Troy Hunt

SEPTEMBER 3, 2021

I'm  back from the most epic of holidays! How epic? Just have a scroll through the thread: I’m back! Went offline for most of the last week, pics and stories to follow 🐊 pic.twitter.com/hRUcKMwgGU — Troy Hunt (@troyhunt) September 2, 2021 Which the Twitter client on my iPad somehow decided to break into 2 threads: At times this felt like navigating through a scene from Jurassic Park, just with wallabies rather than velociraptors 🦖 pic.twitter.com/VHa4kJw6k

Password Management 225

Password Management Passwords Data breaches 225

Anton on Security

SEPTEMBER 3, 2021

As you recall from “Anton and The Great XDR Debate, Part 1” , there are several conflicting definitions of XDR today. As you also recall, I never really voted for any of the choices in the post. While some of you dismiss XDR as the work of excessively excitable marketing people (hey … some vendor launched “XDR prevention ”, no way, right?), perhaps there is a way to think about it from a different perspective.

Technology 214

Technology Threat Detection Marketing Cybersecurity 214

Tech Republic Security

SEPTEMBER 3, 2021

Cybersecurity training is not the same across all companies; SMB training programs must be tailored according to size and security awareness. Here are an expert's cybersecurity training tips.

Cybersecurity 215

Cybersecurity Security Awareness 215

Schneier on Security

SEPTEMBER 3, 2021

Jon D. Paul has written the fascinating story of the HX-63, a super-complicated electromechanical rotor cipher machine made by Crypto AG.

Encryption 247

Encryption 247

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 3, 2021

Fail2ban should be on every one of your Linux servers. If you've yet to install it on either Rocky Linux or AlmaLinux, Jack Wallen is here to help you out with that.

197

197

Schneier on Security

SEPTEMBER 3, 2021

Black Hat is a hacker-themed board game.

Hacking 246

Hacking 246

Malwarebytes

SEPTEMBER 3, 2021

It’s a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to. If the mail ends up in the wild? They know there’s a good chance which service has suddenly experienced a breach.

Mobile 141

Mobile Accountability Passwords Social Engineering 141

Bleeping Computer

SEPTEMBER 3, 2021

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. [.].

Hacking 141

Hacking Ransomware 141

Malwarebytes

SEPTEMBER 3, 2021

The FBI has issued a Private Industry Notification (PIN) about cybercriminal actors targeting the food and agriculture sector with ransomware attacks. Farms are literally the first step in one of the most important, if not the most important, supply chain in our economy: The food supply chain. As always, cybercriminals love the extra leverage that is provided by how important a target is.

Ransomware 140

Ransomware Manufacturing Passwords Internet 140

Bleeping Computer

SEPTEMBER 3, 2021

Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. [.].

Ransomware 133

Ransomware 133

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

SEPTEMBER 3, 2021

Hackers have started exploiting a critical remote code execution vulnerability that was patched recently in Atlassian Confluence Server and Data Center. Some of the attacks deploy cryptocurrency mining malware, but Atlassian products have also been targeted in the past by cyberespionage groups. "Bad Packets honeypots have detected mass scanning and exploit activity targeting the Atlassian Confluence RCE vulnerability CVE-2021-26084 from hosts in Russia, Hong Kong, Brazil, Nepal, Poland, Romania,

CSO 129

CSO Cryptocurrency Malware 129

Bleeping Computer

SEPTEMBER 3, 2021

Microsoft accidentally broke the Start menu and taskbar on systems of Windows Insiders after pushing a Teams promo to the desktops of users running Windows 11 preview builds. [.].

118

118

The Hacker News

SEPTEMBER 3, 2021

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S.

Phishing 120

Phishing 120

CyberSecurity Insiders

SEPTEMBER 3, 2021

A Distributed Denial of Service attack shortly known as DDoS resulted in the disruption of internet services across New Zealand leading to shut down or temporary closure of businesses from afternoon today, i.e. September 3rd,2021. Reports are in that Internet Service provider Vocus, which operates Flip, Stuff Fibre, Slingshot and Orcon was targeted by a hacking gang with the prime objective to disrupt the services for days.

Cyber Attacks 116

Cyber Attacks DDOS Internet Internet 116

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

SEPTEMBER 3, 2021

A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum. [.].

Ransomware 144

Ransomware Hacking 144

The Hacker News

SEPTEMBER 3, 2021

Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG.

Malware 115

Malware Cybersecurity 115

Bleeping Computer

SEPTEMBER 3, 2021

US Cyber Command (USCYBERCOM) has issued a rare alert today urging US organizations to patch a massively exploited Atlassian Confluence critical vulnerability immediately. [.].

113

113

CyberSecurity Insiders

SEPTEMBER 3, 2021

Did you know that 64% of households in New Zealand have a pet , and that the estimated 4.6 million pets outnumber their Kiwi owners? That is why it is no surprise that a preferred theme for New Zealanders’ personalised banking card is a picture of their pet. . Providing the best user experience is paramount to the success of financial institutions.

Banking 113

Banking Software Technology Cybersecurity 113

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

SEPTEMBER 3, 2021

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States as recently as the Fourth of July holiday in 2021. The FBI and CISA do not currently have any specific threat reporting indicating a.

Ransomware 112

Ransomware Threat Reports Cybersecurity Security Awareness 112

TrustArc

SEPTEMBER 3, 2021

Recently Google has announced that it will no longer be collecting third-party cookies on Chrome, which is the industry leader for web browsers (sitting at around 70%). What does this mean for your business and the use of TrustArc’s Cookie Consent Manager (CCM) software? First off, it’s important to note that Google has postponed this […].

Software 111

Software 111

Security Boulevard

SEPTEMBER 3, 2021

Since 2013 and the most recent set of updates to the Health Insurance Portability and Accountability Act (HIPAA), U.S. health care providers have been adopting technologies faster than at any point in the preceding decades. In particular, information security and risk management tools have been a part of nearly every compliance investment that providers have.

Insurance 112

Insurance Information Security Accountability Technology 112

Bleeping Computer

SEPTEMBER 3, 2021

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness. [.].

109

109

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

SEPTEMBER 3, 2021

Did you know that nearly 560,000 new instances of malware are detected every day? As cybersecurity advances, threat actors develop malware with new tricks that exploit weaknesses in an IT environment. Once the malware finds a loophole, it spreads exponentially …. The post Beware of malware attacks: Little-known facts and why they matter appeared first on ManageEngine Blog.

Malware 108

Malware Cybersecurity 108

Bleeping Computer

SEPTEMBER 3, 2021

The FBI Internet Crime Complaint Center (IC3) has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July. [.].

Internet 100

Internet Internet 100

WIRED Threat Level

SEPTEMBER 3, 2021

A sustained backlash against a new system to look for child sexual abuse materials on user devices has led the company to hit pause.

118

118

Digital Guardian

SEPTEMBER 3, 2021

How not to get hacked, a $9 million ransomware attack, and the FTC cracks down on a spyware app - catch up on the infosec news of the week with the Friday Five!

InfoSec 104

InfoSec Spyware Ransomware Hacking 104

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

SEPTEMBER 3, 2021

US Cyber Command (USCYBERCOM) has issued an alert via Twitter today urging US organizations to patch a massively exploited Atlassian Confluence critical bug immediately. [.].

98

98

Security Affairs

SEPTEMBER 3, 2021

FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. The FBI Cyber Division issued a Private Industry Notification (PIN) to warn of ransomware attacks targeting the Food and Agriculture sector disrupting its operations, causing financial loss and negatively impacting the overall food supply chain. Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. “Cyber crimi

Ransomware 90

Ransomware Passwords Backups Firmware 90

SecureBlitz

SEPTEMBER 3, 2021

Here are 9 Twitter stats that you can use for boosting your business. Twitter can be a powerful marketing channel because it is a vital indicator of trending internet discussions. However, in order to fully use the site, you must be familiar with its intricacies. That entails keeping up to date on the most recent. The post 9 Twitter Stats: Use These for Boosting Your Business appeared first on SecureBlitz Cybersecurity.

Marketing 90

Marketing Internet Internet Cybersecurity 90

Security Affairs

SEPTEMBER 3, 2021

Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade detection solutions. FireEye’s Mandiant cybersecurity researchers spotted a new malware family, named PRIVATELOG, that relies on the Common Log File System ( CLFS ) to hide a second-stage payload in registry transaction files to avoid detection.

Malware 89

Malware Encryption Hacking Cybersecurity 89

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.