Schneier on Security

AUGUST 29, 2022

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics. The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.

246

246

The Last Watchdog

AUGUST 29, 2022

Penetration testing – pen tests – traditionally have been something companies might do once or twice a year. Related : Cyber espionage is on the rise. Bad news is always anticipated. That’s the whole point. The pen tester’s assignment is to seek out and exploit egregious, latent vulnerabilities – before the bad guys — thereby affording the organization a chance to shore up its network defenses.

Penetration Testing 167

Penetration Testing Digital transformation Internet Internet 167

Tech Republic Security

AUGUST 29, 2022

The offensive security tool used by penetration testers is also being used by threat actors from the ransomware and cyberespionage spheres. The post Sliver offensive security framework increasingly used by threat actors appeared first on TechRepublic.

Ransomware 156

Ransomware Penetration Testing Cybersecurity 156

The Last Watchdog

AUGUST 29, 2022

Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents. Related: Damage caused by ‘business logic’ hacking. This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches.

Hacking 151

Hacking Passwords Password Management Data breaches 151

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 29, 2022

A new survey from GitLab also finds that nearly three-quarters of respondents have adopted or are planning to adopt a DevOps platform within the year. The post Security investment, toolchain consolidation emerge as top priorities appeared first on TechRepublic.

155

155

CyberSecurity Insiders

AUGUST 29, 2022

As the use of Artificial Intelligence (AI) technology is growing, apparently it is leading to a situation of job steal. According to a survey conducted by LinkedIn, over 62% of company big-heads are interested in seeking the services of Machine Learning (ML) robots to recruit people. Thus, the role of the robots might slowly and steadily steal the involvement of a human mind in recruitment and that might truly lead to an enormous threat to the HR sector or its permanent shutdown.

Artificial Intelligence 118

Artificial Intelligence Technology Cybersecurity 118

CyberSecurity Insiders

AUGUST 29, 2022

Akasa Air, an Indian airliner that started flying services recently, is in news for wrong reasons. The airliner, that truly stands as a low-cost carrier, has suffered a data breach as per a report released to Indian Computer Emergency Response Team (CERT- In). The incident took place on August 25th, 2022, leaking details such as email addresses, gender, name, phone numbers, and contact addresses.

Data breaches 117

Data breaches Identity Theft Scams Cyber Attacks 117

CSO Magazine

AUGUST 29, 2022

It seems as if everyone is playing “buzzword bingo” when it comes to zero trust and its implementation, and it starts with government guidance. The White House’s comments in January on the Office of Management and Budget’s (OMB’s) Federal Zero Trust Strategy for all federal agencies and departments were both pragmatic and aspirational. Their observation, citing the Log4j vulnerability as an example, sums it up nicely: “The zero-trust strategy will enable agencies to more rapidly detect, isolate,

Government 114

Government 114

Bleeping Computer

AUGUST 29, 2022

Nelnet Serving, a Nebraska-based student loan technology services provider, has been breached by unauthorized network intruders who exploited a vulnerability in its systems. [.].

Accountability 110

Accountability Technology 110

CyberSecurity Insiders

AUGUST 29, 2022

1.) From the past few hours, a news piece related to Wi-Fi vulnerability on Android phones is doing rounds on the internet and security analysts state that the threat could be larger than what is being projected. A TikTok star(tatechtips) having fascination towards technology has revealed in one of his videos that just by turning of Wi-Fi feature on an android phone doesn’t save from prying eyes.

Cyber Attacks 108

Cyber Attacks Identity Theft Passwords Ransomware 108

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Heimadal Security

AUGUST 29, 2022

LockBit ransomware gang – a ransomware operation that has been active for almost three years now listing over 700 victims – announced that is working on enhancing its defenses against distributed denial-of-service strikes and going to escalate the activity to triple extortion. All these are the effects of a DDoS attack endured lately with the […].

Malware 108

Malware DDOS Ransomware Cybersecurity 108

Bleeping Computer

AUGUST 29, 2022

A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries. [.].

Malware 110

Malware Cryptocurrency 110

Security Boulevard

AUGUST 29, 2022

If your organization relies on the cloud, you also rely on APIs. “Whatever the project of the day (application modernization, monolith to microservice digital transformation, multi-cloud service mesh enablement, to name a few), APIs have become the backbone of modern application architectures and the digital supply chains organizations rely on,” said Nick Rago, field CTO.

Digital transformation 103

Digital transformation Architecture Mobile Malware 103

The Hacker News

AUGUST 29, 2022

The U.S. Federal Trade Commission (FTC) on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users by purchasing data from other data brokers to sell to its own clients.

Mobile 97

Mobile 97

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

AUGUST 29, 2022

Russia’s invasion of Ukraine elevated cybersecurity to high priority status for many organizations as warnings of attacks on critical infrastructure spiked. One could say the silver lining of these attacks. The post How To Protect Your Businesses During the Threat of Cyberattacks appeared first on SecZetta. The post How To Protect Your Businesses During the Threat of Cyberattacks appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

The Hacker News

AUGUST 29, 2022

Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts.

Accountability 97

Accountability Phishing Authentication 97

Security Boulevard

AUGUST 29, 2022

In the never-ending battle between business success and cybersecurity threats, enterprises have discovered a secret weapon. The post How Developers Can Strengthen Data Security with Open Source and PKI appeared first on Keyfactor. The post How Developers Can Strengthen Data Security with Open Source and PKI appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

AUGUST 29, 2022

Baker & Taylor, which describes itself as the world's largest distributor of books to libraries worldwide, today confirmed it's still working on restoring systems after being hit by ransomware more than a week ago. [.].

Ransomware 96

Ransomware 96

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

AUGUST 29, 2022

What is in Your SOC? Movie “300” credit — Warners Bros Pictures. Offensive or defensive culture for SecOps- becoming purple? Organizations developing a Security operations center(SOC) should consider which strategy they should adopt based on available cybersecurity professional resources: offensive or defensive? Both strategies organizations hope to become interchangeable; however, this idea rarely works out well.

Risk 98

Risk Insurance Cybersecurity Engineering 98

Security Affairs

AUGUST 29, 2022

Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines across 11 countries. The threat actors dropped the malware from popular software available on dozens of free software websites, including Softpedia and uptodown.

Malware 95

Malware Software Internet Internet 95

Security Boulevard

AUGUST 29, 2022

After 30 years in and around the security industry, it’s no surprise to me that business cycles repeat over and over again. I’ve been through a number of boom/bust cycles—in 2022 we’ve clearly transitioned to the bust part. One way to get a sense of where we are in the cycle is to track mergers. The post OpenText/Micro Focus Deal Signals New Phase of Consolidation appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

CSO Magazine

AUGUST 29, 2022

John Deskurakis had a green field opportunity when he stepped into the role of chief product security officer in April 2020 at Carrier Global Corp. United Technologies, which had spun off Carrier, took the existing product security function with it. That gave Deskurakis the chance to build an entirely new program—one that could meet the unique security needs of each of Carrier’s product lines. [ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cyber

CSO 95

CSO Technology Cybersecurity 95

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

AUGUST 29, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware this […]… Read More.

InfoSec 97

InfoSec Cybersecurity 97

Security Affairs

AUGUST 29, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog , including a high-severity security flaw ( CVE-2021-38406 CVSS score: 7.8) impacting Delta Electronics industrial automation software.

Authentication 94

Authentication Hacking Cybersecurity Software 94

Security Boulevard

AUGUST 29, 2022

The Software supply chain has taken center stage in the fight against cyber attacks and breaches. Savvy threat actors are leveraging gaps in the software supply chain to mount an unprecedented number of attacks. Organizations developing software are adopting automated DevOps and CI/CD pipeline solutions to speed up the development and testing all the way […].

Software 97

Software Cyber Attacks 97

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach , threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack.

Accountability 93

Accountability Authentication Phishing Data breaches 93

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

AUGUST 29, 2022

Documents appear to show that Israeli spyware company Intellexa sold a full suite of services around a zero-day affecting both Android and iOS ecosystems.

Spyware 101

Spyware 101

The Hacker News

AUGUST 29, 2022

A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz, vice president of research at Check Point, said in a statement shared with The Hacker News.

Software 93

Software Cryptocurrency 93

Security Affairs

AUGUST 29, 2022

The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. The U.S. Federal Trade Commission (FTC) filed a lawsuit against the US-based data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. “Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entiti

Mobile 92

Mobile Data collection Hacking Information Security 92

The Hacker News

AUGUST 29, 2022

The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency said in a notification.

Cryptocurrency 92

Cryptocurrency Government 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.