Schneier on Security

OCTOBER 27, 2021

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation.

Mobile 289

Mobile Surveillance 289

Joseph Steinberg

OCTOBER 27, 2021

A hospital suffering through a ransomware attack failed to provide proper care for an expectant mother and her newborn child, leading to the child’s death, according to a lawsuit filed in the US State of Alabama. Springhill Medical Center, a hospital in based in Mobile, Alabama, was hit with ransomware during the summer of 2019; the cyberattack crippled the medical facility’s information systems, causing multiple computer systems and networks to be unusable for over a week – the same period of t

Ransomware 241

Ransomware Cybersecurity Artificial Intelligence Mobile 241

Tech Republic Security

OCTOBER 27, 2021

The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May.

Cybercrime 210

Cybercrime Hacking 210

We Live Security

OCTOBER 27, 2021

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor. The post Wslink: Unique and undocumented malicious loader that runs as a server appeared first on WeLiveSecurity.

Malware 144

Malware 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 27, 2021

It's not necessary to spend a great deal of time or money to learn the skills required to work in some of the most exciting and highly paid positions in the tech industry.

Cybersecurity 184

Cybersecurity 184

Security Through Education

OCTOBER 27, 2021

As security professionals, we are conditioned by consistent exposure to adversarial simulation training. This immersive form of education allows us to develop and maintain a secure environment outside of the workplace, as well as in it. This begs the question, could a bank teller do the same if given some basic exposure to this training? What about a C-level executive?

Cybersecurity 137

Cybersecurity Social Engineering Firewall Engineering 137

CyberSecurity Insiders

OCTOBER 27, 2021

Executive summary. Binary diffing , a technique for comparing binaries, can be a powerful tool to facilitate malware analysis and perform malware family attribution. This blog post describes how AT&T Alien Labs is leveraging binary diffing and code analysis to reduce reverse-engineering time and generate threat intelligence. Using binary diffing for analysis is particularly effective in the IoT malware world, as most malware threats are variants of open-source malware families produced by a

Architecture 132

Architecture Malware IoT Engineering 132

Bleeping Computer

OCTOBER 27, 2021

Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free. [.].

Ransomware 144

Ransomware Software Cybersecurity 144

CyberSecurity Insiders

OCTOBER 27, 2021

EC Council, that can smartly abbreviated as the International Council of Electronic Commerce Consultants, has started a new certification program that offers MOOC certification series. Mooc stands for massive open online course, a training program that offers essential certifications in cybersecurity that includes courses related to network defense, ethical hacking and digital forensics.

Hacking 126

Hacking Education Cybersecurity 126

CSO Magazine

OCTOBER 27, 2021

Breach disclosure has recently been in the news, and not necessarily in a good way. Missouri Governor Mike Parson’s press conference on a newspaper’s reporting of a security vulnerability on the Department of Elementary and Secondary Education’s website created a social media backlash. He blamed the reporter who discovered publicly accessible sensitive data for the exposure rather than a faulty website implementation.

Media 123

Media 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

OCTOBER 27, 2021

First is the news related to a ransomware attack on a Candy maker that trade experts say could lead to chocolate scarcity when it is most needed by/for kids. And with only few days left for events such as Trick and Treat and Halloween night, Candy maker Brachs is making all arrangements that the malware attack doesn’t affect its production as the peak of the Christmas 2021 season on its way.

Ransomware 120

Ransomware Government Cyber threats Malware 120

Security Boulevard

OCTOBER 27, 2021

Cybersecurity risks are directly tied to legal and regulatory risk, according to a recent (ISC)2 Security Congress session. John Bandler, founder of Bandler Law Firm PLLC and Bandler Group, said the legal requirements relating to information governance include cybersecurity, privacy, incident response and breach reporting. Bandler believes the laws and regulations surrounding regulatory compliance have.

Cybersecurity 120

Cybersecurity Risk Government Security Awareness 120

SecureList

OCTOBER 27, 2021

During the 2021 edition of the SAS conference, I had the pleasure of delivering a workshop focused on reverse-engineering Go binaries. The goal of the workshop was to share basic knowledge that would allow analysts to immediately start looking into malware written in Go. A YouTube version of the workshop was released around the same time. Of course, the drawback of providing entry-level or immediately actionable information is that a few subtleties must be omitted.

Engineering 118

Engineering Malware Technology Software 118

CSO Magazine

OCTOBER 27, 2021

The United States federal government, much like in industry, is moving toward cloud adoption, Devsecops and microservices-based architectures for cloud-native applications. The National Institute of Standards of Technology (NIST) is tasked with promoting innovation and providing standards and guidance to industry to facilitate best practices.

Architecture 117

Architecture Government Technology 117

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

We Live Security

OCTOBER 27, 2021

The police sting spanned three continents and involved crackdowns in nine countries. The post Dark HunTOR: 150 arrested, $31 million seized in major dark web bust appeared first on WeLiveSecurity.

Cybercrime 137

Cybercrime 137

Bleeping Computer

OCTOBER 27, 2021

Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users. [.].

Passwords 132

Passwords Ransomware 132

Cisco Security

OCTOBER 27, 2021

Manufacturing company Megablok was experiencing frequent network outages that were halting business productivity and forcing employees to work from home. Like most, it blamed its current network and decided to recheck all network cables and expand its broadband to help resolve the issue. Frustratingly, the outages continued to happen. The company learned shortly after that the issues were a result of a cyberattack.

Technology 113

Technology Manufacturing Banking Risk 113

Bleeping Computer

OCTOBER 27, 2021

Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year's hack. [.].

Hacking 115

Hacking Authentication 115

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

OCTOBER 27, 2021

Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their leak site. Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data. The NRA was added to the list of compromised organizations on the leak site of the group, that gang also published a set of documents as proof of the hack.

Ransomware 110

Ransomware Banking Cybercrime Hacking 110

Bleeping Computer

OCTOBER 27, 2021

The Federal Communications Commission (FCC) has revoked China Telecom Americas' license to provide telecommunication services within the United States. [.].

Telecommunications 119

Telecommunications Risk 119

Dark Reading

OCTOBER 27, 2021

Most IT and security leaders are confident their cybersecurity strategy is on the right track, but they still believe their organizations are as vulnerable as they were a year ago.

Cybersecurity 108

Cybersecurity 108

CSO Magazine

OCTOBER 27, 2021

The group of hackers responsible for the SolarWinds software supply chain attack have continued to seek out ways of indirectly gaining access to enterprise networks by targeting IT and cloud services providers that have admin rights on their customers' systems through virtue of their business relationship. In a new report this week, Microsoft warns that since May, the group known as Nobelium has targeted over 140 cloud service resellers and technology providers and has succeeded to compromise as

Surveillance 108

Surveillance Technology Government Software 108

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

OCTOBER 27, 2021

A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems.

Malware 107

Malware 107

Threatpost

OCTOBER 27, 2021

Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.

132

132

The Hacker News

OCTOBER 27, 2021

A cyber attack in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline. Posts and videos circulated on social media showed messages that said, "Khamenei! Where is our gas?" — a reference to the country's supreme leader Ayatollah Ali Khamenei.

Cyber Attacks 106

Cyber Attacks Media 106

CyberSecurity Insiders

OCTOBER 27, 2021

Lazarus hacking group aka APT group from North Korea has hit the news headlines for launching a supply chain attack on a software company operating in lines with US Technology firms SolarWinds and Kaseya firms. Cybersecurity Insiders have learnt that the said group of threat actors have launched a MATA malware attack on the servers of the software company to steal information from the database and encrypt it with ransomware until their demands are met.

Software 105

Software Data breaches Education Technology 105

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

OCTOBER 27, 2021

Have you ever had someone run up to you in the street and insist you take their free knife? I hope not, because that’s a good way to wind up in a 60-minute police procedural drama. In video game land, however, anything goes. A certain type of scam is showing signs of activity at the moment and it’s likely to claim some victims before the week is out.

Scams 105

Scams Phishing Accountability Account Security 105

Threatpost

OCTOBER 27, 2021

The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.

Media 104

Media Authentication 104

Naked Security

OCTOBER 27, 2021

A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.

124

124

Dark Reading

OCTOBER 27, 2021

How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map.

119

119

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.