Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Software 272

Software Ransomware System Administration Authentication 272

Tech Republic Security

JULY 8, 2021

Phishing, malicious files and other forms of fraud have followed the highly awaited movie since it was first delayed due to COVID-19. On the eve of its actual release, the scams have begun anew.

Scams 218

Scams Malware Phishing 218

We Live Security

JULY 8, 2021

Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here’s what might change the calculus. The post Ransomware: To pay or not to pay? Legal or illegal? These are the questions … appeared first on WeLiveSecurity.

Ransomware 145

Ransomware 145

Tech Republic Security

JULY 8, 2021

Ransomware attacks are getting bigger and harder to defend against. Tom Merritt lists the top five more things about ransomware you need to know.

Ransomware 217

Ransomware 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

JULY 8, 2021

Security researchers report that a notorious North Korean hacking group has been targeting engineers working in the defence industry. Read more in my article on the Tripwire State of Security blog.

Engineering 145

Engineering Hacking Malware 145

Tech Republic Security

JULY 8, 2021

Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.

212

212

Tech Republic Security

JULY 8, 2021

Found on Google Play and third-party app stores, the apps discovered by Lookout stole an estimated $350,000 from more than 93,000 people.

Scams 179

Scams 179

Security Boulevard

JULY 8, 2021

The recent rash of API security incidents (Peloton, Experian, Clubhouse, etc.) has no doubt forced many security and development teams to take a closer look at their API security posture to ensure they are not the next headline. Creating an inventory of all APIs exposed to external audiences is the most common starting point that […]. The post API Security Need to Know: Top 5 Authentication Pitfalls appeared first on Cequence.

Authentication 145

Authentication Risk 145

Tech Republic Security

JULY 8, 2021

West Monroe's executive poll details third-quarter hiring expectations, cybersecurity preparedness, investments to digitize business operations and more.

Cybersecurity 144

Cybersecurity 144

The Hacker News

JULY 8, 2021

This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers.

144

144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JULY 8, 2021

Ransomware attacks are getting bigger and harder to defend against. Tom Merritt lists five more things about ransomware you need to know.

Ransomware 151

Ransomware 151

Bleeping Computer

JULY 8, 2021

The REvil ransomware gang's attack on MSPs and their customers last week outwardly should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments. [.].

Ransomware 143

Ransomware 143

CyberSecurity Insiders

JULY 8, 2021

China is once again in the news for misusing the technology of Artificial Intelligence. Earlier, it was using AI tech to analyze loads of videos that were grabbed from the CCTV cameras installed across some of its major cities. The plan was to use machine learning tools and learn about the citizen activities taking place in front of the cameras in an automated way.

Cyber Attacks 141

Cyber Attacks Artificial Intelligence Wireless Surveillance 141

Tech Republic Security

JULY 8, 2021

Jack Wallen shows you how to configure specific DNS servers for your Docker container deployments.

DNS 170

DNS 170

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Digital Shadows

JULY 8, 2021

The world of ransomware and cyber extortion continues to change dramatically. On the one hand, new ransomware variants and data. The post Marketo: A Return to Simple Extortion first appeared on Digital Shadows.

Ransomware 140

Ransomware Data breaches 140

CSO Magazine

JULY 8, 2021

The Evolution of Cybercrime as a Service You’ve likely heard of software as a service (SaaS), infrastructure as a service (IaaS), and numerous other “as-a-service” platforms that help support the modern business world. What you may not realize is that cybercriminals often use the same business concepts and service models in their own organizations as regular, non-criminal enterprises.

Cybercrime 135

Cybercrime Software 135

Bleeping Computer

JULY 8, 2021

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third party vendor. [.].

Data breaches 135

Data breaches Hacking Banking 135

CSO Magazine

JULY 8, 2021

If you want to know what’s new in cybersecurity, watch what the startup vendors are doing. They typically begin with an innovative idea and are unfettered by an installed base and its mainstream approach. Startups often tackle problems no one else is addressing. The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor relationship.

Cybersecurity 135

Cybersecurity Risk 135

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JULY 8, 2021

Chinese genetics company BGI accused of misusing DNA harvested from prenatal testing. The post China ‘Eugenics’ Claim as BGI Hoards Prenatal Test DNA Data appeared first on Security Boulevard.

Social Engineering 134

Social Engineering Data privacy Security Awareness Engineering 134

SC Magazine

JULY 8, 2021

A recent phishing scheme targeting live chat platforms works in part because website operators that use chat features are not always diligently scanning uploaded files for malware. Phishing scammers posing as customers are contacting live-chat support agents with phony issues or problems and tricking them into opening up malicious documents, according to an incident response expert who has observed a marked uptick in use of this tactic over the last two quarters.

Phishing 134

Phishing Antivirus Scams Malware 134

We Live Security

JULY 8, 2021

The out-of-band update fixes a remote code execution flaw affecting the Windows Print Spooler service. The post Microsoft issues patch to fix PrintNightmare zero‑day bug appeared first on WeLiveSecurity.

134

134

Webroot

JULY 8, 2021

Cybersecurity analysts are charting both a rise in ransomware incidents and in amounts cybercriminals are demanding from businesses to restore their data. That’s bad news in itself, but what’s often overlooked are the additional ways – beyond payments victims may or may not choose to make– victims pay for these attacks. Our latest threat report found the average ransomware payment peaked in September 2020 at more than $230 thousand.

Ransomware 132

Ransomware Energy and Utilities Surveillance Insurance 132

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CSO Magazine

JULY 8, 2021

As organizations embrace cloud computing, the rate of infrastructure-as-code (IaC) adoption continues to rise. As with many new technologies, security is often bolted onto IaC or forgotten entirely. Securing IaC is important. Here’s how to best do so and the risks of neglecting this critical security activity.

Technology 126

Technology Risk 126

Security Boulevard

JULY 8, 2021

Kaseya has decided to postpone bringing its IT service management (ITSM) platform back online after a ransomware attack until Sunday afternoon July 11, 2021, Eastern Standard Time. Previously, the company had committed to bringing both the software-as-a-service (SaaS) platform and the on-premises edition of its platform back online earlier this week.

Ransomware 124

Ransomware Software Risk Government 124

TrustArc

JULY 8, 2021

This is the fourth part in a four-part series on the Colorado Privacy Act. In this part, we address the responsibilities of both controllers and processors, data protection assessments, and contracts. Please see the first three parts on: Part I – Overview Part II – Consumer Rights and how to implement your response program Part […].

124

124

Bleeping Computer

JULY 8, 2021

Microsoft says the emergency security updates released at the start of the week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions and urges users to start applying the updates as soon as possible. [.].

123

123

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JULY 8, 2021

The post Container Adoption Introduces Efficiency – and Vulnerabilities appeared first on Digital Defense, Inc. The post Container Adoption Introduces Efficiency – and Vulnerabilities appeared first on Security Boulevard.

122

122

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. Investment banking firm Morgan Stanley has disclosed a data breach after threat actors have compromised the Accellion FTA server of the third-party vendor Guidehouse. The company has offices in more than 42 countries and more than 60,000 employees, it has clients in multiple industries.

Data breaches 119

Data breaches Hacking Banking Financial Services 119

Heimadal Security

JULY 8, 2021

People everywhere are being warned to be careful around Android apps that claim they can mine Bitcoin in the cloud. According to researchers at the private IT security company Lookout, scammers fooled almost 100.000 people into purchasing fake Android cryptocurrency mining apps. The 172 paid Android apps, tracked as two separate families named BitScam (83,800 installs) […].

Cryptocurrency 119

Cryptocurrency Scams Cybersecurity 119

Bleeping Computer

JULY 8, 2021

Microsoft's recent out-of-band KB5004945 PrintNightmare security updates are preventing Windows users from printing to certain Zebra printers. [.].

126

126

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.