Mon.Feb 21, 2022

article thumbnail

Stealing Bicycles by Swapping QR Codes

Schneier on Security

This is a clever hack against those bike-rental kiosks: They’re stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app. The app doesn’t work for the rider but does free up the nearby Citi Bike with the switched code, where a thief is waiting, jumps on the bicycle and rides off.

Hacking 247
article thumbnail

What is the MITRE ATT&CK Framework?

Doctor Chaos

Preventing cyberattacks is a top priority for everyone today, which is why the MITRE ATT&CK framework was created. The MITRE ATT&CK framework is an accessible platform that offers resources about cyberattacks. By taking advantage of this wealth of information, you can get new ideas for your security systems and build on the defenses you already have.

Phishing 147
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ping Identity, Carahsoft partner for enhanced federal cybersecurity measures

Tech Republic Security

The two companies announced a joint agreement to work towards bettering the country’s infrastructure against cyber threats. The post Ping Identity, Carahsoft partner for enhanced federal cybersecurity measures appeared first on TechRepublic.

article thumbnail

Cybercriminals Have yet to Exploit Russia-Ukraine Tensions

Security Boulevard

Financially motivated actors appear to have stayed out of the Russia-Ukraine tensions—so far. Those actors “have yet to show their inclination to leverage the conflict for personal gain,” according to researchers at Intel471 who have been monitoring how the current conflict between the two countries is affecting the cybercriminal underground. But it’s too early to.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Integer overflow: How does it occur and how can it be prevented?

We Live Security

Make no mistake, counting on a computer is not as easy as it may seem. Here’s what happens when a number gets “too big”. The post Integer overflow: How does it occur and how can it be prevented? appeared first on WeLiveSecurity.

128
128
article thumbnail

Emerging Trends in Malware

Security Boulevard

Charlene O’Hanlon and Thomas Brittain from Kroll discuss emerging trends in the malware space in light of the recent surge of reported attacks, including threats to watch out for, predictions for how the government will focus on cybersecurity going forward and how companies can mitigate risk. The video is below, followed by a transcript of. The post Emerging Trends in Malware appeared first on Security Boulevard.

Malware 130

More Trending

article thumbnail

How Much is Your Data Worth?

Security Boulevard

Most organizations that prioritize and categorize data rarely assign it a specific monetary value. Usually, there is no need to go into that level of detail; it is enough to identify the most sensitive data and concentrate on securing what really matters. Ransomware Gangs are Setting the Price of Data One ugly development is threatening. The post How Much is Your Data Worth?

article thumbnail

Credit Suisse data leak leads to exposure of hidden £80b wealth of criminals

CyberSecurity Insiders

Credit Suisse data leak was disclosed by a German newspaper yesterday and early today some details related to the hidden £80b ($100B) wealth of criminals involved in cyber crime, money laundering, human trafficking were revealed. Going by the details, a whistle-blower revealed via Twitter that the data leak led to the exposure of 18k account related to 30,000 clients who hid around 100 billion Swiss Francs in various Swiss Bank.

Banking 126
article thumbnail

Cybersecurity is the Biggest Obstacle to Cloud Adoption

Security Boulevard

As organizations tackle their migrations to the cloud, IT professionals believe cyberthreats aimed at the cloud represent the biggest obstacle to continued adoption. This was one of the key findings of a Confluera survey of 200 IT leaders, which also revealed that IT security departments are already overburdened as they navigate cloud security issues.

article thumbnail

Expeditors and Meyer ransomware attack news and Conti gang involvement

CyberSecurity Insiders

A ransomware attack hit Meyer Corp USA, a company that is into the business of Kitchenware, in October last year. And details are now in that Conti Ransomware gang who stole valuable information targeted all of its subsidiaries. Highly placed sources say that the breach occurred on October 25th, 2022 and was discovered in the last month of the same year disrupting IT services for subsidiaries like Hestan Smart Cooking, Hestan Vineyards, and Blue Mountain Enterprises LLC along with Hestan Commerc

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

$1.7 Million Stolen in OpenSea Phishing Attack

Heimadal Security

OpenSea is a non-fungible token (NFT) marketplace based in New York City, operated by a group of American entrepreneurs, Devin Finzer and Alex Atallah. On the Ethereum blockchain, OpenSea provides a marketplace that allows non-fungible tokens to be traded directly at a set price or via an auction. The platform is built on the ERC-721 […]. The post $1.7 Million Stolen in OpenSea Phishing Attack appeared first on Heimdal Security Blog.

Phishing 117
article thumbnail

Xenomorph Android banking trojan distributed via Google Play Store

Security Affairs

Xenomorph Android trojan has been observed distributed via the official Google Play Store targeting 56 European banks. Researchers from ThreatFabric have spotted a new Android banking trojan, dubbed Xenomorph , distributed via the official Google Play Store that has over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information from the devices of their customers.

Banking 121
article thumbnail

New Android Banking Trojan Spreading via Google Play Store Targets Europeans

The Hacker News

A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices.

Banking 125
article thumbnail

LogRhythm names Jerry Tng Vice President of Sales for Asia Pacific to Accelerate Business Growth in the Region

Security Boulevard

Singapore — 22 February 2022 – LogRhythm, the company powering today’s security operations centers (SOCs), today announced the appointment of Jerry Tng as Vice President of Sales for Asia Pacific and Japan. Recently recognised as a leader in the Gartner…. The post LogRhythm names Jerry Tng Vice President of Sales for Asia Pacific to Accelerate Business Growth in the Region appeared first on LogRhythm.

110
110
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Facebook sued for siphoning facial recognition data without consent

Malwarebytes

Ken Paxton, the Attorney General of Texas, recently filed a lawsuit against Facebook’s parent company, Meta, for harvesting the facial recognition data of millions of Texan residents—for a decade. Paxton filed the lawsuit on Monday in the state’s Harrison County District Court. The suit contains arguments that Facebook’s now-defunct photo-tagging feature illegally collected data about Texan people’s faces, including those who are non-Facebook users but were tagged by some

article thumbnail

Illumio Automates Enforcement for Cloud Security

Security Boulevard

Security is no longer static. The cloud presents a rapidly changing and dynamic environment that security teams must stay on top of. Shift left, security automation, segmentation and zero-trust strategies all rose to address the breadth and depth of our technology stacks and environments. PJ Kirner, CTO and founder of Illumio talks with Mitch Ashley about.

article thumbnail

QR Codes: A Growing Security Problem

eSecurity Planet

Quick response (QR) codes are a convenient format for storing all kinds of information in a readable and secure way, at least when correctly implemented. With the ongoing COVID-19 pandemic, for example, governments have recently implemented QR codes to create Digital COVID Certificates for vaccination, tests status and other reasons. QR technology isn’t new, and security features like two-factor authentication (2FA) or multi-factor authentication (MFA) often invite users to generate such c

article thumbnail

$3 Million Hack of NFTs—‘And Nothing of Value was Lost’

Security Boulevard

OpenSea, the NFT marketplace, got hacked last week. Or perhaps it didn’t. Charles Ponzi would be proud. The post $3 Million Hack of NFTs—‘And Nothing of Value was Lost’ appeared first on Security Boulevard.

Hacking 98
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

FBI warns of fake CEO attacks taking place via video conferencing systems

Graham Cluley

The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms. Read more in my article on the Hot for Security blog.

98
article thumbnail

NFT Update in 2022 | Avast

Security Boulevard

NFTs, or non-fungible tokens, have continued to make news headlines since we last wrote about them. However, the majority of us still don’t know much — if anything — about them. At the very least, many people continue to have plenty of questions about this emerging form of digital asset. We’re here to provide a basic recap on what NFTs are and to catch you up to speed on related updates in 2022.

article thumbnail

Hackers Exploiting Infected Android Devices to Register Disposable Accounts

The Hacker News

An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation.

article thumbnail

The Network and Information Systems (NIS UK) Regulations and Directive 2018

Security Boulevard

In this article, we'll discuss the NIS UK Regulations and Directive in detail, including what they are, who they affect, and how your business can comply. The post The Network and Information Systems (NIS UK) Regulations and Directive 2018 appeared first on Cyphere | Securing Your Cyber Sphere. The post The Network and Information Systems (NIS UK) Regulations and Directive 2018 appeared first on Security Boulevard.

98
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

The Hacker News

Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts.

article thumbnail

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 369’

Security Boulevard

via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic. Permalink. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 369’ appeared first on Security Boulevard.

98
article thumbnail

Open Source Code: The Next Major Wave of Cyberattacks

Dark Reading

The ubiquity of open source software presents a significant security risk, as it opens the door for vulnerabilities to be introduced (intentionally or inadvertently) to those who use it.

article thumbnail

Themes From Momentum Cyber’s 2022 Cybersecurity Almanac

Security Boulevard

Interesting themes about the business of cybersecurity from the best data in the industry. The post Themes From Momentum Cyber’s 2022 Cybersecurity Almanac appeared first on Security Boulevard.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022

The Hacker News

For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses. And unfortunately — the bad guys have the upper hand at the moment.

article thumbnail

How to deliver more value without creating more work

Security Boulevard

Tired of being told to do more with less? This usually feels like the need to take on more work with fewer resources and less time. Which pushes you to the margins of your nights and weekends to “catch up.” All you end up with is more work and less value delivered. You know the […]. The post How to deliver more value without creating more work appeared first on Security Boulevard.

98
article thumbnail

Expeditors shuts down global operations after likely ransomware attack

Bleeping Computer

Seattle-based logistics and freight forwarding company Expeditors International has been targeted in a cyberattack over the weekend that forced the organization to shut down most of its operations worldwide. [.].

article thumbnail

BSidesAugusta 2021 – Wes Lambert’s ‘Endpoint Excavation: Digging Through Host Artifacts With Velociraptor’

Security Boulevard

Many thanks to BSidesAugusta for publishing their outstanding videos from the BSidesAugusta 2021 Conference on the organization’s YouTube channel. Permalink. The post BSidesAugusta 2021 – Wes Lambert’s ‘Endpoint Excavation: Digging Through Host Artifacts With Velociraptor’ appeared first on Security Boulevard.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.