The Last Watchdog

MAY 5, 2022

Ransomware? I think you may have heard of it, isn’t the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. Related: Make it costly for cybercriminals. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Risk 227

Risk Ransomware Internet Internet 227

Schneier on Security

MAY 5, 2022

Cloudflare is reporting a large DDoS attack against an unnamed company “operating a crypto launchpad.” While this isn’t the largest application-layer attack we’ve seen , it is the largest we’ve seen over HTTP S. HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection.

DDOS 205

DDOS Encryption Cryptocurrency 205

Tech Republic Security

MAY 5, 2022

Adopting a new authentication method from the FIDO Alliance, the three major OS vendors will let you use encrypted credentials stored on your phone to automatically sign you into your online accounts. The post Google, Apple, Microsoft promise end to passwords, courtesy of your mobile phone appeared first on TechRepublic.

Mobile 148

Mobile Passwords Encryption Authentication 148

Bleeping Computer

MAY 5, 2022

The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network. [.].

143

143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 5, 2022

A stealthy cybercriminal operation targeting companies involved in mergers and acquisitions has been discovered, and it's run by a threat actor who is particularly cautious about not being detected. Read more about this threat and how to protect yourself. The post UNC3524: The nearly invisible cyberespionage threat sitting on network appliances appeared first on TechRepublic.

139

139

The State of Security

MAY 5, 2022

The FBI's Internet Crime Complaint Center (IC3) has issued updated statistics on Business Email Compromise (BEC) attacks which use a variety of social engineering and phishing techniques to break into accounts and trick companies into transferring large amounts of money into the hands of criminals. Read more in my article on the Tripwire State of Security blog.

Social Engineering 129

Social Engineering Engineering Phishing Internet 129

Cisco Security

MAY 5, 2022

Customers globally are requesting – and often requiring – SaaS providers to demonstrate their commitment to security, availability, confidentiality, and privacy. While attaining global security certifications has become table-stakes for many to do business, it’s no easy feat. Many organizations struggle to keep pace with this resource- and time-intensive process.

Marketing 113

Marketing InfoSec Risk Technology 113

Tech Republic Security

MAY 5, 2022

Check Point and Palo Alto are providers of effective endpoint detection and response tools to allow you to surpass detection-based cyber defense and improve your organization’s ability to manage cybersecurity risk. But which tool is best for you? The post Check Point vs Palo Alto: Comparing EDR software appeared first on TechRepublic.

Software 119

Software Risk Cybersecurity 119

CyberSecurity Insiders

MAY 5, 2022

As a business, fraud is something to be aware of and to put preventative measures in place where possible. Just like cybercrime, online fraud can happen to anyone – it doesn’t discriminate regardless of whether you’re a big or small company. . Fraud scoring is a useful way of helping understand how risky a user action is and whether or not to trust it as a legitimate action.

Cybercrime 107

Cybercrime Risk Firewall Scams 107

Tech Republic Security

MAY 5, 2022

Looking for an incredibly easy tool to manage your SSH connections? KDE's terminal application has a handy trick up its sleeve. The post How to use KDE Plasma’s Konsole SSH plugin appeared first on TechRepublic.

103

103

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Naked Security

MAY 5, 2022

Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.

Passwords 125

Passwords Cybersecurity 125

Tech Republic Security

MAY 5, 2022

See what features you can expect from CrowdStrike and FireEye to decide which EDR solution is right for you. The post CrowdStrike vs FireEye: Compare EDR software appeared first on TechRepublic.

Software 100

Software 100

Digital Guardian

MAY 5, 2022

Read up on how passwords may soon be a thing of the past, how your mental health data may be at risk, how business email compromise cost organizations billions in the past five years, and much more—all in this week’s Friday Five!

Passwords 102

Passwords Risk 102

The Hacker News

MAY 5, 2022

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts.

Software 102

Software 102

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

MAY 5, 2022

The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.

98

98

Heimadal Security

MAY 5, 2022

Naikon, a Chinese-state-sponsored Advanced Persistent Threat (APT) undergoes scrutiny once again following the discovery of a new set of TTPs (Tactics, Techniques, and Procedures). Although the group’s motivation remains unknown, the recovered data and (attack) artifacts tend to suggest that Naikon may be stagging a surveillance operation against Southeast Asian military and governmental HVTs (High-Value […].

Surveillance 103

Surveillance Cybersecurity 103

Bleeping Computer

MAY 5, 2022

The Federal Trade Commission (FTC) today proposed an order requiring Connecticut-based internet service provider Frontier Communications to stop "lying" to its customers and support its high-speed internet claims. [.].

Internet 98

Internet Internet Technology 98

Security Boulevard

MAY 5, 2022

The World Forum for Harmonization of Vehicle Regulations (WP.29) of the United Nations Economic Commission for Europe (UNECE) is a global regulatory forum within the UNECE Inland Transportation Committee. WP.29 drafted a regulation, No. 155 , addressing vehicle cybersecurity and cybersecurity management systems (CSMS). The post SAST and SCA Solutions Essential to Meeting UN Regulation No. 155 for Vehicle Cybersecurity appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MAY 5, 2022

Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia. [.].

DDOS 98

DDOS 98

The Hacker News

MAY 5, 2022

Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388, which carries a CVSS score of 9.

98

98

Bleeping Computer

MAY 5, 2022

A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device. [.].

Malware 98

Malware 98

The Hacker News

MAY 5, 2022

Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that's part of Avast and AVG antivirus solutions.

Antivirus 98

Antivirus 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

MAY 5, 2022

A bug in Google Docs is causing it to crash when a series of words are typed into a document opened with the online word processor. BleepingComputer was able to reproduce the issue last night and reached out to Google. [.].

Technology 98

Technology 98

The Hacker News

MAY 5, 2022

The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector.

Risk 98

Risk Cybersecurity Technology 98

Security Boulevard

MAY 5, 2022

Still using “MrFluff” as your password? Maybe mixed with a little Leet-speak — say, “MrFl0ff” — to confound all those hackers who want to vacuum out your 401K plan? The post 5 Tips For World Password Day from Cybersecurity Experts appeared first on Security Boulevard.

Passwords 97

Passwords Cybersecurity 97

Bleeping Computer

MAY 5, 2022

Microsoft, Apple, and Google announced today plans to support a common passwordless sign-in standard (known as passkeys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance. [.].

97

97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

We Live Security

MAY 5, 2022

The bitter truth about how fraudsters dupe online daters in this new twist on romance fraud. The post There’s no sugarcoating it: That online sugar daddy may be a scammer appeared first on WeLiveSecurity.

Scams 97

Scams 97

Graham Cluley

MAY 5, 2022

We find out why calls to Dublin airport's noise complaints line have soared, and Carole quizzes Graham to celebrate World Password Day. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast, with computer security veterans Graham Cluley and Carole Theriault. And don't miss our special featured interview with Clint Dovholuk of NetFoundry.

Passwords 98

Passwords DDOS 98

The Hacker News

MAY 5, 2022

Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as CVE-2021-22600 (CVSS score: 7.8), the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service.

96

96

Heimadal Security

MAY 5, 2022

For about six months, more than 100 National Health Service (NHS) employees in the United Kingdom had their email accounts used in various phishing attacks, some of which intended to steal Microsoft logins. Malicious actors began using authentic NHS email accounts in October 2021 after hacking them, and they continued to do so until at […]. The post UK National Health Service Email Accounts Compromised by Hackers to Steal Microsoft Logins appeared first on Heimdal Security Blog.

Accountability 98

Accountability Phishing Authentication Hacking 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.