The Last Watchdog

OCTOBER 26, 2021

Our Public Key Infrastructure is booming but also under a strain that manual certificate management workflows are not keeping up with. Related: A primer on advanced digital signatures. PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce. With digital transformation leading to a boom in the use of digital certificates, our bedrock authentication and encryption framework is at an inflection point, where the demand and adoption

Digital transformation 214

Digital transformation eCommerce Internet Internet 214

Tech Republic Security

OCTOBER 26, 2021

Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.

Data breaches 218

Data breaches Mobile Malware Software 218

We Live Security

OCTOBER 26, 2021

Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom. The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

OCTOBER 26, 2021

The stakes may not be as high as in the hit Netflix show, but you could still lose your data or identity if you fail to follow the rules for dodging the latest brand of pop-culture-themed scams.

Scams 153

Scams Malware 153

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

OCTOBER 26, 2021

Every organization wants to keep its employees’ cybersecurity skills up to date, but for many, the cost of advanced formal trainings can break the budget. At the SANS Institute, for instance, considered by many to be the gold standard for professional trainings, courses can cost more than $5,000 per person. At high profile conferences like Black Hat, even one- or two-day sessions can range to close to $4,000.

Banking 145

Banking Cybersecurity 145

Tech Republic Security

OCTOBER 26, 2021

A phishing campaign took advantage of the mail relay function on Craigslist, which allows attackers to remain anonymous, Inky says.

Phishing 177

Phishing 177

Bleeping Computer

OCTOBER 26, 2021

A high severity security flaw found in a WordPress plugin with more than 8,000 active installs can let authenticated attackers reset and wipe vulnerable websites. [.].

Authentication 142

Authentication 142

CSO Magazine

OCTOBER 26, 2021

Every organization wants to keep its employees’ cybersecurity skills up to date, but for many, the cost of advanced formal trainings can break the budget. At the SANS Institute, for instance, considered by many to be the gold standard for professional trainings, courses can cost more than $5,000 per person. At high profile conferences like Black Hat, even one- or two-day sessions can range to close to $4,000.

Banking 137

Banking Cybersecurity 137

Heimadal Security

OCTOBER 26, 2021

A critical RCE flaw discovered in the open-source Internet forum Discourse tracked as CVE-2021-41163, has been addressed in an urgent update on Friday. What Is Discourse? Discourse, which was founded in 2013, is an open-source Internet forum and mailing list management platform. According to Wikipedia, the application is written with Ember.js?and Ruby on Rails.

Internet 130

Internet Internet Cybersecurity 130

CyberSecurity Insiders

OCTOBER 26, 2021

While October is famous for National Cybersecurity Awareness Month , and we provide resources and recommendations for our customers, really every month should focus on this business-critical topic. Given the frequency of Ransomware attacks, all industries need to be increasingly vigilant. This includes many aspects of cybersecurity, such as user training, endpoint security, network security, vulnerability management, and detection and response to incidents.

Cybersecurity 128

Cybersecurity Threat Detection Energy and Utilities Ransomware 128

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

OCTOBER 26, 2021

Customer Perspectives A petroleum distribution business developed innovative ideas for increasing customer loyalty, but it needed to upgrade its technology infrastructure to bring those concepts to life. The company, which operates several hundred full-service gas stations, wanted to provide direct internet access to consumers as they waited at gas pumps.

Marketing 127

Marketing Media Internet Internet 127

Security Boulevard

OCTOBER 26, 2021

Microsoft has issued another of its “look how clever we are” writeups of detecting APT29 hackers. But the U.S. government sees it differently. The post New Russian Hacks Revealed—but U.S. Says it’s Microsoft’s Fault appeared first on Security Boulevard.

Hacking 127

Hacking Government Social Engineering CISO 127

eSecurity Planet

OCTOBER 26, 2021

As threat actors aim at IT supply chains , enhanced cybersecurity has been the recent driving force for industry adoption of the Software Bill of Materials (SBOM) framework. With a simple list of components that make up a software product, SBOMs enhance transparency between software buyers and sellers, provide the necessary visibility to identify vulnerabilities , and enable rapid incident response.

Software 125

Software Risk Healthcare Cybersecurity 125

IT Security Central

OCTOBER 26, 2021

The number of data breaches has increased every year for more than a decade. Each incident costs companies time, money and resources to repair while inflicting often-irreparable damage to their brand reputation and customer loyalty. This reality only became more apparent during the recent pandemic as threat actors capitalized on the moment’s disruption and uncertainty […].

Data breaches 124

Data breaches Cybersecurity Threat Detection Cyber Attacks 124

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

OCTOBER 26, 2021

The Conti ransomware gang is outraged that the United States appears to have hacked into the REvil ransomware gang's infrastructure, and knocked it offline.

Ransomware 131

Ransomware Hacking Malware 131

Security Affairs

OCTOBER 26, 2021

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. The gang has been active since at least 2020, threat actors hit organizations from various industries. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2

Ransomware 120

Ransomware Firmware Antivirus Accountability 120

CSO Magazine

OCTOBER 26, 2021

Anyone running a business is likely familiar with the phrase “building the plane as you’re flying it.” And through the craziness of the past 19 months, many of us lived the phrase, becoming pilots and engineers of our new realities overnight. But few lived it like the healthcare industry did. They weren’t just building the plane while flying it, they were also changing flight patterns, using different airports, and training new staff in the air.

Healthcare 119

Healthcare Engineering 119

Bleeping Computer

OCTOBER 26, 2021

A researcher has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv, to prove that home networks are severely unsecured and easy to hijack. [.].

120

120

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

McAfee

OCTOBER 26, 2021

What cyber security threats should enterprises look out for in 2022? Ransomware, nation states, social media and the shifting reliance on a remote workforce made headlines in 2021. Bad actors will learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns wielding the potential to wreak more havoc in all our lives. Skilled engineers and security architects from McAfee Enterprise and FireEye offer a preview of how the threatscape might look in 2022 and how these

Cybercrime 118

Cybercrime Ransomware Risk B2C 118

Security Boulevard

OCTOBER 26, 2021

An attack or data theft is not only detrimental to your reputation when it comes to customers and third parties, but it also impacts your organic search performance. The post Is SEO Affected by Cybersecurity? appeared first on Security Boulevard.

Cybersecurity 117

Cybersecurity 117

Bleeping Computer

OCTOBER 26, 2021

Law enforcement authorities arrested 150 suspects allegedly involved in selling and buying illicit goods on DarkMarket, the largest illegal marketplace on the dark web when it was taken down in January 2021. [.].

115

115

The Hacker News

OCTOBER 26, 2021

Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser.

109

109

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

OCTOBER 26, 2021

North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply chain attack capabilities. [.].

Hacking 109

Hacking 109

The Hacker News

OCTOBER 26, 2021

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge.

Scams 108

Scams 108

Bleeping Computer

OCTOBER 26, 2021

A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks. [.].

Malware 105

Malware 105

Naked Security

OCTOBER 26, 2021

This scam is obviously inapplicable to 999 people in every 1000. but there are LOTS of 1-in-1000 people in the world!

Scams 133

Scams Banking Phishing 133

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

TrustArc

OCTOBER 26, 2021

Below are snapshots of recent global updates courtesy of Nymity Research. Best Practices: CNIL Consults on Recruitment Guidance Comments on the CNIL’s consultation draft may be submitted until November 19, 2021; the comprehensive guidance addresses the obligations for recruiting entities (employers, recruiting agents, temp agencies) to have a legal grounds and legal basis for processing, […].

105

105

Malwarebytes

OCTOBER 26, 2021

We talked to members of our Malware Removal Support team and asked them what kind of problems they get asked to solve for our customers. To understand why they get to handle these questions, it is also necessary to know that the Malwarebytes software is unable to resolve the problems users are facing. Many of these problems can be categorized under the header of trusting the wrong people.

Media 103

Media Cybersecurity Advertising Passwords 103

Security Boulevard

OCTOBER 26, 2021

If you buy into the idea that every company is a technology company today, then you already know that security is having an unprecedented impact on business and the bottom line of companies around the globe. As we wrap up Cybersecurity Awareness Month, we now find ourselves operating in a world where cybersecurity is a company-wide issue. Security teams can’t.

Technology 102

Technology Cybersecurity Threat Detection Risk 102

Threatpost

OCTOBER 26, 2021

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

Malware 102

Malware 102

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.