Fri.Oct 15, 2021

article thumbnail

Security Risks of Client-Side Scanning

Schneier on Security

Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic backdoor, but it’s still a backdoor — and brings with it all the insecurities of a backdoor.

Risk 307
article thumbnail

Weekly Update 265

Troy Hunt

I had a bunch of false starts with this one. I don't know if it was just OBS or something else, but we got there after several failed attempts and me resorting to reading Gov Parson's nutty tweets until it all started working. "Nutty" is a bit of a theme this week not just with the Gov, but particularly Thingiverse's extraordinarily poor handling of their data breach.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The White House holds an international summit on ransomware: What you should know

Tech Republic Security

This week the White House held a summit with various nations to address the threat of ransomware. Learn some of the takeaways and why certain nations were excluded.

article thumbnail

Bracing for the Data Security ‘Bang’

Security Boulevard

Data security is top-of-mind for businesses and consumers alike these days. According to the Gartner Hype Cycle for Data Security, 2021, “organizations are accelerating the deployment of sensitive data across multi-cloud architectures, which exposes data beyond traditional network boundaries. This is scaling up the exposure to data residency and privacy risks, and a growth in.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Attackers Behind Trickbot Expanding Malware Distribution Channels

The Hacker News

The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.

Malware 145
article thumbnail

New Windows 10 KB5006670 update breaks network printing

Bleeping Computer

Windows 10 users and administrators report widescale network printing issues after installing the KB5006670 cumulative update and other updates released this week. [.].

145
145

More Trending

article thumbnail

US links $5.2 billion worth of Bitcoin transactions to ransomware

Bleeping Computer

The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) has identified roughly $5.2 billion worth of outgoing Bitcoin transactions likely tied to the top 10 most commonly reported ransomware variants. [.].

article thumbnail

How to use DocSecrets to encrypt sections of your Google Docs

Tech Republic Security

If you need to hide sections of text in Google Documents, give the handy DocSecrets add-on a try.

article thumbnail

Governments worldwide to crack down on ransomware payment channels

Bleeping Computer

Senior officials from 31 countries and the European Union said that their governments would take action to disrupt the cryptocurrency payment channels used by ransomware gangs to finance their operations. [.].

article thumbnail

Acer hacked (for the second time this year)

Graham Cluley

Hardware and electronics giant Acer has suffered a data breach, with hackers claiming they have stolen 60GB worth of files from the company's Indian servers.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

US government discloses more ransomware attacks on water plants

Bleeping Computer

U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years according to joint advisory published by US government agencies on Thursday. [.].

article thumbnail

Missouri FAIL: Gov. Mike Parson says Viewing Web Source is ‘Hacking’

Security Boulevard

The Missouri Department of Education website was leaking teachers’ social security numbers. A local journalist, Josh Renaud, spotted the PII flaw and reported it to the department, giving them plenty of time to fix the leak. But the state governor accused Renaud of hacking. Specifically, Gov. Mike Parson (R) alleges the journalist “accessed source code.

Hacking 126
article thumbnail

Virus Bulletin: Old malware never dies – it just gets more targeted

We Live Security

Putting a precision payload on top of more generic malware makes perfect sense for malware operators. The post Virus Bulletin: Old malware never dies – it just gets more targeted appeared first on WeLiveSecurity.

Malware 124
article thumbnail

Aqua Security Uses eBPF to Extend Security Platform

Security Boulevard

Aqua Security this week at the Kubecon + CloudNativeCon North America conference added a cloud-native detection and response (CNDR) capability to its open source Tracee software-based platform. Tracee is a threat detection engine for runtime environments that runs as a sandbox application at the kernel level of an operating system using extended Berkeley Packet Filter.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

University of Sunderland Faced Operation Issues Following a Cyber-attack

Heimadal Security

The University of Sunderland faced extensive operational issues that took most of its IT systems down. It is believed that the issue was caused by a cyber-attack. What Happened? The first signs of malfunction with the university’s IT systems occurred on Tuesday morning, but the problems seem to be widespread and unsolvable. All phone lines, the official […].

article thumbnail

Ransomware Taxonomy: Four Scenarios Companies Should Safeguard Against

Cisco Security

While October is designated as Cybersecurity Awareness Month, focusing on keeping your company and customers safe should be a constant priority, especially with the growing number and sophistication of ransomware attacks worldwide. As companies interact more digitally with customers and end-users, their attack surface increases, presenting more opportunities for would-be attackers.

article thumbnail

Cisco Report Shows Shift Away from Traditional Passwords

Security Boulevard

A report published this week by Cisco’s Duo Security unit found the use of both multifactor authentication (MFA) and biometric authentication is on the rise as alternatives to passwords. Based on an analysis of more than 36 million devices running more than 400,000 unique applications which resulted in 800 million monthly authentications, the report finds.

Passwords 122
article thumbnail

Accenture confirms data breach after August ransomware attack

Bleeping Computer

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021. [.].

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

BrandPost: Your Employees Aren’t the Problem—It’s Your Technology

CSO Magazine

Insider breaches are growing – because you can actually see them In their annual look at trends in cyber security , Forrester made a few startling revelations: 33% of your breaches in 2021 are going to be insider threat related. Insider threat incidents are expected to grow 8% in 2021 . In fact, the #1 cybersecurity concern listed was insider breaches.

article thumbnail

Brave web browser will add bounce tracking privacy protection

Bleeping Computer

Brave, the privacy-conscious web browser, has announced plans to introduce additional privacy protections against 'bounce tracking,' a newer form of tracking that is not currently blocked by the browser. [.].

Software 121
article thumbnail

Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages

The Hacker News

A new deceptive ad injection campaign has been found leveraging an ad blocker extension for Google Chrome and Opera web browsers to sneakily insert ads and affiliate codes on websites, according to new research from cybersecurity firm Imperva.

article thumbnail

Cisco Secure Firewall Garners a ‘Hat-Trick’

Cisco Security

In case you’re not a sports fan, a hat-trick is a term for three goals by a player in one game. Interestingly, the phrase comes from cricket, and was first used when a bowler took three wickets from three consecutive balls. The team would present a bowler with a hat to celebrate the achievement. Along similar lines, Cisco Secure Firewall celebrates three scores in 2021: Cisco was the only vendor recognized by Frost & Sullivan with the Best Practices Market Leadership Award for excellence in

Firewall 108
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Why Doesn’t Peter Thiel Denounce Nazism?

Security Boulevard

Recently I noticed in an old USAF study that a Dr. Walter Thiel was credited as Nazi Germany’s “best propulsion expert”, who died in a 1943 Allied bombing run on his weapons research center. This (with a nod to Operation Paperclip) prompted me to start looking into the Thiel family after they emigrated from Germany … Continue reading Why Doesn’t Peter Thiel Denounce Nazism?

111
111
article thumbnail

New DocuSign Phishing Campaign

Heimadal Security

Phishing attacks that have as victims non-executive employees with access to sensitive corporate information are becoming more common. According to the researchers at Avanan, half of all phishing emails analyzed in the previous several months have impersonated non-executives, while 77% targeted staff on the same level. A New Approach Previously, the targeted phishing attempts were […].

Phishing 101
article thumbnail

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

The Hacker News

The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021.

article thumbnail

LANtenna hack spies on your data from across the room! (Sort of)

Naked Security

Are your network cables acting as undercover wireless transmitters? What can you do if they are?

Wireless 140
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Accenture discloses data breach after LockBit ransomware attack

Security Affairs

IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021. Global IT consultancy giant Accenture discloses a data breach after the LockBit ransomware attack that hit the company in August 2021. News about the attack was included in the company’s financial report for the fourth quarter and full fiscal year, which ended on August 31, 2021. “In the past, we have experienced, and in the future, we may again experie

article thumbnail

Your Next Move: Web App Penetration Tester

CompTIA on Cybersecurity

Organizations worldwide need people who can think like the bad guys with the expertise and foresight to uphold security best practices as a web app penetration tester.

104
104
article thumbnail

How to Use IP Geolocation in Threat Intelligence and Cybersecurity

Heimadal Security

Hacks, leaks, and phishing scams happen so often that they hardly register as news anymore. Just last week, Google warned of a phishing scam perpetrated by Fancy Bear, a hacking group associated with the GRU, Russia’s military intelligence organization. LinkedIn was used to perpetrate a OneDrive phishing scam, and Zoom has been shown to be […].

Scams 96
article thumbnail

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

Threatpost

The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.