Schneier on Security

APRIL 26, 2021

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published , artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit

Hacking 356

Hacking Artificial Intelligence Government Engineering 356

Krebs on Security

APRIL 26, 2021

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States. Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Authentication 304

Authentication Accountability Identity Theft Account Security 304

The Last Watchdog

APRIL 26, 2021

Historically, consumers have had to rely on self-discipline to protect themselves online. Related: Privacy war: Apple vs. Facebook. I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual private networks, or VPNs, came along, providing a pretty nifty little tool that any individual could use to deflect invasive online tracking.

B2C 212

B2C VPN Marketing Antivirus 212

Tech Republic Security

APRIL 26, 2021

A former IT pro turned end user explains why blending your work and personal tech was, is and always will be a bad idea for you and your employer.

207

207

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Hot for Security

APRIL 26, 2021

Phishing attacks masquerading as QuickBooks invoices are targeting users of the popular accounting software in an attempt to infect victim’s devices with the infamous Dridex banking Trojan. Spotted by Bitdefender Antispam Lab, this fresh Intuit-themed malspam campaign reels in QuickBooks users with fake payment notifications and invoices. The ongoing phishing campaign began on April 19, targeting QuickBooks users from across the globe.

Malware 145

Malware Banking Small Business Phishing 145

Tech Republic Security

APRIL 26, 2021

If you're curious about the original decentralized cryptocurrency, here's what you need to know about Bitcoin, including why the price of a bitcoin keeps climbing.

Cryptocurrency 147

Cryptocurrency 147

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

Malware 136

Malware Software Engineering Hacking 136

Security Boulevard

APRIL 26, 2021

In my previous blog, I had described how and why it is important for critical agencies to ensure that they are secure from. The post Cyber Attack Haunts a Public Water Supply System. Again! appeared first on Kratikal Blog. The post Cyber Attack Haunts a Public Water Supply System. Again! appeared first on Security Boulevard.

Cyber Attacks 138

Cyber Attacks Security Awareness 138

Bleeping Computer

APRIL 26, 2021

The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. [.].

Ransomware 144

Ransomware 144

We Live Security

APRIL 26, 2021

All that glitters is not gold – look out for fake celebrity endorsements and other con jobs that aren’t going out of fashion any time soon. The post 4 common ways scammers use celebrity names to lure victims appeared first on WeLiveSecurity.

Scams 136

Scams 136

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SC Magazine

APRIL 26, 2021

A newly discovered bug, patched in macOS 11.3, allowed hackers to circumvent much of Apple’s built-in malware detection for programs downloaded from the internet. Here, Apple CEO Tim Cook announces the new Mac Pro as he delivers the keynote address during the 2019 Apple Worldwide Developer Conference (WWDC) in San Jose, California. (Photo by Justin Sullivan/Getty Images).

Adware 126

Adware Computers and Electronics Malware Media 126

Tech Republic Security

APRIL 26, 2021

Someone with the right know-how can obtain your phone number and email address when you try to share a file from your iPhone, say researchers at the University of Darmstadt.

113

113

Adam Shostack

APRIL 26, 2021

The U.S. political divide on whether to get the coronavirus vaccine suggests that “maybe there’s been too much finger wagging,” said the head of the National Institutes of Health. “I’ve done some of that; I’m going to try to stop and listen, in fact, to what people’s specific questions are,” NIH Director Francis Collins said Sunday on NBC’s “Meet the Press.” ( [link] ).

Passwords 100

Passwords Cybersecurity 100

CyberSecurity Insiders

APRIL 26, 2021

With data breach rates rising and criminal attack methods becoming more sophisticated each day, it is essential for every organization to take security seriously. That means cybersecurity training and education so that key stakeholders understand the risks that businesses are facing, and which strategies are most effective for protection. Who should receive cybersecurity training in your organization?

Cybersecurity 111

Cybersecurity CISO Education CSO 111

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

IT Security Guru

APRIL 26, 2021

The online gaming industry has exploded in recent years and is expected to generate close to $200 billion in revenue by 2022. Popular games are reporting revenues in the range of hundreds of millions of dollars per month. This booming industry is seeing significant growth, largely due to the pandemic, with many turning to online gaming to escape some of the realities that consumed many of us over the past year.

Cybersecurity 109

Cybersecurity Spyware VPN Antivirus 109

CyberSecurity Insiders

APRIL 26, 2021

UnitingCare, an Australia-based healthcare services provider has reportedly been targeted by a cyber attack that is said to be of ransomware variant. The company that offers care for aged people has confirmed the incident and added that the IT servers of the company have become inaccessible because of a suspected ransomware attack. As the hospital network of UnitingCare Queensland was severely affected, the IT systems linked to Brisbane based The Wesley Hospitals and St Andrews War Memorial Hosp

Ransomware 106

Ransomware Cyber Attacks Backups Healthcare 106

Identity IQ

APRIL 26, 2021

When creditors sell your unpaid debt to a collection agency, the debt collector can reach out to you directly to try and collect what you owe. But criminals posing as legitimate debt collectors may also target you, using deception or intimidation to collect debts you don’t owe, or they have no authority to collect. If something seems off, it probably is.

Scams 105

Scams Identity Theft Accountability Banking 105

Security Boulevard

APRIL 26, 2021

Securing mobile devices and mobile applications is a nuisance. Security best practices dictate having authentication methods to log in and open the device, and that users should log off every app after each use. Best practices, however, are inconvenient, especially trying to remember unique passwords for dozens of applications. Biometrics are a better option, but.

Mobile 104

Mobile Authentication Passwords Cybersecurity 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

APRIL 26, 2021

Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology (TDT). [.].

Malware 102

Malware Antivirus Threat Detection Technology 102

Security Boulevard

APRIL 26, 2021

A new report, the Hiscox Cyber Readiness Report 2021, surveyed over 6,000 companies in the U.S. and Europe and found that the number of businesses targeted by cyber criminals in the past year increased from 38% to 43%, with over a quarter of those targeted (28%) experiencing five attacks or more, . The post Cyber Attacks On The Rise For Businesses appeared first on K2io.

Cyber Attacks 100

Cyber Attacks 100

Bleeping Computer

APRIL 26, 2021

Microsoft today announced that multiple .NET Framework versions signed using the legacy and insecure Secure Hash Algorithm 1 (SHA-1) will reach end of support next year. [.].

99

99

The Hacker News

APRIL 26, 2021

Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation.

Malware 99

Malware Ransomware 99

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

APRIL 26, 2021

Experts found a bug in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information. Boffins from the Technical University of Darmstadt, Germany, have discovered a privacy issue in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information, such as email addresses and phone numbers. “A team of researchers from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Enginee

Wireless 99

Wireless Authentication Security Performance Mobile 99

The Hacker News

APRIL 26, 2021

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S.

Passwords 99

Passwords Government 99

Bleeping Computer

APRIL 26, 2021

The REvil ransomware gang has mysteriously removed Apple's schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos. [.].

Ransomware 98

Ransomware 98

The Hacker News

APRIL 26, 2021

New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers.

Wireless 98

Wireless 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

APRIL 26, 2021

A couple of weeks ago, I had a #TreatYoSelf moment and bought myself a sweet wallet. Then, over the course of weekend, I noticed that I was getting NFC notifications and couldn’t figure out what was triggering them. Ping, ping, ping! They wouldn’t leave me alone! The post NFC and RFID Explained For Consumers | Avast appeared first on Security Boulevard.

98

98

The Hacker News

APRIL 26, 2021

Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future.

98

98

Security Boulevard

APRIL 26, 2021

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published , artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them a

Hacking 98

Hacking Artificial Intelligence 98

The Hacker News

APRIL 26, 2021

No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company.

97

97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.