Troy Hunt

JULY 5, 2021

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other

Government 362

Government Data breaches 362

Schneier on Security

JULY 5, 2021

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught.

304

304

Bleeping Computer

JULY 5, 2021

REvil ransomware has set a price for decrypting all systems locked during the Kaseya supply-chain attack. The gang wants $70 million in Bitcoin for the tool that allows all affected businesses to recover their files. [.].

Ransomware 145

Ransomware 145

Graham Cluley

JULY 5, 2021

Hundreds - if not thousands - of companies have been by a huge supply-chain REvil ransomware attack that struck on Friday July 2nd, just as companies in the United States were closing down for the Independence Day holiday weekend.

Ransomware 144

Ransomware Malware 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JULY 5, 2021

CISA and the Federal Bureau of Investigation (FBI) have shared guidance for managed service providers (MSPs) and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform. [.].

Ransomware 142

Ransomware 142

CSO Magazine

JULY 5, 2021

Neurodiversity within cybersecurity is progressively becoming a topic of regular, meaningful discussion across the sector. Despite chronic workforce shortages within the industry, neurodiverse individuals are typically underrepresented in cybersecurity roles and so are regularly a vastly untapped source of potentially hireable and skilled talent.

CISO 144

CISO Cybersecurity 144

The Hacker News

JULY 5, 2021

A common misconception among startup founders is that cybercriminals won't waste time on them, because they're not big or well known enough yet. But just because you are small doesn't mean you're not in the firing line.

Cyber Attacks 141

Cyber Attacks Internet Internet 141

Threatpost

JULY 5, 2021

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware. InfoSec Insider Malware

Ransomware 136

Ransomware InfoSec Malware 136

Security Boulevard

JULY 5, 2021

During COVID-19, threat actors used fear of the virus and hope of a vaccine to trick unwitting victims into downloading malware or giving up their credentials. It was a master class in social engineering, one that put an organization’s security posture at risk. Social engineering attacks like phishing take advantage of an employee’s awareness of. The post Reaction to Social Engineering Indicative of Cybersecurity Culture appeared first on Security Boulevard.

Social Engineering 136

Social Engineering Engineering Cybersecurity Phishing 136

CSO Magazine

JULY 5, 2021

Ransomware evolved from a menial cybercrime issue to a crisis that threatens national security. Incidents such as the Colonial Pipeline attack show that this type of criminal activity can impact not just specific organizations that lack good security practices, but every citizen. It has the potential to disrupt life and prevent people from accessing basic services, including healthcare.

Ransomware 136

Ransomware Healthcare Cybercrime 136

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureList

JULY 5, 2021

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of their customers. The total number of encrypted businesses could run into thousands. REvil ransomware has been advertised on underground forums for three years and it is one of the most prolific RaaS operations.

Ransomware 136

Ransomware Encryption VPN Software 136

Hacker Combat

JULY 5, 2021

A new malicious software (ransomware) variant that leverages Golang has been released. It indicates that cybercriminals leverage GoLang (programming language) to execute their malicious actions. CrowdStrike obtained a specimen of the new ransomware strain, which has not been named yet. This malicious software has the same features as FiveHands and DeathRansom/HelloKitty.

Ransomware 132

Ransomware DNS Software Encryption 132

Bleeping Computer

JULY 5, 2021

In addition to redesigned Start Menu and rounded corners, Windows 11 also comes with a new File Explorer and Settings. While File Explorer is getting minor improvements, the Windows Settings app has been completely redesigned with a new layout and additional controls. [.].

Software 128

Software 128

The State of Security

JULY 5, 2021

2021 is a significant year for aviation. It marks the 20th anniversary of the 9/11 attacks, the worst acts of unlawful interference in the history of aviation. It is also the Year of Security Culture for the ICAO community, which aims to enhance security awareness and foster a security culture throughout the industry. The importance […]… Read More.

Security Awareness 128

Security Awareness 128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Heimadal Security

JULY 5, 2021

Wago is a German company specializing in electrical connection and automation solutions, and according to an advisory that was recently published by Germany’s CERT@VDE WAGO’s PFC100 and PFC200 PLCs, its Edge Controller product, and Touch Panel 600 HMIs are affected by four memory-related flaws impacting the iocheckd service I/O-Check. This type of vulnerability can result in corruption of data, […].

Cybersecurity 117

Cybersecurity 117

Errata Security

JULY 5, 2021

I'm trying to create perfect screen captures of SDR to explain the world of radio around us. In this blogpost, I'm going to discuss some of the imperfect captures I'm getting, specifically, some notes about WiFi and Bluetooth. An SDR is a "software defined radio" which digitally samples radio waves and uses number crunching to decode the signal into data.

Mobile 117

Mobile Internet Internet Government 117

Security Affairs

JULY 5, 2021

US water company WSSC Water is investigating a ransomware attack that affected non-essential business systems in May. WSSC Water is investigating a ransomware attack that took place on May 24 and that targeted a portion of their network that operates non-essential business systems. According to reports from WJZ13 Baltimore , the company removed the malware just hours later and locked out the threat, however, the attackers accessed internal files.

Ransomware 116

Ransomware Identity Theft Insurance Backups 116

CyberSecurity Insiders

JULY 5, 2021

Surely, of time, you might have used the AI voice assistant on your Google Android Smartphone. Some even have a habit of using it from time to time like for instance using it to check the weather, play latest music, know time or sports updates etc…. But do you know that all your queries asked via ‘Hey Google’ are recorded and stored on the Alphabet Inc’s servers for a specific period and then moved to archives for analytical purposes by the web search giant?

Accountability 115

Accountability Cybersecurity 115

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SC Magazine

JULY 5, 2021

A detailed view in a server farm in Switzerland. Following a shutdown that resulted from a ransomware attack, the Kaseya board determined the company was not ready to restore its software-as-a-service VSA remote monitoring and management tool, which will also delay the release of a patch for on-premises clients. (Photo by Dean Mouhtaropoulos/Getty Images).

Ransomware 113

Ransomware Software Media Authentication 113

SecurityTrails

JULY 5, 2021

Announcing the new Amass Information Sharing Feature and giving some information about the Amass x SecurityTrails Recon Master Contest.

128

128

Identity IQ

JULY 5, 2021

The shift to remote work during the pandemic brought with it a more relaxed approach to how employers view the idea of employees using their own devices. It is likely that as workers begin returning to the workplace, they may be able to keep using their own devices. While there are certainly some pros to using their own devices, employees should be aware of the possible risks and how to avoid them.

Risk 105

Risk Mobile Data breaches Passwords 105

CSO Magazine

JULY 5, 2021

Over 1,000 businesses from around the world have reportedly been impacted in a supply-chain attack where hackers exploited a vulnerability in a remote computer management tool called Kaseya VSA to deploy the REvil ransomware. Kaseya shut down its cloud-based service and urged all users with on-premises deployments, which includes many managed services providers (MSPs), to immediately shut down their vulnerable servers until a patch is released.

Software 102

Software Ransomware 102

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Trend Micro

JULY 5, 2021

We recently coined this as the Summer of Cybercrime. Major ransomware attacks continue to hit companies globally. The attacks can cause significant damage, from a financial, reputation and productivity standpoint.

Cybercrime 101

Cybercrime Ransomware Cyber threats 101

Naked Security

JULY 5, 2021

Cryptography, privacy, stalkerware and how infosec professionals relax. Listen, enjoy and learn!

InfoSec 137

InfoSec 137

Malwarebytes

JULY 5, 2021

Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming ? Lil’ skimmer, the Magecart impersonator What is the WireGuard VPN protocol ? Binance receives the ban hammer from UK’s FCA Fired by algorithm: The future’s here and it’s a robot wearing a white collar Second colossal Linkedin “breach” in 3 months, almost all users affected Police seize DoubleVPN data, servers, and domain PrintNightmare 0-day can be used to take over Windows domain controllers SMS authentication code includes ad

Cyber Insurance 99

Cyber Insurance Social Engineering Scams Insurance 99

Heimadal Security

JULY 5, 2021

Phishing has been around since the mid-nineties, with the first-ever malicious email of this kind being discovered in 1995. This now notorious cyber threat rose to global fame in 2000 with the infamous Love Bug virus spread. The email it came in contained an attachment claiming to be a love letter, which tricked a lot […]. The post Phishing Prevention 101: How to Recognize an Attack and Other Useful Tips appeared first on Heimdal Security Blog.

Phishing 98

Phishing Cyber threats Education Cybersecurity 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Appknox

JULY 5, 2021

When it comes to establishing a robust mobile application security posture, vulnerability scanning is certainly the go-to option. But given the complex cybersecurity challenges of modern times, it might be complicated and challenging to implement vulnerability scanning properly.

Mobile 98

Mobile Cybersecurity 98

Threatpost

JULY 5, 2021

Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.

Ransomware 123

Ransomware Malware 123

Acunetix

JULY 5, 2021

The latest edition of CyberTalks, the largest annual gathering of CISOs and cyber leaders, was held on June 15-16, and attracted thousands of virtual attendees from government, technology, finance, and medical sectors. During these unprecedented times, the necessity to come together was more urgent than. Read more. The post Invicti Security at CyberTalks 2021 appeared first on Acunetix.

CISO 91

CISO Government Technology 91

Dark Reading

JULY 5, 2021

The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.

Cybersecurity 98

Cybersecurity 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.