Krebs on Security

JULY 18, 2022

The 911 service as it exists today. For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. 911 says its network is made up entirely of users who voluntarily install its “free VPN” software.

VPN 290

VPN Computers and Electronics Antivirus Software 290

Tech Republic Security

JULY 18, 2022

Microsoft says a ransomware gang calling itself H0lyGh0st may be sponsored by the North Korean government as a way for the country to offset its struggling economy. The post Why North Korean cybercriminals are targeting businesses with ransomware appeared first on TechRepublic.

Ransomware 204

Ransomware Government 204

Dark Reading

JULY 18, 2022

Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says.

Passwords 141

Passwords Malware 141

Tech Republic Security

JULY 18, 2022

VPNs are an essential component in small and medium-sized businesses' cybersecurity toolkit. Here's how leading VPN services for SMBs compare. The post Best VPN services for SMBs appeared first on TechRepublic.

VPN 164

VPN Cybersecurity Network Security 164

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

JULY 18, 2022

Hiring for the role of security analyst —that workhorse of security operations—could get even harder. Demand for the position is expected to grow, with the U.S. Bureau of Labor Statistics predicting organizations to add tens of thousands of positions through the decade, with employment for security analysts expected to grow by 33% from 2020 to 2030—much faster than the average for all occupations.

125

125

Tech Republic Security

JULY 18, 2022

Ransomware groups are now starting to pick sides in the Russian-Ukrain conflict. Learn more about who and what are at risk. The post Trellix finds business services top target of ransomware attacks appeared first on TechRepublic.

Business Services 149

Business Services Ransomware Risk 149

CSO Magazine

JULY 18, 2022

Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it's calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction. Password reuse. When someone tries to access an account covered by the Stytch solution, the password is automatically vetted at HaveIBeenPwnd, a dataset of 12 billion compromised passwords.

Passwords 119

Passwords Authentication Accountability Risk 119

Malwarebytes

JULY 18, 2022

Last week on Malwarebytes Labs: Elden Ring maker Bandai Namco hit by ransomware and data leaks Predatory Sparrow massively disrupts steel factories while keeping workers safe New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs China’s Tonto Team increases espionage activities against Russia Endpoint security for Mac: 3 best practices Low-income consumers preyed on by fake ISP during pandemic, FCC says Ransomware rolled through business defenses in Q2 2022 Co

Data breaches 118

Data breaches Ransomware Passwords Malware 118

CyberSecurity Insiders

JULY 18, 2022

Cybersecurity is swiftly evolving and opening the door for new career opportunities. People are transitioning away from traditional computer science careers to work in digital security. However, the sector is facing many challenges in filling open positions. Professionals must leverage their worth in the cybersecurity field to achieve success. They should improve their confidence levels, education and communication strategies to land high-paying jobs.

Cybersecurity 117

Cybersecurity Education Architecture Engineering 117

Security Affairs

JULY 18, 2022

A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack. Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many government services. “In order to withstand these unprecedented and dangerous strikes, we have been forced to close down go

Government 115

Government Cyber Attacks Hacking Information Security 115

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

JULY 18, 2022

Auth0’s OpenFGA project is an open source effort that undertakes to provide a universal authentication solution. FGA stands for “Fine Grained Authorization,” a granular approach to authorization modeling that is flexible enough to handle almost any imaginable use case. Read on for an introduction to the OpenFGA project. Authentication vs. authorization.

Authentication 115

Authentication Architecture Cybersecurity 115

PCI perspectives

JULY 18, 2022

A primary goal for PCI DSS v4.0 is to increase flexibility for organizations using different methods to achieve security objectives. One way the standard does this is with the introduction of the Customized Approach. We talk with Lauren Holloway, Director of Data Security Standards, to address some common questions about the Customized Approach.

113

113

Bleeping Computer

JULY 18, 2022

The FBI warned that cybercriminals are creating and using fraudulent cryptocurrency investment applications to steal funds from US cryptocurrency investors. [.].

Cryptocurrency 114

Cryptocurrency 114

CyberSecurity Insiders

JULY 18, 2022

In September 2022, Apple Inc will release its iOS 16 to all smart phones in its ecosystem and is urging every device user of its to upgrade their device software with the new one. But what’s tricking in this OS upgrade is that it only works with the models related to iPhone 8 and above and cannot be downloaded by other phones such as iPhone 7 and the previous ones.

Mobile 110

Mobile Spyware Cyber Attacks Software 110

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

JULY 18, 2022

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said.

Passwords 109

Passwords Firmware Engineering Software 109

Dark Reading

JULY 18, 2022

Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.

112

112

Security Boulevard

JULY 18, 2022

According to new research from Microsoft, 50% of companies want workers back in the office five days a week based on surveyed workers around the world between January and February. In the same report, 52% of workers are in the process of switching to a hybrid or a full-time remote job in 2022. This dichotomy. The post Workers Go Back to the Office: Cybersecurity After COVID-19 appeared first on Security Boulevard.

Cybersecurity 105

Cybersecurity Digital transformation Authentication Security Awareness 105

Malwarebytes

JULY 18, 2022

Restaurants and other eating establishments are being targeted by extortionists who post fake reviews online and then offer to remove them in exchange for a gift card. The possibility has always existed to leave poor reviews on Google Maps and elsewhere. However, seeing fraudsters get organised and issue extortion threats alongside the review is a new development.

Accountability 101

Accountability Social Engineering Engineering 101

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JULY 18, 2022

Microsoft is investigating an ongoing outage impacting Microsoft 365 services after customers have reported experiencing issues while trying to sign into, access, and receive emails on the outlook.com portal and via Exchange Online. [.].

98

98

Security Boulevard

JULY 18, 2022

Fake accounts have been around for years. They are commonly used to anonymously request info, avoid spam from an online merchant or participate anonymously in a conversation. Initially, fake accounts were easy to create manually, but over time the process became automated. More recently, fake accounts (aka bot or spam accounts), that are used to […].

Accountability 98

Accountability 98

Bleeping Computer

JULY 18, 2022

A court in Moscow has imposed a fine of $358 million (21 billion rubles) on Google LLC for failing to restrict access to information considered prohibited in the country. [.].

98

98

Security Boulevard

JULY 18, 2022

Anyone who’s bought tickets to an event on platforms like Ticketmaster or Stubhub has had the experience of waiting at their computer, hoping to. The post Tickets Scalping: How To Mitigate Through User Behavior Analytics appeared first on Moonsense - Risk Data Cloud. The post Tickets Scalping: How To Mitigate Through User Behavior Analytics appeared first on Security Boulevard.

Risk 98

Risk 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JULY 18, 2022

After hitting Germany, Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices. [.].

Phishing 98

Phishing Malware Mobile 98

Security Boulevard

JULY 18, 2022

Google Play Store is typically considered to be one of the safest sources for users to find and install android apps. However, threat actors continue to evolve their tactics and are able to successfully upload dangerous apps laced with malware on the Google play store. Recently, the Zscaler ThreatLabz team discovered apps involving multiple instances of the Joker, Facestealer, and Coper malware families spreading in the virtual marketplace.

Banking 98

Banking Malware Encryption Architecture 98

The Hacker News

JULY 18, 2022

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace.

Malware 97

Malware 97

Security Boulevard

JULY 18, 2022

Johnson Controls has acquired Tempered Networks as part of an effort to better secure its OpenBlue platform for collecting smart building and facilities data. At the same time, Johnson Controls has allied with Accenture to construct two OpenBlue Innovation Centers in Bangalore and Hyderabad, India. Vijay Sankaran, vice president and CTO for Johnson Controls, said.

IoT 98

IoT Cybersecurity 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The State of Security

JULY 18, 2022

In the world of modern business, companies must put extra effort into creating engaging visual content to stand out from the crowd. Social media marketing, for instance, was once deemed an easy way for companies to reach additional eyes but today, marketing is a lot more competitive than simply creating a post and hoping it […]… Read More.

Cybercrime 96

Cybercrime Marketing Media VPN 96

Security Boulevard

JULY 18, 2022

All you need to know about anti-virus on the Mac. At SE Labs we are often asked, “which is the best anti-virus for the Mac?” And, “do you need anti-malware for MacBooks?” For reasons we’ll explain, we’ve not published an endpoint security report for Mac-based products (yet). But we do have an insight into how […]. The post Mac anti-virus appeared first on SE Labs Blog.

Malware 97

Malware Cybersecurity 97

The Hacker News

JULY 18, 2022

Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.

Cyber Attacks 96

Cyber Attacks 96

Security Boulevard

JULY 18, 2022

A survey of 400 senior decision makers from mid-to-large-sized companies in the U.S. and Canada found that while 97% view adopting a zero-trust model as a priority, a full 90% continue to rely on virtual private networks (VPNs). Conducted by Sapio Research on behalf of Banyan Security, the survey found more than half of respondents. The post Survey Suggests Zero-Trust IT Transition Will Take Time appeared first on Security Boulevard.

VPN 97

VPN Cybersecurity Network Security 97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.