Schneier on Security

MAY 20, 2021

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways­ — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will install a sophisticated backdoor that “contains more than 100 commands and allows the attackers to steal online banking account credentials,”

Banking 344

Banking Malware Accountability 344

Adam Shostack

MAY 20, 2021

Threat model Thursday is not just back, but live again! This week is my Using Threat Modeling to Improve Compliance at RSAC 2021. The video replay is available if you have an RSA pass, and the slides are available to all.

147

147

Tech Republic Security

MAY 20, 2021

App developers are failing to properly set up and secure access to third-party services, putting user data at risk, says Check Point Research.

Mobile 177

Mobile Risk 177

Security Boulevard

MAY 20, 2021

With remote care, connected devices , and more efficient use of data digitizing healthcare delivery, cybersecurity has never been more vital for providers. Despite the benefits to patient care, however, there are some major weak spots that still remain for providers. With healthcare under continuous attack from threat actors , not only will new vulnerabilities emerge, but existing cybersecurity weaknesses are also set to become more critical as providers leverage digital technology more frequent

Healthcare 145

Healthcare Cybersecurity Technology 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 20, 2021

Because every organization has different security needs and requirements, there is no one-size-fits-all approach.

171

171

Security Boulevard

MAY 20, 2021

The idea that data has value certainly isn’t new. It’s been called the new oil, the new gold – in fact, insert any rare commodity, and someone has probably created an analogy! Ironically, though, now that there’s almost universal recognition that this value exists, unlike any of these other commodities, it has become infinitely harder. The post Synthetic Data Removes Data Privacy Risks appeared first on Security Boulevard.

Data privacy 145

Data privacy Risk Government Cybersecurity 145

Security Boulevard

MAY 20, 2021

Like the Kubler-Ross stages of grief, there are multiple stages of data breach. Anger, denial, blame, investigation, litigation, regulation and, ultimately, resignation. This includes possible class action litigation by consumers, banks, vendors, suppliers or others impacted by the failure to adequately protect data, shareholder derivative lawsuits by investors for failure to protect critical corporate assets, The post High Court Deals Blow to Data Privacy Regulations appeared first on Security

Data privacy 145

Data privacy Data breaches Banking Risk 145

The State of Security

MAY 20, 2021

With all the headlines about ransomware attacks hitting companies hard, you might think there's only bad news around the subject. Well, think again. Read more in my article on the Tripwire State of Security blog.

Ransomware 142

Ransomware Malware 142

We Live Security

MAY 20, 2021

An all-new privacy dashboard and better location, microphone and camera controls are all aimed at curbing apps’ data-slurping habits. The post Android 12 will give you more control over how much data you share with apps appeared first on WeLiveSecurity.

142

142

Bleeping Computer

MAY 20, 2021

Comcast, one of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. Left unchecked, a BGP route hijack or leak can cause a drastic surge in internet traffic that now gets misdirected or stuck, leading to global congestion and a Denial of Service (DoS). [.].

Internet 140

Internet Internet 140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

TrustArc

MAY 20, 2021

TrustArc has announced that its data-driven PrivacyCentral platform will now incorporate the EU Cloud Code of Conduct, a GDPR Code of Conduct approved by European regulators on May 20, 2021. This capability allows organizations operating as cloud-service providers to evaluate their readiness to declare adherence to the standards of the new Code at a more […].

140

140

Security Affairs

MAY 20, 2021

Microsoft released SimuLand, an open-source tool that can be used to build lab environments to simulate attacks and verify their detection. Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used in real attack scenarios. The tool could be used to test and improve Microsoft solutions, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios. “SimuLand is an open-source initiative by Micr

Hacking 140

Hacking 140

Bleeping Computer

MAY 20, 2021

A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America. [.].

Banking 141

Banking 141

Tech Republic Security

MAY 20, 2021

The attacks used fake order receipts and phone numbers in an attempt to steal credit card details from unsuspecting victims, says Armorblox.

138

138

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MAY 20, 2021

Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios. [.].

131

131

Security Boulevard

MAY 20, 2021

Nobody wants to be a proverbial guinea pig; least of all, developers donating their time and energy to making the world a better place. You’d think with all the recent discussion about consent, researchers would more carefully observe ethical boundaries. Yet, a group of researchers from the University of Minnesota not only crossed the line. The post The Role of Ethics in Cybersecurity Studies appeared first on Security Boulevard.

Cybersecurity 131

Cybersecurity Social Engineering Engineering Risk 131

Bleeping Computer

MAY 20, 2021

A massive malware campaign pushed the Java-based STRRAT remote access trojan (RAT), known for its data theft capabilities and the ability to fake ransomware attacks. [.].

Malware 131

Malware Ransomware 131

Malwarebytes

MAY 20, 2021

“It’s cracking, the whole thing.” The words were delivered quickly, but in a thoughtful and measured way. As if the person saying them was used to delivering difficult news. Little surprise, given they belonged to a doctor. But this doctor wasn’t describing a medical condition—this was their assessment of the situation on the ground in the hospital where they’re working today, in Ireland.

Ransomware 128

Ransomware Insurance Government Risk 128

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MAY 20, 2021

The Conti ransomware gang has released a free decryptor for Ireland's health service, the HSE, but warns that they will still sell or release the stolen data. [.].

Ransomware 132

Ransomware 132

WIRED Threat Level

MAY 20, 2021

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Hacking 136

Hacking Government Cybersecurity 136

Hot for Security

MAY 20, 2021

The FBI’s Internet Crime Complaint Center (IC3) has been providing the public with reliable cybercrime reporting systems for 20 years. In that time, the IC3 has developed into a go-to platform for victims of fraud, online scams, identity theft, and other cyber-related crimes that have inflicted losses of over $10 billion. Last week, the center received its six millionth complaint, revealing that, while individuals have become more inclined to report cyber incidents, more and more people ar

Internet 125

Internet Internet Scams Cybercrime 125

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The RAT was designed to steal data from victims while masquerading as a ransomware attack. The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to

Ransomware 125

Ransomware Malware Encryption Security Intelligence 125

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Adam Shostack

MAY 20, 2021

The National Science Foundation is looking for information on needs for datasets, Dear Colleague Letter: Request for Information on the specific needs for datasets to conduct research on computer and network systems. A draft of my responses is on Google Docs. Comments are due Friday at 5 PM EST. (I thought I’d posted this earlier.).

100

100

Security Affairs

MAY 20, 2021

Experts discovered a Time-Based Blind SQL Injection vulnerability in the WP Statistics plugin which is installed on over 600,000 WordPress sites. Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability in WP Statistics , which is a WordPress plugin with over 600,000 active installs. The plugin was developed by VeronaLabs, it provides complete website statistics to site owners.

Firewall 121

Firewall Encryption Passwords Hacking 121

Bleeping Computer

MAY 20, 2021

The official Python software package repository, PyPI, is getting flooded with spam packages, as seen by BleepingComputer. These packages are named after different movies in a style that is commonly associated with torrents and "warez" sites hosting pirated content. [.].

Software 120

Software 120

TrustArc

MAY 20, 2021

On this week of Serious Privacy, Paul Breitbarth and K Royal connect with Ray Everett, Founding Member & Chief Privacy Intelligence Officer at Data Secrets, a company that develops solutions focused on identifying risk wherever applications are accessing your data — in the public cloud, in SaaS applications, and on-premise. He has a long history working as a privacy professional, […].

Risk 119

Risk 119

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

MAY 20, 2021

Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors.

123

123

CSO Magazine

MAY 20, 2021

CSO definition. A CSO is a departmental leader responsible for information security, corporate security or both. That's the simplest answer to the question "What is a CSO?", and one that our founding editor Derek Slater offered up to readers way back in 2005—heck, if there's one website you ought to be able to trust to tell you what a CSO is, it's CSOonline.

CSO 116

CSO CISO Information Security Technology 116

Threatpost

MAY 20, 2021

Company is using threat of attacks as defense in case brought against it by Epic Games after Fortnite was booted from the App Store for trying to circumvent developer fees.

Malware 116

Malware 116

Graham Cluley

MAY 20, 2021

The Colonial Pipeline attack has shone light on the activities of the Darkside ransomware gang, we take a skeptical look at cryptocurrencies and the blockchain, and Eufy security cameras suffer an embarrassing security failure. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Rory Cellan-Jones.

Cryptocurrency 111

Cryptocurrency Ransomware Technology Data breaches 111

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.