Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “ SMS Bandits ,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

Phishing 312

Phishing Telecommunications Mobile Advertising 312

Schneier on Security

FEBRUARY 1, 2021

Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked (enough to change the outcome). Then this would have been detected in the audit, and (in principle) Georgia would have been able to recover by doing a full recount.

Software 289

Software Hacking 289

Tech Republic Security

FEBRUARY 1, 2021

Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.

Engineering 214

Engineering 214

The Last Watchdog

FEBRUARY 1, 2021

The cybersecurity operational risks businesses face today are daunting, to say the least. Related: Embedding security into DevOps. Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of.

Risk 154

Risk Social Engineering Password Management Software 154

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 1, 2021

Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.

Penetration Testing 177

Penetration Testing Network Security 177

Security Boulevard

FEBRUARY 1, 2021

Predicting a global pandemic that reshaped how we interact with each other and our devices at a fundamental level […]. The post 3 Cybersecurity Resolutions to Survive 2021 appeared first on NuData Security. The post 3 Cybersecurity Resolutions to Survive 2021 appeared first on Security Boulevard.

Cybersecurity 145

Cybersecurity Web Fraud Authentication IoT 145

Graham Cluley

FEBRUARY 1, 2021

Karen Banks from Swadlincote in South Derbyshire, England, isn't very happy with whoever managed to post a message on an electronic traffic information sign in the neighbouring town of Burton.

Hacking 145

Hacking Banking 145

Tech Republic Security

FEBRUARY 1, 2021

Public 5G networks, private 5G networks, broader attack surfaces, and more complex environments add extra layers of vulnerability, expert says.

CISO 164

CISO Cybersecurity 164

Security Boulevard

FEBRUARY 1, 2021

GnuPG has a serious vulnerability, in a library also used elsewhere: Libgcrypt 1.9.0 contains a classic programming error. The post Bad Security Bug in GnuPG: C Language Blamed (Yet Again) appeared first on Security Boulevard.

Cybersecurity 135

Cybersecurity Network Security 135

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. The popular white hat hacker Tavis Ormandy of Google Project Zero discovered a severe heap buffer overflow flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software could have allowed a remote attacker to write arbitrary data to the target machine, potentially leading to code execution. “There is a heap buffer overflow in libgcrypt d

Encryption 134

Encryption Engineering Hacking Software 134

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

FEBRUARY 1, 2021

Even as the frequency and types of cyberthreats continue to climb, companies across the globe are faced with another problem: not enough experienced security professionals to combat the threats. A 2020 survey by the nonprofit certification organization ISC 2 puts the shortage at 3.12 million globally, while a study by Enterprise Strategy Group (ESG) finds 70% of organizations have been impacted somewhat or significantly by the global cybersecurity skills shortage.

Cybersecurity 128

Cybersecurity 128

Security Boulevard

FEBRUARY 1, 2021

Hello there, and welcome back! If you're just now tuning in, I've decided to do a collection of blog posts on what I think are going to be major cybersecurity topics this coming year. In the first blog post, I introduced you to what a supply chain attack is, why it’s such a big [.]. The post The New Year in Cybersecurity: Supply Chain Attacks, Part 2 appeared first on Hurricane Labs.

Cybersecurity 127

Cybersecurity InfoSec 127

Security Affairs

FEBRUARY 1, 2021

Experts uncovered a new supply chain attack leveraging the update process of NoxPlayer, a free Android emulator for PCs and Macs. A new supply chain attack made the headlines, a threat actor has compromised the update process of NoxPlayer, a free Android emulator for Windows and Macs developed by BigNox. The company claims to have over 150 million users in more than 150 countries, according to ESET more than 100,000 of its customers have Noxplayer installed on their machines.

Malware 117

Malware Surveillance Mobile Hacking 117

SC Magazine

FEBRUARY 1, 2021

Underscoring the global nature of the pandemic, a Madagascar man works from home on a laptop. Today’s columnist, Darren Guccione of Keeper Security, offers tips for locking down BYOD devices during the work-from-home era. WorldBankPhotoCollection CreativeCommons (Credit: CC BY-NC-ND 2.0). Prior to the COVID-19 pandemic, bring-your-own-device (BYOD) internal controls and data protection policies ranked fairly low on most priority lists.

Mobile 117

Mobile Passwords Risk Password Management 117

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

FEBRUARY 1, 2021

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research.

Malware 112

Malware Cybercrime Technology 112

Hot for Security

FEBRUARY 1, 2021

Two San Diego residents pleaded guilty last week to hacking a computer network to steal client identities and collect more than $2 million in unemployment benefits. San Diego residents Gordon Welterlen, 37, and Nicole Milan, 31, are described as two habitual offenders, responsible for multiple felonies, including one of the biggest data breaches in Santa Barbara County history.

Data breaches 111

Data breaches Hacking Identity Theft 111

The Hacker News

FEBRUARY 1, 2021

Cybersecurity researchers today disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs.

Spyware 118

Spyware Surveillance Software Malware 118

We Live Security

FEBRUARY 1, 2021

ESET researchers uncover a supply-chain attack used in a cyberespionage operation targeting online‑gaming communities in Asia. The post Operation NightScout: Supply‑chain attack targets online gaming in Asia appeared first on WeLiveSecurity.

Malware 112

Malware 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Zero Day

FEBRUARY 1, 2021

Attackers targeted only a handful of victims. Only five detected until now, in countries such as Taiwan, Hong Kong, and Sri Lanka.

Malware 123

Malware 123

Security Affairs

FEBRUARY 1, 2021

Researchers from the security firm NCC Group warn of the exploitation in the wild of a SonicWall zero-day vulnerability. Security experts from the firm NCC Group have detected “indiscriminate” exploitation of a SonicWall zero-day in attacks in the wild, ZDNet reported. NCC Group first disclosed the attacks on SonicWall devices on Sunday but did not provide details about the flaw exploited by the threat actors.

Firmware 103

Firmware Media Mobile Internet 103

Dark Reading

FEBRUARY 1, 2021

A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.

116

116

Security Boulevard

FEBRUARY 1, 2021

It’s easy to be distracted by the flood of other distressing news each day, but the FBI, CISA and HHS recently urged the health care industry to stay on high alert for malware; especially ransomware attacks. The FBI’s warning included the statement, “We found that 66 percent of hospitals do not meet the minimum security. The post Health Care Remains a Prime Target for Ransomware Attacks appeared first on Security Boulevard.

Ransomware 107

Ransomware Malware Healthcare Risk 107

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Cisco Security

FEBRUARY 1, 2021

At our Partner Summit 2020 virtual event , we announced some exciting new features that focus on Cloud Security Posture Management (CSPM) that would soon be available for Secure Cloud Analytics customers. A growing number of cloud resources and accounts to manage can mean more headaches for your SecOps team and leads to an expanded threat surface. What’s more, is that these public cloud resources typically span across numerous providers which can make visibility challenging.

Accountability 101

Accountability Threat Detection 101

Dark Reading

FEBRUARY 1, 2021

The pandemic took a bite out of funding deals, but cybersecurity start-ups fared better than many other industries.

Cybersecurity 127

Cybersecurity 127

Duo's Security Blog

FEBRUARY 1, 2021

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification! Ever wondered how a screw manufactured in the United States has the same screw threads as a screw manufactured in Lithuania? You can thank ISO for that! ISO is responsible for issuing internationally-accepted standards for (seemingly) everything, from a standard for brewing tea (3103:2019) to ski boots (5355:2005) to the two-letter country code that can form a country’s domain address (3166) t

Manufacturing 100

Manufacturing Surveillance CISO Information Security 100

Zero Day

FEBRUARY 1, 2021

The new Trickbot module is used to scan local networks for other nearby systems with open ports that could be hacked for quick lateral movement inside a company.

Hacking 105

Hacking 105

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Digital Guardian

FEBRUARY 1, 2021

Like California before it, New York could serve as the testing grounds for the next statewide consumer data privacy law.

Data privacy 122

Data privacy 122

CSO Magazine

FEBRUARY 1, 2021

At the recent SANS Cyber Threat Intelligence Summit , two CrowdStrike cybersecurity leads, Senior Security Researcher Sergei Frankoff and Senior Intelligence Analyst Eric Loui, offered details on an emerging major ransomware actor they call Sprite Spider. Like many other ransomware attackers, the gang behind Sprite Spider’s attacks has grown rapidly in sophistication and damage capacity since 2015.

Ransomware 98

Ransomware Cyber threats Cybersecurity 98

Dark Reading

FEBRUARY 1, 2021

Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.

Architecture 107

Architecture 107

CSO Magazine

FEBRUARY 1, 2021

FIDO definition: What is the FIDO Alliance and what does FIDO stand for? The FIDO (fast identity online) Alliance is an industry association that aims to reduce reliance on passwords for security, complementing or replacing them with strong authentication based on public-key cryptography. To achieve that goal, the FIDO Alliance has developed a series of technical specifications that websites and other service providers can use to move away from password-based security.

Passwords 97

Passwords Authentication 97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.