Schneier on Security

JUNE 4, 2021

Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The forty or so attendees include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, des

Risk 309

Risk 309

Adam Levin

JUNE 4, 2021

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. . According to the company’s website, “ExaGrid offers a unique approach to ensure that attackers cannot compromise the backup data, allowing organizations to be confident that they can restore the affected primary storage and avoid paying ugly ransoms.

Ransomware 289

Ransomware Backups Insurance Healthcare 289

Tech Republic Security

JUNE 4, 2021

This guide covers the Colonial Pipeline attack, WannaCry, Petya and other ransomware attacks, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom in the event of an infection.

Ransomware 216

Ransomware 216

Adam Shostack

JUNE 4, 2021

The Supreme Court has ruled in the van Buren case, and there’s a good summary on the EFF’s blog: “The decision is a victory for all Internet users, as it affirmed that online services cannot use the CFAA’s criminal provisions to enforce limitations on how or why you use their service…” As I said at the time , I was honored to be a part of EFF’s amicus brief in this case.

Internet 130

Internet Internet 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 4, 2021

A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. [.].

Malware 143

Malware Internet Internet 143

Security Affairs

JUNE 4, 2021

Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724 , that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and

Hacking 140

Hacking Information Security Cybersecurity 140

Hot for Security

JUNE 4, 2021

Google announced that it’s strengthening the security of its Chrome browser by extending the functionality of Enhanced Safe Browsing to let users filter out malicious extensions. One of Google Chrome’s strengths is the ability to install extensions to improve the user experience. Users can also manually install extensions, from outside the official store, expopsing themselves to possible malware.

Malware 136

Malware 136

Bleeping Computer

JUNE 4, 2021

The US Department of Justice announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization. [.].

Malware 135

Malware Cybercrime 135

Security Boulevard

JUNE 4, 2021

As we look back on May, it’s clear that adversaries across the globe were rampant — from the ransomware attack of the Colonial Pipeline in the U.S. to the Conti ransomware attack of the Health Service Executive (HSE) in Ireland. Meanwhile, on May 27, Microsoft announced that Nobelium, the threat actor behind the SolarWinds attacks, hacked into the Constant Contact account of the United States Agency for International Development (USAID).

Ransomware 132

Ransomware Accountability Hacking 132

Security Affairs

JUNE 4, 2021

Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware. Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server.

Internet 135

Internet Internet Ransomware Encryption 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JUNE 4, 2021

Technology continues to improve, but so do the hackers. It’s become vital for both journalists and PR specialists to take their digital privacy seriously. The post Digital Privacy Tips for Journalists and PR Specialists appeared first on Security Boulevard.

Technology 131

Technology 131

Bleeping Computer

JUNE 4, 2021

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [.].

Internet 130

Internet Internet 130

Security Boulevard

JUNE 4, 2021

This week meat lovers around the globe were very distressed after learning that massive food processing company, JBS, was attacked on Sunday. The post Cybersecurity News Round-Up: Week of May 31, 2021 appeared first on Security Boulevard.

Cybersecurity 129

Cybersecurity 129

Bleeping Computer

JUNE 4, 2021

JBS, the world's largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend. [.].

Ransomware 125

Ransomware 125

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JUNE 4, 2021

Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects. There are two major types of malicious redirects: server-side redirects and client-side redirects.

Hacking 125

Hacking Scams Malware 125

Tech Republic Security

JUNE 4, 2021

Expel for Microsoft alerts and responds to the Microsoft-specific vulnerabilities attackers typically exploit.

143

143

Security Boulevard

JUNE 4, 2021

The White House put the private sector on notice Thursday, June 3, 2021, demanding that organizations bolster security to meet increasingly aggressive and disruptive cybersecurity threats and urged them to “immediately convene their leadership teams” to “review corporate security posture and business continuity plans.” “All organizations must recognize that no company is safe from being.

Ransomware 123

Ransomware Cybersecurity Risk Government 123

We Live Security

JUNE 4, 2021

New ESET Threat Report is out – How to deal with online trolls – Teens, beware these 5 common scams. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Scams 123

Scams Threat Reports 123

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 4, 2021

According to the United Nations Security Council’s Panel of Experts on Libya, military drones used in a March 2020 skirmish between the Libyan government and a breakaway military faction operated in a “highly effective” autonomous mode whereby they hunted enemy soldiers on their own. “The lethal autonomous weapons systems were programmed to attack targets without requiring data connectivity between the operator and the munition: in effect, a true ‘fire, forget and find’ capability,” wrote the UN

Government 123

Government 123

TrustArc

JUNE 4, 2021

On June 4th, the European Commission has announced the adoption of the long-awaited new Standard Contractual Clauses (SCCs). The model contracts are intended to facilitate cross-border transfers of personal data between entities within the European Union (EU) plus Norway, Iceland and Liechtenstein (altogether, the European Economic Area, EEA), to entities in other countries (so-called third […].

122

122

Bleeping Computer

JUNE 4, 2021

Ransomware has continued to be part of the 24-hour news cycle as another significant attack against critical infrastructure took place this week. [.].

Ransomware 129

Ransomware 129

SC Magazine

JUNE 4, 2021

A sign is displayed at the Google outdoor booth during exhibitor setups for CES 2020 at the Las Vegas Convention Center in Las Vegas, Nevada. (Photo by Mario Tama/Getty Images). Google on Thursday announced additional new features to help Enhanced Safe Browsing users make better choices when they install extensions from the Chrome Web Store. The tech giant also will offer added protections against downloading malicious files on the web.

Phishing 116

Phishing Data breaches Cyber threats Media 116

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

JUNE 4, 2021

Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers.

Hacking 116

Hacking Government 116

Bleeping Computer

JUNE 4, 2021

The recent ransomware attack on Colonial Pipeline inspired a threat actor to create create a new phishing lure to trick victims into downloading malicious files. [.].

Phishing 118

Phishing Ransomware 118

Security Boulevard

JUNE 4, 2021

In the ongoing “war” between Facebook and Apple over privacy, Apple’s new operating system, iOS 14.5 contains a feature that most people assumed—incorrectly—was already part of the operating system; the ability to choose which apps collected and shared personal information about them. For a long time, Apple OS users have had the ability to tweak. The post The High Cost of Privacy By Default appeared first on Security Boulevard.

Data privacy 112

Data privacy Cybersecurity 112

Security Affairs

JUNE 4, 2021

Operators behind the Necro Python botnet have added new features to their bot, including VMWare and server exploits. Experts from Cisco Talos have recently observed a new Necro Python bot campaign and noticed that its developers have improved its capabilities. The Necro Python bot, aka FreakOut, has been in development since 2015 and early this year researchers from Check Point and Netlab 360 have provided details about its activity.

Malware 115

Malware Passwords DDOS IoT 115

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JUNE 4, 2021

The problem of fake reviews in the Google Chrome extensions store is bigger than it seems, new analysis shows. The post Chrome Fake Reviews: It’s Worse than We Thought appeared first on Security Boulevard.

Social Engineering 112

Social Engineering Authentication Security Awareness Engineering 112

Hot for Security

JUNE 4, 2021

Security researchers have identified a vulnerability in the Fancy Product Designer plugin for WordPress that attackers are using right now in the wild, allowing them to upload malware to websites that use the plugin. Countless malware campaigns use vulnerable websites to distribute compromised files or extract data. One way attackers do this is by taking control of websites that harbor a vulnerability, like the one in the Fancy Product Designer plugin.

Malware 111

Malware 111

PCI perspectives

JUNE 4, 2021

The PCI SSC offers a range of ?training and certification programs ?to support businesses in their payment security efforts.?To help support the Council’s mission to educate and meet the needs of payment industry professionals, PCI SSC has recently launched a digital badging program. We talk with Travis Powell, Director of Training Programs, to learn more about this new program.

Education 111

Education 111

Hot for Security

JUNE 4, 2021

As countries across the globe ease Covid-19 restrictions for travel, consumers are preparing for a much-anticipated summer vacation. However, as the hospitality sector is off to a steady reboot, it’s not just vacationers who are excited about the prospects of relaxing at a beachside villa. Fraudsters and scammers are in full attack mode as they prepare this year’s arsenal of fake booking websites and holiday offers to steal personal information and money from holidaymakers looking fo

Social Engineering 111

Social Engineering Engineering Advertising Media 111

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.