Tue.Aug 10, 2021

article thumbnail

Apple Adds a Backdoor to iMesssage and iCloud Storage

Schneier on Security

Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.

article thumbnail

How to reduce your organization's security risk in 6 steps

Tech Republic Security

It's impossible to guarantee security—but nearly all organizations should take these actions to protect organizational data and systems.

Risk 216
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

One Million Stolen Credit Cards Leaked

Heimadal Security

A new criminal carding marketplace promoted itself by leaking data for one million credit cards that have been stolen between 2018 and 2019. Carding can be defined as the trafficking and use of stolen credit cards. Credit cards usually get stolen through point-of-sale malware, magecart attacks on websites, and by using information-stealing trojans. The credit cards are sold […].

Malware 145
article thumbnail

You can use wget behind a proxy: Here's how

Tech Republic Security

Jack Wallen has the solution to get this setup working properly. If wget is your go-to download command on your Linux servers, and your machines are behind a proxy, learn this trick.

180
180
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Why We Need Better Cybersecurity for the Transportation Sector

CyberSecurity Insiders

Cybersecurity is one of the most significant threats facing virtually any industry today. While many sectors didn’t have to worry about cybercrime in the past, rapid digitization and increased connectivity have opened the door for new risks. The transportation industry is a prime example of this shift. Not long ago, the transportation sector had little need for robust cybersecurity.

article thumbnail

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

eSecurity Planet

Cybercriminals using an IP address in China are trying to exploit a vulnerability disclosed earlier this month to deploy a variant of the Mirai malware on network routers affected by the vulnerability, according to researchers with Juniper Threat Labs. In a recent blog post , the researchers said the bad actors are looking to leverage a path traversal vulnerability that could affect millions of home routers and other Internet of Things (IoT) devices that use the same code base and are manufactur

IoT 143

More Trending

article thumbnail

Certified ethical hacker: CEH certification cost, training, and value

CSO Magazine

Certified Ethical Hacker (CEH) is an early-career certification for security pros who want to demonstrate that they can assess weaknesses in target systems, using techniques often associated with hackers to help identify vulnerabilities for employers or clients. CEH (sometimes written as C|EH ) is probably the most famous certification offered by the International Council of Electronic Commerce Consultants, or EC-Council , a cybersecurity education and training nonprofit founded in the wake of t

article thumbnail

Healthcare organizations are a focus of ransomware attacks

Cisco Security

The adoption of electronic health records (EHRs) and even faster adoption of wireless medical devices and telemedicine has made patient information more accessible by more people. Over the past year and a half that’s been tremendously beneficial. The shift to remote care and the widespread adoption of EHR solutions by health systems have shaped digital transformation in healthcare.

article thumbnail

Kaseya's universal REvil decryption key leaked on a hacking forum

Bleeping Computer

The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. [.].

Hacking 145
article thumbnail

7 tips for better CISO-CFO relationships

CSO Magazine

Every chief security executive knows that one of the most important—and perhaps challenging—aspects of the job is getting the funding needed to support the cybersecurity program. The person handing the decision making on budgeting is often the CFO, so CISOs would be wise to learn the best ways to interact with these finance professionals. [ Learn the 5 key qualities of successful CISOs, and how to develop them and 7 security incidents that cost CISOs their jobs. | Sign up for CSO newsletters. ].

CISO 137
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Ransomware runs rampant, so how can you combat this threat?

We Live Security

A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim. The post Ransomware runs rampant, so how can you combat this threat? appeared first on WeLiveSecurity.

article thumbnail

SeniorAdvisor data exposed due to a cloud security misconfiguration

CyberSecurity Insiders

SeniorAdvisor that offers trusted reviews to online users looking for senior care was exposed to hackers when a data storage server related to Amazon Web Services was wrongly configured, disclosing the data of over 3 million senior citizens. Wizcaze that offers evaluation service of Cybersecurity tools was the first to find the data exposure committed by SeniorAdvisor and informed the latter about the incident in the first week of June this year.

Banking 130
article thumbnail

Should Disclosure of Ransom Payments be Mandatory?

Security Boulevard

As ransomware wreaks havoc across the globe and criminal entities continue to fill their coffers with ransom payments, legislators search for a way to stem the tide. The average ransom paid is $136,576, according to Coveware whose analysis also noted how 75% of ransomware attacks were against companies with less than 1000 employees. Perhaps the. The post Should Disclosure of Ransom Payments be Mandatory?

article thumbnail

Understanding Smishing Attacks

Digital Shadows

I’ve got some good news and some bad news. The bad news is that I’ve been receiving a lot of. The post Understanding Smishing Attacks first appeared on Digital Shadows.

Phishing 130
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

A new variant of the eCh0raix ransomware is able to target Network-Attached Storage (NAS) devices from both QNAP and Synology vendors. A newly variant of the eCh0raix ransomware is able to infect Network-Attached Storage (NAS) devices from Taiwanese vendors QNAP and Synology. The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices.

article thumbnail

Learn how to build a culture of security with 1Password

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! The shift to remote and hybrid work has created an ecosystem of new vulnerabilities, putting your critical data at risk. With less oversight into security protocols and employee behaviors, it’s more important than … Continue reading "Learn how to build a culture of security with 1Password".

Risk 124
article thumbnail

It’s time to ask: Is ransomware insurance bad for cybersecurity?

Webroot

The issue at the heart of ransomware insurance will be familiar to most parents of young children: rewarding bad behavior only invites more of the same, so it’s generally not a good idea. But critics of the ransomware insurance industry argue that’s exactly what the practice does. Ransomware insurance has by now long been suspected of excusing lax security practices and inspiring confidence among cybercriminals that they’ll receive a timely payment following a successful breach

Insurance 122
article thumbnail

Windows security update blocks PetitPotam NTLM relay attacks

Bleeping Computer

Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain. [.].

142
142
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

BrandPost: Securing Hybrid Clouds and Multi-Cloud with Virtualized Network Firewalls

CSO Magazine

Organizations are looking to realize the promise of cloud computing, including faster time to market, increased responsiveness, and cost reductions. As part of this, many organizations use two or more clouds to meet business needs such as disaster recovery, data backup, application resiliency, and global coverage. In fact, 76% of organizations are using two or more cloud providers. 2 And according to the Flexera 2020 State of the Cloud Report , “93 percent of enterprises have a multi-cloud strat

Firewall 118
article thumbnail

Over $600 million reportedly stolen in cryptocurrency hack

Bleeping Computer

Over $611 million have reportedly been stolen in one of the largest cryptocurrency hacks. Decentralized cross-chain protocol and network, Poly Network announced today that it was attacked with cryptocurrency assets having successfully been transferred into the attackers' wallets. [.].

article thumbnail

Critical RDP Vulnerabilities Continue to Proliferate

McAfee

This month’s Patch Tuesday brings us a relatively small number of CVEs being patched, but an abnormally high percentage of noteworthy critical vulnerabilities. Vulnerability Analysis: CVE-2021-34535. One such vulnerability is identified as CVE-2021-34535, which is a remote code execution flaw in the Remote Desktop client software, observed in mstscax.dll, which is used by Microsoft’s built-in RDP client (mstsc.exe).

article thumbnail

Firefox adds enhanced cookie clearing, HTTPS by default in private browsing

Bleeping Computer

Mozilla says that, starting in Firefox 91 released today, users will be able to fully erase the browser history for all visited websites which prevents privacy violations due to "sneaky third-party cookies sticking around." [.].

126
126
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

$611 million stolen in Poly Network cross-chain hack

Security Affairs

The cross-chain protocol Poly Network has been hacked, threat actors stole $611 million making this hack the largest DeFi hack to date. $611 million has reportedly been stolen in one of the largest cryptocurrency hacks. The cross-chain protocol Poly Network disclose a security breach, threat actors have stolen over $611 million in cryptocurrencies. Important Notice: We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to ha

Hacking 117
article thumbnail

eCh0raix ransomware now targets both QNAP and Synology NAS devices

Bleeping Computer

A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. [.].

article thumbnail

Check your passwords! Synology NAS devices under attack from StealthWorker

Malwarebytes

Synology PSIRT (Product Security Incident Response Team) has put out a warning that it has recently seen and received reports about an increase in brute-force attacks against Synology devices. PSIRT suspects the botnet commonly known as StealthWorker is responsible for this increase in activity. Synology. Synology specializes in data storage and most people will know it because of its Networked Attached Storage (NAS) devices.

Passwords 112
article thumbnail

Your Productivity Metrics Are Outdated: How to Assess Employee Output in 2021 and Beyond

IT Security Central

Continued Coronavirus uncertainty and employee preferences are delaying in-person returns to the office, making long-term workplace disruption an inevitable part of today’s business environment. According to Gartner, 82 percent of company leaders plan to allow people to work remotely at least part of the time moving forward. At the same time, burgeoning business opportunities make […].

113
113
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

The NYPD Had a Secret Fund for Surveillance Tools

WIRED Threat Level

Documents reveal that police bought facial-recognition software, vans equipped with x-ray machines, and “stingray” cell site simulators—with no public oversight.

article thumbnail

Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws

Bleeping Computer

Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches. [.].

114
114
article thumbnail

How do you Protect Sensitive Data in the Cloud?

Security Boulevard

We are living in the age of data. Every business processes at least some data with varying degrees of complexity, in one way or another, however, despite the rising importance of data, we are not really seeing a proportional increase in data security. Consequently, the Verizon Business 2021 Data Breach Investigations Report revealed that the number of data breaches has increased by a third as companies are migrating to the cloud at a faster pace due to the COVID-19 pandemic.

article thumbnail

Crytek confirms Egregor ransomware attack, customer data theft

Bleeping Computer

Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers' personal info later leaked on the gang's dark web leak site. [.].

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.