Tue.Jun 08, 2021

article thumbnail

Expanding the Have I Been Pwned Volunteer Community

Troy Hunt

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ? Many people certainly noticed the time because I kept getting asked when it was actually going to happen.

Passwords 344
article thumbnail

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into comp

Backups 283
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Top 5 things to know about medical data security

Tech Republic Security

Medical data is a valuable commodity—one that needs to be protected from cybersecurity threats. Tom Merritt lists five things to know about medical data security.

article thumbnail

A Look into Chuck Brooks’s Alarming Cybersecurity Stats

Security Boulevard

2020 will be remembered most as the year the world was swept up in the COVID pandemic. Dig a little deeper and you’ll find another alarming news story: 2020 was a record breaking year on the Cybersecurity front. There was more data lost in breaches and a higher number of cyber attacks than ever before. The post A Look into Chuck Brooks’s Alarming Cybersecurity Stats appeared first on Security Boulevard.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Top 5 things to know about medical data security

Tech Republic Security

Medical data is a valuable commodity—one that needs to be protected from cybersecurity threats. Tom Merritt lists five things to know about medical data security.

article thumbnail

Applying the New SCCs – International Transfers Defined?

TrustArc

For almost five years, privacy professionals have been breaking their heads over what to do with international transfers of personal data originating in the European Union. The two Schrems decisions of the Court of Justice of the European Union (CJEU) have brought some clarity – we now know that no international transfer may undermine the […].

145
145

More Trending

article thumbnail

Malicious Life Podcast: Inside the DarkSide Colonial Pipeline Attack

Security Boulevard

On Friday, May 7th, 2021, Colonial Pipeline suffered a cyberattack that forced the company to shut down its operations. As a result, gasoline outages were reported across the U.S. East Coast. The post Malicious Life Podcast: Inside the DarkSide Colonial Pipeline Attack appeared first on Security Boulevard.

article thumbnail

Criminal networks smashed after using “secure” chat app secretly run by cops

Hot for Security

The Australian Federal Police (AFP) has revealed that it was able to decrypt and snoop on the private messages sent via a supposedly secure messaging app used by criminals… because the app was actually the brainchild of the FBI. At a press conference , AFP commissioner Reece Kershaw described how the idea of “AN0M” – a backdoored messaging app – was dreamt up by members of the FBI and AFP over a few beers after the shutdown in 2018 of “Phantom Secure,” an encr

article thumbnail

PuzzleMaker attacks with Chrome zero-day exploit chain

SecureList

On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges.

Malware 145
article thumbnail

RockYou2021: The Mother Lode of Password Collections Leaks 8.4 Billion Passwords Online

Hot for Security

The most extensive data leak collection to date, dubbed ‘RockYou2021’, was dumped on popular hacking forums earlier this month. According to a CyberNews report , a forum user posted a 100GB text file with 8.4 billion password entries, presumably obtained from previous data leaks and breaches. Despite the author’s claims that the document contains 82 billion passwords, researchers noted that the “actual number turned out to be nearly ten times lower – at 8,459,060,239 uniq

Passwords 145
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How Putting Risk First in Cybersecurity is Driving IRM Adoption

Security Boulevard

Risk management has developed significantly from when it was first introduced. In the 16th and 17th centuries, notions of risk management evolved into something more akin to how we see it in the cybersecurity landscape today. The amount of risk for voyages would be weighed and calculated, and at the end of the day, someone would decide whether the complex risk environment was worth the possibility of losing the entire shipment or if the risk was acceptable enough to take the gamble on the produc

Risk 145
article thumbnail

FBI uses ANOM App to capture more than 800 criminals worldwide

CyberSecurity Insiders

In what is supposed to be a mobile-based sting operation conducted by the United States Federal Bureau of Investigation (FBI) in association with Australian Police, information is out that it led to the arrest of more than 800 criminals that includes 72 most wanted criminals involved in drug mafia, cryptocurrency mining, distribution of ransomware and some X-rated crime involving children. .

article thumbnail

DOJ Accessed Darkside’s Crypto Wallet and Seized $2.27 Million from Pipeline Hackers

Hot for Security

The US Department of Justice (DOJ) has seized more than half of Colonial Pipeline’s $4.4 million ransom payment towards the infamous cybercriminal group known as Darkside. According to a press release posted on June 7, the FBI recovered $2.27 million from a cryptocurrency account used by the hackers. Federal investigators managed to track down the payment of 63.7 bitcoin as it moved through the cryptocurrency ecosystem in multiple anonymous transfers.

article thumbnail

Ransomware attack on New York Law Department

CyberSecurity Insiders

A state-funded cyber attack has led to the New York Law Department hack disrupting legal proceedings from Saturday last week. And sources confirm that the disruption was caused by file-encrypting malware i.e. ransomware and it might take some time for the department to pull back the operations to normalcy. Since most of the records are digitalized; the attorneys are not in a position to retrieve data for knowledge.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

FBI and AFP created a fake encrypted chat platform to catch criminals

Bleeping Computer

In the largest and most sophisticated law enforcement operations to date, a joint international law enforcement created a fake end-to-end encrypted chat platform designed solely to catch criminals. [.].

article thumbnail

CSPM explained: Filling the gaps in cloud security

CSO Magazine

Every week brings another report of someone leaving an unsecured online storage container filled with sensitive customer data. Some are astounding in terms of severity, such as what happened in November 2020, when more than 10 million files containing travel-related data was exposed from an improperly configured AWS S3 bucket. And it can happen to anyone: A misconfigured storage container on Azure was found to be Microsoft’s own responsibility in early May.

133
133
article thumbnail

Apple's WWDC 2021: Five new privacy features announced

Tech Republic Security

Brandon Vigliarolo talks to Karen Roby about the new privacy features that Apple revealed during the keynote of WWDC 2021.

147
147
article thumbnail

Cobalt Strike 2021 – Analysis of Malicious PowerShell Attack Framework

Quick Heal Antivirus

Cobalt Strike is a widespread threat emulation tool. It is one of the most powerful network attack tools. The post Cobalt Strike 2021 – Analysis of Malicious PowerShell Attack Framework appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Malware 131
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

"IT burden" and cybersecurity "trade-offs" take center stage in a new digital collaboration survey

Tech Republic Security

Over the last year, companies around the world have adopted remote work policies, presenting organizations and IT teams with no shortage of challenges.

article thumbnail

Magic in Cybersecurity: Magic links to replace the password

CyberSecurity Insiders

This blog was written by an independent guest blogger. These days, magic links are in the air. They are becoming an intriguing means to strengthen digital security without inconveniencing users. This article discusses magic links, their magical function, and their potential benefits for a corporation. Magic links. Magic links are authorized URLs that carry a token which grants accessibility to a particular user.

Passwords 130
article thumbnail

A Microservice Overdose: When Engineering Trends Meet the Startup Reality

Security Boulevard

Engineering in startups is different. With lower product maturity, fewer resources, and less certainty about the future, startups have a whole bunch of constraints that must be taken into account when designing the product’s architecture and engineering procedures. Simply sticking to the latest engineering trends – will not necessarily be ideal for startups, and might … Continued.

article thumbnail

VERT Threat Alert: June 2021 Patch Tuesday Analysis

The State of Security

Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th. In-The-Wild & Disclosed CVEs CVE-2021-31955 This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor […]… Read More.

126
126
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Best Practices for Ransomware Defense

Security Boulevard

Ransomware has the potential to destroy business data, cause millions of dollars in revenue loss, ruin your business’ reputation and sully your brand. Such an attack erodes trust, and customers will leave en masse. Investing in security may seem expensive, but the true cost of a successful ransomware attack hugely outweighs this expense. Security is.

article thumbnail

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The US Federal Bureau of Investigation (FBI), the Dutch National Police (Politie), and the Swedish Police Authority (Polisen), along with the US Drug Enforcement Administration (DEA) and police from 16 other countries have carried out with the support of Europol a joint operation against criminal activities worldwide.

article thumbnail

DOJ Recovers $2.3M in Bitcoin Ransom Paid by Colonial Pipeline

Security Boulevard

Investigators recovered $2.3 million in bitcoin paid by the Colonial Pipeline Company to DarkSide following a ransomware attack in early May. On June 7, the Department of Justice (DOJ) revealed that law enforcement agencies had been tracking transfers of bitcoin when they spotted the movement of 63.7 bitcoins associated with the Colonial Pipeline Company’s ransom payment.

article thumbnail

GAO calls out US government agencies: Get your supply chain security act together

CSO Magazine

In December 2020, the US Government Accounting Office (GAO) made 145 recommendations to 23 federal agencies relating to supply chain risks. In May 2021, the GAO’s director of information technology and cybersecurity, Vijay A. D’Souza, testified before Congress on supply chain risks. His testimony was not pretty and highlighted that “none of the 23 reviewed agencies had fully adopted identified practices to reduce supply chain risks.” [ Learn the 7 keys to better risk assessment. | Get the latest

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

IT Service Desk Security a Weak Point for Organizations

Security Boulevard

IT service desks are a security weak point for many businesses, with nearly half of organizations lacking a user verification policy for incoming calls. This was just one of the findings of a Specops Software survey of more than 200 IT leaders from the public and private sectors in North America and Europe. For the. The post IT Service Desk Security a Weak Point for Organizations appeared first on Security Boulevard.

Software 120
article thumbnail

GitHub Improves Policies to Better Distinguish Malware or Vulnerability Research from the Rest

Hot for Security

Following a public debate, GitHub changed its policies regarding exploits, malware and vulnerability research so that the company’s position is much clearer when it comes to action and its responsibilities. There’s no denying that GitHub’s usefulness far outweighs that of the potential harm that it can generate. The platform’s often been used in various malware campaigns, but GitHub is trying to change some policies to allow users, researchers and the platform itself to m

Malware 119
article thumbnail

TrickBot indictment reveals the scale and complexity of organized cybercrime

Malwarebytes

Back in 2016, we saw the emergence of a botnet mainstay called TrickBot. Initially observed by our Labs team spreading via malvertising campaigns , it quickly became a major problem for businesses everywhere. Whether spread by malvertising or email spam, the end result was the same. Data exfiltration and the threat of constant reinfection were the order of the day.

article thumbnail

Will New Executive Order on Cybersecurity Fast Track Zero Trust?

Security Boulevard

On May 12, US President Biden issued a landmark executive order on Improving the Nation’s Cybersecurity that signals the need for governments and enterprises alike to boost their cyber defenses around the principles of zero trust in their fight against cybercrime. In the wake of recent high-profile attacks such as the Colonial Pipeline incident and the SolarWinds breach, this expansive initiative lays the foundation for new cybersecurity best practices, increased communication between federal an

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.