Krebs on Security

FEBRUARY 19, 2021

The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.

Banking 283

Banking Accountability Cybercrime Mobile 283

Schneier on Security

FEBRUARY 19, 2021

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of Linux. Most devices are still powered with a 2.6 Linux kernel, which is no longer maintained for many years.

Firmware 274

Firmware Software Engineering Internet 274

Troy Hunt

FEBRUARY 19, 2021

I seem to have spread myself across a whole heap of different things this week which is fine (it's all stuff I love doing), but it has made for rather a "varied" video. I'm talking (somewhat vaguely) about the book I'm working on, how Facebook has nuked all news in Australia (which somehow means I can't even post a link to this blog post there), yet more data breaches, the awesome Prusa 3D printer I now have up and running and a whole heap more about the IoT things I've been doing.

Password Management 164

Password Management IoT Data breaches Passwords 164

Tech Republic Security

FEBRUARY 19, 2021

Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.

Phishing 209

Phishing 209

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

FEBRUARY 19, 2021

If you are familiar with “The Flight Attendant,” you know it is a quirky murder mystery shown on HBOMax. Yet, hidden within the murder mystery is a subplot of espionage and intrigue reminiscent of any number of today’s real-life espionage cases involving corporations and nation-states. Teaching moments abound, and it’s worthy of approbation; the series.

Social Engineering 144

Social Engineering Engineering Security Awareness 144

Tech Republic Security

FEBRUARY 19, 2021

The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Here are tips on how businesses can try to thwart cybercrime.

Cybercrime 159

Cybercrime Security Defenses Cyber Attacks 159

Tech Republic Security

FEBRUARY 19, 2021

A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer.

Ransomware 195

Ransomware 195

CyberSecurity Insiders

FEBRUARY 19, 2021

The United States Department of Justice has charged 3 North Korean for allegedly launching cyber attacks on many of the banking and cryptocurrency networks operating across the world. All the three have admitted the crime of committing computer fraud by indulging in wire transfers and bank transactions by fraudulent means in countries like Vietnam, Philippines, Poland, Pakistan, Malta, Mexico, and United States along with Canada and Australia.

Cyber Attacks 140

Cyber Attacks Banking Cryptocurrency Phishing 140

Tech Republic Security

FEBRUARY 19, 2021

According to Forrester, ZTE will be most helpful with securing and enabling remote workers while removing the difficult user VPNs.

188

188

CSO Magazine

FEBRUARY 19, 2021

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead. If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2021

CSO 134

CSO 134

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

FEBRUARY 19, 2021

Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.

178

178

The Hacker News

FEBRUARY 19, 2021

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card.

Hacking 133

Hacking Cybersecurity 133

Security Boulevard

FEBRUARY 19, 2021

Microsoft would like you to know that it’s finished investigating the SolarWinds breach, and everything’s just fine. Yeah, right. The post SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs appeared first on Security Boulevard.

Hacking 131

Hacking Risk Government Malware 131

Hot for Security

FEBRUARY 19, 2021

Computer systems at Lakehead University (LU) in Ontario, Canada, remain offline after a cyberattack hit the public research institution on Tuesday. In response to the attack, officials shut down all computer systems at the Thunder Bay and Orillia campuses. The message sent to faculty members and students doesn’t say how the threat actors managed to infiltrate the information systems of the university: “Lakehead University’s Technology Services Centre (TSC) team is currently managing

Cyber Attacks 126

Cyber Attacks Technology Cybersecurity Data breaches 126

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

FEBRUARY 19, 2021

Phishing attacks imitating famous brands is a favorite trick of clever cybercriminals. See the most imitated brands & how to not be fooled! The post Cybercrime Undercover: Phishing Attacks Imitating Famous Brands Proliferate appeared first on Security Boulevard.

Cybercrime 131

Cybercrime Phishing Small Business Marketing 131

SC Magazine

FEBRUARY 19, 2021

Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional email defenses by subtly changing the prefixes (a.k.a. schemes) of malicious URLs in hyperlinks. (Sean Gallup/Getty Images). Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional email defenses by subtly changing the prefixes (a.k.a. schemes) of malicious URLs in hyperlinks.

Phishing 125

Phishing Artificial Intelligence Media Authentication 125

The Hacker News

FEBRUARY 19, 2021

Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data.

Hacking 126

Hacking 126

Bleeping Computer

FEBRUARY 19, 2021

Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit. [.].

DNS 119

DNS 119

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

FEBRUARY 19, 2021

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger — a.

Phishing 126

Phishing Malware 126

CSO Magazine

FEBRUARY 19, 2021

What is Egregor? Egregor is one of the most rapidly growing ransomware families. Its name comes from the occult world and is defined as “the collective energy of a group of people, especially when aligned with a common goal,” according to Recorded Future’s Insikt Group. Although descriptions of the malware vary from security firm to security firm, the consensus is that Egregor is a variant of the Sekhmet ransomware family. [ Learn 12 tips for effectively presenting cybersecurity to the board and

Ransomware 119

Ransomware CSO Malware Cybersecurity 119

Bleeping Computer

FEBRUARY 19, 2021

The Center for Internet Security (CIS), a non-profit dedicated to securing IT systems and data, announced the launch of free ransomware protection for US private hospitals through the Malicious Domain Blocking and Reporting (MDBR) service. [.].

Ransomware 117

Ransomware Internet Internet 117

Security Boulevard

FEBRUARY 19, 2021

More than ever before, our ability to remain productive hinges on remote communication and collaboration. But you can’t necessarily trust that the voice on the other end of the line is actually your coworker. Voice phishing, or “vishing,” attacks have skyrocketed during the pandemic, according to a joint report from the FBI and the Cybersecurity. The post Fight Back Against COVID-19 Cyberfraud appeared first on Security Boulevard.

Phishing 111

Phishing Cybersecurity Social Engineering Engineering 111

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Tech Republic Security

FEBRUARY 19, 2021

If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.

128

128

Hot for Security

FEBRUARY 19, 2021

The COVID-19 pandemic has intensified both the threat of fraud and the response to it, with corporate environments and banking in particular aligning on defensive automation, according to a new report. Bottomline and Strategic Treasurer this week published the 2021 Treasury Fraud & Controls Survey, the duo’s sixth such annual survey. The survey gathered details about corporate and banking experiences, actions and plans regarding fraud.

Banking 111

Banking Small Business Accountability Technology 111

Tech Republic Security

FEBRUARY 19, 2021

Scammers are impersonating the IRS with emails carrying the subject line "Verifying your EFIN before e-filing.

Scams 124

Scams 124

Security Boulevard

FEBRUARY 19, 2021

Read Time 3 minutes While API adoption has grown rapidly, API security has taken a backseat in the rush to get products out to market quickly. API security is important because APIs increase the attack surface of enterprise applications. The post Are Your APIs a Honeypot for Cyber Criminals? appeared first on Security Boulevard.

Marketing 105

Marketing 105

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

FEBRUARY 19, 2021

A Ransomware attack on California DMV- Department of Motor Vehicles is reported to have leaked data related to millions of customers. To be specific, the attack took place on the third party supplier called Automatic Funds Transfer services (AFS) a service that looks into the verification process of motor registration addresses related to the motor department of California.

Ransomware 103

Ransomware Identity Theft Data breaches Government 103

Trend Micro

FEBRUARY 19, 2021

This second part of our series on LoRaWAN will discuss the security of LoRaWAN communication and possible attacks on vulnerabilities. We also dive into the comprehensive testing environment used to assess this issue: specific optimization techniques with software-defined radio (SDR), and the tool we created to help decode LoRaWAN packets.

Software 103

Software IoT 103

We Live Security

FEBRUARY 19, 2021

Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals. The post TDoS attacks could cost lives, warns FBI appeared first on WeLiveSecurity.

Cybersecurity 123

Cybersecurity 123

CyberSecurity Insiders

FEBRUARY 19, 2021

All you WhatsApp users across the world, here’s a news piece that needs your attention on an urgent note. The Facebook subsidiary has issued a fresh set of policy updates in which it clearly specified that the users will have to accept its new data sharing rules that will become mandatory from May 15th,2021. Earlier, WhatsApp was interested in sharing its users’ information with the Mark Zuckerberg company from February this year.

Data privacy 100

Data privacy Media Government Cybersecurity 100

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.