The Last Watchdog

NOVEMBER 22, 2021

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Passwords 228

Passwords Password Management Accountability Data breaches 228

Schneier on Security

NOVEMBER 22, 2021

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.

Cryptocurrency 310

Cryptocurrency 310

Krebs on Security

NOVEMBER 22, 2021

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.

Scams 249

Scams Cybercrime Banking Identity Theft 249

Javvad Malik

NOVEMBER 22, 2021

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. But I do observe CISO’s very closely, and as a result I have figured out how to be an awesome CISO.

CISO 195

CISO Risk Firewall Cybersecurity 195

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 22, 2021

Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.

Risk 209

Risk Cybersecurity Accountability 209

Bleeping Computer

NOVEMBER 22, 2021

GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [.].

Data breaches 145

Data breaches Hacking 145

Bleeping Computer

NOVEMBER 22, 2021

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. [.].

145

145

Tech Republic Security

NOVEMBER 22, 2021

When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.

Accountability 199

Accountability 199

The Hacker News

NOVEMBER 22, 2021

Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis.

eCommerce 145

eCommerce Malware 145

Tech Republic Security

NOVEMBER 22, 2021

You can make sure you aren't seeing fake news, edited photos or deepfakes with this software. Here's how to install and use it.

Software 163

Software 163

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

NOVEMBER 22, 2021

Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed. The post What to do if you receive a data breach notice appeared first on WeLiveSecurity.

Data breaches 145

Data breaches 145

Security Boulevard

NOVEMBER 22, 2021

BSIMM12 reports increased attention on software security due to recent supply chain disruptions. Get recommendations for managing supply chain risks. The post Effective software security activities for managing supply chain risks appeared first on Software Integrity Blog. The post Effective software security activities for managing supply chain risks appeared first on Security Boulevard.

Software 141

Software Risk 141

Bleeping Computer

NOVEMBER 22, 2021

Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers. [.].

143

143

Security Boulevard

NOVEMBER 22, 2021

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. But I do observe … Continue reading 5 Tips to be an awesome CISO ?. The post 5 Tips to be an awesome CISO appeared first on Security Boulevard.

CISO 136

CISO 136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

NOVEMBER 22, 2021

We have seen multiple instances when the technology of Artificial Intelligence (AI) helped humans built robots to serve in healthcare, hospitality, manufacturing and defense sector. But did you ever imagine that the same AI robots can help civil engineers build an 8 sided floating sea port in the midst of Red Sea. Saudi Arabian government is planning to construct a floating sea port at the cost of $500 billion, covering 10,000 sq miles in Tabuk Province, sharing borders with Jordan and Egypt.

Artificial Intelligence 128

Artificial Intelligence Manufacturing Healthcare Education 128

Security Boulevard

NOVEMBER 22, 2021

Rising security risks are happening across multiple fronts—from ransomware attacks aimed at defense contractors to threats stemming from hybrid work environments. Meanwhile, midsize companies are still struggling with security issues and the lingering effects of the pandemic and the accelerated evolution of the threat landscape are having a negative impact on organizations’ security practices.

Ransomware 132

Ransomware Risk Security Awareness Mobile 132

CSO Magazine

NOVEMBER 22, 2021

Email remains the soft underbelly of enterprise security because it is the most tempting target for hackers. They just need one victim to succumb to a phishing lure to enter your network. Phishing ( in all its forms ) is just one of many attacks that can leverage a poorly protected email infrastructure. Account takeovers (due to reused passwords), business email compromises, payment fraud, specialized mobile malware, and spam messages that contain hidden malware or poisoned web links.

Phishing 127

Phishing Mobile Passwords Malware 127

Bleeping Computer

NOVEMBER 22, 2021

Researchers demonstrated that fingerprints could be cloned for biometric authentication for as little as $5 without using any sophisticated or uncommon tools. [.].

Authentication 137

Authentication Technology 137

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

InfoWorld on Security

NOVEMBER 22, 2021

In light of two recent security incidents impacting the popular NPM registry for JavaScript packages, GitHub will require 2FA (two-factor authentication) for maintainers and admins of popular packages on NPM. The 2FA policy, intended to protect against account takeovers, will be put in place starting with a cohort of top packages in the first quarter of 2022, GitHub said in a bulletin published on November 15.

Authentication 123

Authentication Accountability 123

CSO Magazine

NOVEMBER 22, 2021

Cloud computing is really nothing new… it’s been around in some form or another since the ‘70s. But over the past decade, cloud adoption has seen immense growth, especially at the enterprise level. In the name of moving the business forward, many organizations have now adopted cloud, with 67% using two or more cloud providers. Other organizations are quickly following suit as they pursue a hybrid or multi-cloud strategy (71%) to integrate multiple services, facilitate scalability, and provide

121

121

CyberSecurity Insiders

NOVEMBER 22, 2021

GoDaddy has made it official that a data breach has occurred on its database in September this year leaking email addresses to hackers that could lead to phishing attacks in the future. Interestingly, hackers reportedly gained access to the domain registrar provider’s servers in September this year. But the unauthorized access could only be detected last week during a security audit, causing severe concerns to customers of the web hosting provider.

Data breaches 120

Data breaches Phishing Social Engineering Passwords 120

Security Affairs

NOVEMBER 22, 2021

GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts. GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment. Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17. “On November 17, 2021, we discovered unauthorized third-party access

Data breaches 120

Data breaches Passwords Accountability Phishing 120

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

NOVEMBER 22, 2021

The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.

Passwords 120

Passwords 120

Heimadal Security

NOVEMBER 22, 2021

Conti ransomware is a very dangerous malicious actor because of how quickly it encrypts data and spreads to other computers. To get remote access to the affected PCs, the organization is usually utilizing phishing attempts to install the TrickBot and BazarLoader Trojans. What Happened? Emotet botnet has been reactivated by its previous operator, who was […].

Encryption 119

Encryption Phishing Ransomware Malware 119

Security Boulevard

NOVEMBER 22, 2021

A Canadian has been charged with stealing C$46 million of imaginary money, via SIM swapping. The post Biggest Single Crypto Theft: Teen Charged with $36M SIM-Swap Heist appeared first on Security Boulevard.

Social Engineering 118

Social Engineering Cryptocurrency Security Awareness Engineering 118

CyberSecurity Insiders

NOVEMBER 22, 2021

This blog was written by an independent guest blogger. In recent years the outbreak and spread of COVID-19 have left many people with fears and questions. With various medical opinions, news outlets spreading varied statistics, case number and death reports, and safety recommendations that varied between countries, states, cities, and individual businesses, people often felt desperate for information.

Phishing 117

Phishing Scams Data breaches Education 117

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

NOVEMBER 22, 2021

It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.

Risk 114

Risk 114

Security Affairs

NOVEMBER 22, 2021

US CISA and the FBI issued a joint alert to warn critical infrastructure partners and public/private organizations of ransomware attacks during holidays. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn critical infrastructure partners of ransomware attacks during the holiday season. During this period offices are often closed and employees are at home, for this reason, their organizations are more exposed to ransomware attacks.

Ransomware 114

Ransomware Scams Accountability Phishing 114

Naked Security

NOVEMBER 22, 2021

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

Passwords 145

Passwords 145

Graham Cluley

NOVEMBER 22, 2021

Joe Tidy, technology reporter at BBC News rather bravely did something that many other journalists would probably balk at doing. He decided he wanted to talk to Russian hackers face-to-face, on their home turf, and ask them their side of the story.

Hacking 112

Hacking Technology Ransomware Malware 112

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.