The Last Watchdog

MAY 24, 2022

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps. This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their inte

Authentication 292

Authentication Passwords Banking Digital transformation 292

Schneier on Security

MAY 24, 2022

Following a recent Supreme Court ruling , the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to indiv

Hacking 243

Hacking Cybercrime Accountability Cybersecurity 243

Tech Republic Security

MAY 24, 2022

A study conducted by Agari and PhishLabs found a five-times increase in attempted vishing attacks from the beginning of 2021 to Q1 of 2022. The post Voice phishing attacks reach all-time high appeared first on TechRepublic.

Phishing 218

Phishing 218

Bleeping Computer

MAY 24, 2022

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. [.].

145

145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 24, 2022

Docker secrets are a way to encrypt things like passwords and certificates within a service and container. Jack Wallen shows you the basics of creating and using this security-centric tool. The post How to create a Docker secret and use it to deploy a service appeared first on TechRepublic.

Encryption 156

Encryption Passwords 156

Malwarebytes

MAY 24, 2022

An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities with at least four separate spear phishing campaigns since late February, 2022. The campaigns, discovered by the Malwarebytes Threat Intelligence team , are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely.

Malware 143

Malware Phishing Government Accountability 143

CyberSecurity Insiders

MAY 24, 2022

Oracle has bolstered its Cloud Infrastructure with five new capabilities in order to protect its customers against attacks on cloud applications and data assets. The software giant will enhance its cloud native firewall service to enhance Oracle Cloud Guard and Oracle Security Zones. Nowadays, every business is interested in moving its application workloads and data to the cloud.

Firewall 142

Firewall Software Cybersecurity 142

Security Boulevard

MAY 24, 2022

A wedding planning startup, Zola, has been hacked—or so it seems. Users allege serious PCI violations. The post Zola Wedding App ‘Hacked’ — Victims Lose BIG Money appeared first on Security Boulevard.

Hacking 136

Hacking Social Engineering Passwords Engineering 136

Trend Micro

MAY 24, 2022

Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report.

Ransomware 141

Ransomware 141

CyberSecurity Insiders

MAY 24, 2022

General Motors (GM), an American automobile maker, has suggested that a credential stuffing attack that led to the exposure of customer details has hit it to hackers between April 11th–29th,2022. An email notification regarding the data breach is being sent to all affected customers by General Motors and it assured that it will put a curb on all such incidents soon by taking appropriate cybersecurity measures on a proactive note.

Cyber Attacks 124

Cyber Attacks Manufacturing Data breaches Banking 124

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

MAY 24, 2022

Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines—servers, devices, and services—is growing rapidly and efforts to secure them often fall short. Cybercriminals and other threat actors have been quick to take advantage. Cyberattacks that involved the misuse of machine identities increased by 1,600% over the last five years, according to a report released last spring by cybersecurity vendor Venafi.

Cybersecurity 121

Cybersecurity 121

Bleeping Computer

MAY 24, 2022

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. Additionally, versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets. [.].

Software 117

Software 117

The Hacker News

MAY 24, 2022

Let's face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is skyrocketing, and opportunities for the attack have greatly multiplied as lives moved online. All it takes is one password to be compromised for all other users to become victims of a data breach.

Phishing 112

Phishing Authentication Data breaches Passwords 112

Bleeping Computer

MAY 24, 2022

Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. [.].

Authentication 123

Authentication 123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

MAY 24, 2022

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection.

111

111

CyberSecurity Insiders

MAY 24, 2022

IBM, the American Technology Company, has taken a cybersecurity initiative to improve Ransomware protection in public schools across the United States. The program will be funded solely by the said private entity at a cost of $5 million that will be distributed as a grant across K-12 schools operating throughout the United States. Aim is to improve the current security posture of schools against ransomware attacks and will be funded by the tech giant as a part of Corporate Social Responsibility

Ransomware 107

Ransomware Education Cyber Attacks Government 107

The Hacker News

MAY 24, 2022

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity.

Hacking 107

Hacking 107

Bleeping Computer

MAY 24, 2022

Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. [.].

107

107

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

MAY 24, 2022

In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration.

Malware 106

Malware Software 106

Cisco Security

MAY 24, 2022

Find out how you can stretch your organization’s security budget amidst inflation and its economic impacts. No one could have predicted the lasting effects of the pandemic on our economy. A strain has been put on the overall supply chain, causing the value of the dollar, or any other local currency, to not go as far as it once did. Consumers are experiencing skyrocketing energy, gas, and food prices, and businesses are facing delays in deliveries of goods and services to their customers.

Cybersecurity 106

Cybersecurity Cyber threats Network Security Risk 106

Bleeping Computer

MAY 24, 2022

Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware. [.].

Malware 114

Malware 114

SecureBlitz

MAY 24, 2022

Here, I will show you the most dangerous websites that you should avoid. We have entered into a new decade, Read more. The post Most Dangerous Websites You Should Avoid [MUST READ] appeared first on SecureBlitz Cybersecurity.

Cybersecurity 105

Cybersecurity Cyber threats Cybercrime 105

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

MAY 24, 2022

Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. Interpol Secretary General Jurgen Stock declared that nation-state malwre will become available on the darknet in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide.

Malware 103

Malware Cybercrime Government Engineering 103

Heimadal Security

MAY 24, 2022

The General Motors Company is a global American automobile manufacturing company with its headquarters in Detroit, Michigan. The corporation is the biggest automotive manufacturer located in the United States and is also one of the major manufacturers of motor vehicles in the world. The owners of Chevrolet, Buick, GMC, and Cadillac automobiles have access to […].

Manufacturing 106

Manufacturing Cybersecurity 106

The Hacker News

MAY 24, 2022

Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "ctx," a Python module available in the PyPi repository. The other involves "phpass," a PHP package that's been forked on GitHub to distribute a rogue update.

Software 103

Software 103

Heimadal Security

MAY 24, 2022

Threat actors using the Snake keylogger malware for Windows send malicious PDFs via email that have embedded Word documents to compromise their targets’ devices and snatch private data. The PDF malware operation has been observed by researchers at HP’s Wolf Security, who said that malicious PDFs are not a common method to use nowadays as […].

Malware 105

Malware Cybersecurity 105

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

MAY 24, 2022

Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down their infrastructure in favor of migrating their criminal activities to other ancillary operations, including Karakurt and BlackByte.

Cybercrime 104

Cybercrime Ransomware Government 104

Bleeping Computer

MAY 24, 2022

The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. [.].

Cybersecurity 101

Cybersecurity 101

Dark Reading

MAY 24, 2022

New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

Passwords 124

Passwords 124

Security Boulevard

MAY 24, 2022

Axio Board member and former CEO of BP, Bob Dudley, recently sat down with experts at Accenture for its 2022 OT Cybersecurity Virtual Summit. Sharing his experience, Bob discussed lessons learned in cybersecurity, the continued challenge of cyber resiliency, and the crucial role played by C-Suite execs and board members in this space. In today’s. Read article > The post Why Embrace the Cybersecurity Imperative – a Discussion with Accenture and Bob Dudley, Axio Board Member and Former CEO of

Cybersecurity 98

Cybersecurity Cyber Risk Cyber Attacks Risk 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.