Mon.Sep 13, 2021

article thumbnail

Designing Contact-Tracing Apps

Schneier on Security

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic.

249
249
article thumbnail

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

The Last Watchdog

Surfshark wants to help individual citizens take very direct control of their online privacy and security. Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. Related: Turning humans into malware detectors. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

Antivirus 182
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

5 ways to better prepare your organization for a ransomware attack

Tech Republic Security

Most executives cite ransomware as their biggest security concern but few have run simulated attacks to prepare, says Deloitte.

article thumbnail

Beware of these 5 common scams you can encounter on Instagram

We Live Security

From cybercriminal evergreens like phishing to the verification badge scam we look at the most common tactics fraudsters use to trick their victims. The post Beware of these 5 common scams you can encounter on Instagram appeared first on WeLiveSecurity.

Scams 139
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

IoT device attacks double in the first half of 2021, and remote work may shoulder some of the blame

Tech Republic Security

The smart home could be ripe for IoT device attacks as cybercriminals rake in record ransomware payments. Remote work may be responsible for the increase in attacks, Kaspersky says.

IoT 171
article thumbnail

Apple Inc issues fix to Pegasus Spyware vulnerability in iPhones

CyberSecurity Insiders

Apple Inc has proudly announced that it has issued a fix to the famous Pegasus Spyware vulnerability existing on iPhones that could lead remote hackers to take control of the device to conduct espionage. Factually, the newly detected flaw was an addition to the already detected Pegasus malware flaw that was developed by NSO Group to hack into the phones of terrorists; but was actually being used to intercept communication taking place between the world’s prestigious dignitaries.

Spyware 139

More Trending

article thumbnail

8 pitfalls that undermine security program success

CSO Magazine

Some of the biggest breaches have come down to small mistakes. Hackers used a compromised password to access the company network via a virtual private network in the May 2021 Colonial Pipeline attack. A widely known vulnerability that hadn’t yet been patched was the entry point for the 2017 Equifax attack. And a bitcoin scam on Twitter started with spear phishing attacks on Twitter employees.

Scams 138
article thumbnail

Protect your endpoints with top EDR software

Tech Republic Security

Endpoint detection and response (EDR) software detects and identifies threats on network-connected devices. Compare features of top EDR tools.

Software 174
article thumbnail

Hackers Leak Schoolkids’ Data—ID Theft of Minors Ensues

Security Boulevard

Ransomware attacks on school districts have led to ID theft and data leakage. Victims include the students themselves. The post Hackers Leak Schoolkids’ Data—ID Theft of Minors Ensues appeared first on Security Boulevard.

article thumbnail

Phony COVID-19 vaccine card prices double following Biden mandate announcement

Tech Republic Security

Dark Web prices for fake COVID-19 vaccination cards shot up from $100 to $200 almost immediately after the U.S. president announced new mandates, says Check Point Research.

136
136
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

REvil’s Back; Coder Fat-Fingered Away Its Decryptor Key

Threatpost

How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That’s how we sh*t ourselves.”.

article thumbnail

Federal agencies face new zero-trust cybersecurity requirements

CSO Magazine

As part of the Biden administration's wide-ranging cybersecurity executive order (EO) issued in May, the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) issued three documents on zero trust last week. Zero trust is a security concept that "eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and

article thumbnail

Apple fixes iOS zero-day used to deploy NSO iPhone spyware

Bleeping Computer

Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. [.].

Spyware 144
article thumbnail

How to use mkcert to create locally signed SSL certificates

Tech Republic Security

Jack Wallen shows you how to use mkcert. If you need to generate quick SSL certificates for test servers and services, this might be the fastest option available.

114
114
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

BlackMatter ransomware hits medical technology giant Olympus

Bleeping Computer

Olympus, a leading medical technology company, is investigating a "potential cybersecurity incident" that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. [.].

article thumbnail

BrandPost: Completing the Journey from BYOD to a Hybrid WFA Workforce

CSO Magazine

While the recent transition to a work-from-anywhere (WFA) business model may have been sudden, it certainly shouldn’t have caught anyone off guard. Organizations have been moving in this direction for a long time, starting with the advent of BYOD more than a decade ago. This was followed by roaming technologies that allowed mobile devices to move seamlessly across campus and even handoff an open session to a 3G/4G or WiFi connection when a user that is on a call or using an application moves off

Mobile 123
article thumbnail

Apple Issues Emergency Fix for NSO Zero-Click Zero Day

Threatpost

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.

Mobile 131
article thumbnail

Hacker-made Linux Cobalt Strike beacon used in ongoing attacks

Bleeping Computer

An unofficial Cobalt Strike Beacon version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. [.].

128
128
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Incident response analyst report 2020

SecureList

Download full report (PDF). The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. We deliver a range of services to help organizations when they are in need: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams.

article thumbnail

Where Should We Draw the Cyber Blue Line?

The State of Security

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the […]… Read More.

article thumbnail

OWASP Working Group Releases Draft of Top 10 Web Application Risks for 2021

Security Boulevard

The Open Web Application Security Project (OWASP) has released its draft Top 10 Web Application Security Risks 2021 list with a number of changes from the 2017 list (the last time the list was updated). The list has been maintained by OWASP since its release in 2003 with updates every few years. The post OWASP Working Group Releases Draft of Top 10 Web Application Risks for 2021 appeared first on K2io.

Risk 116
article thumbnail

BlackMatter ransomware gang hit Technology giant Olympus

Security Affairs

Technology giant Olympus announced it was the victim of a ransomware attack and is currently investigating the extent of the incident. Olympus issued a statement to announce that its European, Middle East and Africa computer network was hit by a ransomware attack. “Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection

The Hacker News

A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed "Spook.

article thumbnail

Go Update Your iPhone and iPad NOW!

Approachable Cyber Threats

Category Vulnerabilities Risk Level. Apple released a critical security update for iOS and iPadOs today on the eve of their major fall hardware release to patch multiple zero-day vulnerabilities. If you read no further, update your iPhone and/or iPad NOW! “A zero what now?” You may remember from another ACT post that vulnerabilities are holes in the code of your electronic devices that when left unpatched, can allow hackers to use them to their advantage; like walking in to your house through an

Risk 110
article thumbnail

Google patches 10th Chrome zero-day exploited in the wild this year

Bleeping Computer

Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild. [.].

127
127
article thumbnail

Malicious Life Podcast: The Tesla Hack

Security Boulevard

It's every company's nightmare: a mysterious stranger approached an employee of Tesla's Gigafactory in Nevada, and offered him 1 million dollars to do a very simple job - insert a malware-laden USB flash drive into a computer in the company and keep it running for 8 hours - check it out. The post Malicious Life Podcast: The Tesla Hack appeared first on Security Boulevard.

Hacking 111
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

The Hacker News

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.

article thumbnail

Cloud Security startup Accurics acquired by Tenable for $160m

CyberSecurity Insiders

Tenable has made an official announcement that it has acquired cloud security startup Accurics for $160 million. Therefore, Accurics programmatic detection and mitigation of risky tools will help customers to securely access and secure infrastructure related to security and development and operations teams. Speaking at a virtual event, Amit Yoran, the CEO and Chairman of Tenable, stated that the deal will help organizations that are waiting to push their cloud and code journeys forward regarding

article thumbnail

Orgs Lack Confidence in Long-Term Hybrid Work Security

Security Boulevard

Just one in five companies are fully confident their infrastructure security can support long-term remote work, according to a survey of 200 North American business leaders conducted by the research firm Pulse on behalf of Sungard Availability Services. The survey found nearly nine in 10 (89%) of organizations believe a mix of remote and in-office. The post Orgs Lack Confidence in Long-Term Hybrid Work Security appeared first on Security Boulevard.

article thumbnail

4 Steps for Fostering Collaboration Between IT Network and Security Teams

Dark Reading

Successful collaboration requires a four-pronged approach that considers operations and infrastructure, leverages shared data, supports new workflows, and is formalized with documentation.

103
103
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.