection chain.

Malware 117
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Mitigating Memory Safety Issues in Open Source Software

Google Security

Posted by Dan Lorenc, Infrastructure Security Team Memory-safety vulnerabilities have dominated the security field for years and often lead to issues that can be exploited to take over entire systems. A recent study found that "~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues.” Another analysis on security issues in the ubiquitous `curl` command line tool showed that 53 out of 95 bugs would have been completely prevented by using a mem

Software 111
article thumbnail

Oldsmar’s Cyber Attack Raises the Alarm for the Water Industry

Cisco Security

On February 8, 2021, the City of Oldsmar, Florida gave a press conference to disclose “an unlawful intrusion to the city’s water treatment system.” Someone on the Internet successfully accessed the computer controlling the chemicals used to treat drinking water for the city and changed the level of sodium hydroxide to 11,100 parts per million (ppm), a significant increase from the normal amount of 100 ppm.

article thumbnail

The Adoption of Cybersecurity Insurance and its Role in the Modern World

Security Boulevard

In this part of the blog series on the connection between cybersecurity and insurance, we move into the adoption of cybersecurity insurance and what is typically covered by these policies. Beginnings: the need to distinguish between digital and physical property Cybersecurity insurance is a new product concept. It came to life in the late. Read article > The post The Adoption of Cybersecurity Insurance and its Role in the Modern World appeared first on Axio.

Insurance 106
article thumbnail

Rising healthcare breaches driven by hacking and unsecured servers

Bleeping Computer

2020 was a bad year for healthcare organizations in the U.S., which had to deal with a record-high number of cybersecurity incidents on the backdrop of the COVID-19 pandemic. [.].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

The Week in Breach News: 02/10/21 – 02/16/21

Security Boulevard

A Florida municipal water plant breach raises alarm, a French hospital breach impacts care, and making a battle plan for profit! The post The Week in Breach News: 02/10/21 – 02/16/21 appeared first on Security Boulevard.

article thumbnail

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

The Hacker News

A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.

Software 105
article thumbnail

Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed

Threatpost

Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups.

116
116
article thumbnail

Don’t Get Tracked: How To Protect Your Privacy Online In 9 Tips

SecureBlitz

This post will show you how to protect your privacy online. Unless you have been living under a rock the past few years, you would have noticed an increasingly strident cry for data privacy protection from netizens and civil rights workers alike. Grassroots movements put increasing pressure on local and national governments to act on. The post Don’t Get Tracked: How To Protect Your Privacy Online In 9 Tips appeared first on SecureBlitz Cybersecurity.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Three North Korean hackers charged for financial and revenge-motivated hacks

SC Magazine

The Department of Justice has unsealed an indictment against three members of Lazarus Group. Charges against one of the three were first brought in 2018. (Mario Tama/Getty Images). The Department of Justice has unsealed an indictment against three members of Lazarus Group for a wide range of financially-motivated hacks against private businesses that authorities said were designed to steal $1.3 billion in currency and cryptocurrency and further other strategic interests for the North Korean gove

Hacking 103
article thumbnail

Can security and compliance for managed database services be simple?

Security Boulevard

Actual Tech Media recently released a new entry in its Gorilla Guide series for IT professionals, focused on simplifying security and compliance for Database as a Service (DBaaS). The Gorilla Guide To® Securing Database as a Service (DBaaS) features Imperva Cloud Data Security as a solution to help organizations achieve these goals. You can get […].

Media 102
article thumbnail

Non-profit pledges $1 million to offer free ransomware protection for private hospitals

SC Magazine

A nurse cares for a coronavirus COVID-19 patient in the intensive care unit at Regional Medical Center on May 21, 2020 in San Jose, California. A new effort from CIS seeks to provide support to hospitals targeted by ransomware. (Photo by Justin Sullivan/Getty Images). Perhaps no part of industry has been stung by the scourge of ransomware over the past year than hospitals.

article thumbnail

Dutch Police post "say no to cybercrime" warnings on hacker forums

Bleeping Computer

The Dutch Police have begun posting warnings on Russian and English-speaking hacker forums not to commit cybercrime as law enforcement is watching their activity. [.].

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.