Schneier on Security

NOVEMBER 3, 2021

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands : Basically, it appears that anyone with $300 to spare can ­– or could, depending on whether Harvard successfully shuts down the practice — advertise nearly anything they wanted on Harvard.edu, in posts that borrow the university’s domain and prestige while making no mention of the fact that it in reality

Accountability 270

Accountability Advertising Scams 270

The Last Watchdog

NOVEMBER 3, 2021

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity 277

Cybersecurity Data breaches Mobile Internet 277

Javvad Malik

NOVEMBER 3, 2021

I’ve seen VC’s fund many security and tech startups. Lots of the ideas are rubbish, so I’ve come up with my own ideas that aren’t rubbish so VC’s can fund me instead. Don’t steal any of my ideas or I will sue you! Take a human skull and 3D print an eyeball on it, add Linux to the inside where the brain would be. Website uses photo of person looking out from screen with windows environment running, call this cyberSURVIVOR.

Cybersecurity 235

Cybersecurity 235

Tech Republic Security

NOVEMBER 3, 2021

Accenture's State of Cyber Resilience study also revealed key traits of cyber resilient leaders. The report found an average of 270 attacks per year per company.

177

177

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

NOVEMBER 3, 2021

Mobile phishing attacks targeting employees in the energy industry have risen by 161% compared to last year's (H2 2020) data, and the trend is showing no signs of slowing down. [.].

Mobile 134

Mobile Phishing 134

Tech Republic Security

NOVEMBER 3, 2021

Attackers will threaten to release confidential data that could affect a company's stock price to pressure them to pay the ransom, says the FBI.

Ransomware 185

Ransomware 185

Tech Republic Security

NOVEMBER 3, 2021

Positive Technology analysts found ready-made malware for any budget as well as the option to have a custom-build rootkit on Dark Web forums.

Technology 167

Technology Malware 167

Bleeping Computer

NOVEMBER 3, 2021

During the first day of Pwn2Own Austin 2021, contestants won $362,500 after exploiting previously unknown security flaws to hack printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR. [.].

Hacking 135

Hacking 135

Tech Republic Security

NOVEMBER 3, 2021

A new bad actor called Tortilla is running the campaign, and most affected users are in the U.S.

Ransomware 201

Ransomware 201

We Live Security

NOVEMBER 3, 2021

Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field. The post What’s it like to work as a malware researcher? 10 questions answered appeared first on WeLiveSecurity.

Malware 137

Malware Cybersecurity 137

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

NOVEMBER 3, 2021

Operators of the ransomware-as-a-service group are claiming that the project is closed and that their entire infrastructure will be turned off.

Ransomware 159

Ransomware 159

CyberSecurity Insiders

NOVEMBER 3, 2021

XDR is the rising star of new acronyms , but you might have to read a 1,000+ word long article to understand its value. Let’s try to do it briefly in about 300 words. X means to expand DR’s – Detection and Response – systems – to cover your entire attack surface, not just a portion of it. The current security operations are built on siloed noisy tools which create blind spots with high volume of alerts, which can cause alert fatigue.

Big data 136

Big data Marketing Cybersecurity 136

Tech Republic Security

NOVEMBER 3, 2021

SailPoint survey finds that younger workers also are more likely to use company email addresses for online shopping and subscriptions.

Phishing 157

Phishing 157

Bleeping Computer

NOVEMBER 3, 2021

?A new Steam phishing promoted via Discord messages promises a free Nitro subscription if a user links their Steam account, which the hackers then use to steal game items or promote other scams. [.].

Phishing 122

Phishing Scams Accountability 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

NOVEMBER 3, 2021

The security analyst is the backbone of a company’s day-to-day IT security. Whether they're monitoring network infrastructure for breaches and intrusions as part of a security operations center , performing internal security audits, or analyzing past breaches to find the root causes of network vulnerability, they work to keep the company's infrastructure locked down tight.

135

135

CyberSecurity Insiders

NOVEMBER 3, 2021

This blog was written by an independent guest blogger. Reversing binaries is an essential skill if you want to pursue a career as exploit developer, reverse engineer or programming. The GNU Project debugger is a widely used debugger for debugging C and C++ applications on UNIX systems. A debugger is a developer's best friend to figure out software bugs and issues.

Engineering 127

Engineering Software Threat Detection Cybersecurity 127

CSO Magazine

NOVEMBER 3, 2021

Attackers are now using more “interesting” platforms and methods to gain access to our networks, especially with cloud platforms. OneDrive, OneNote, SharePoint, and Sharefile can all host malicious files. Google and Amazon Web Services (AWS) also can host malicious sites. Repositories such as GitHub have recently been used to launch ransomware attacks.

Ransomware 126

Ransomware 126

Bleeping Computer

NOVEMBER 3, 2021

The UK Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a third-party organization that was managing the party's data. [.].

Data breaches 112

Data breaches Ransomware 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

NOVEMBER 3, 2021

Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations. The post Win one for privacy – Swiss providers don’t have to talk appeared first on WeLiveSecurity.

124

124

Graham Cluley

NOVEMBER 3, 2021

The BlackMatter ransomware group, which just a month or two ago was asking internet users to stop bombarding it with insults as it attempted to negotiate payments from its corporate victims, appears to have announced that it is now closing down its operations. Oh dear, what a shame, never mind.

Ransomware 122

Ransomware Internet Internet Malware 122

CyberSecurity Insiders

NOVEMBER 3, 2021

Killware that spells a doomsday for the entire humankind is a kind of malware that is developed to disrupt public infrastructure or health services claiming lives in some serious instances. Precisely speaking, it a new cyber threat that targets infrastructure that is essential for a living like power sector, aviation, banks, fuel supply, transport services, emergency responses like 911 servers, water utilities and food supply chain.

Cyber threats 122

Cyber threats Architecture Backups Malware 122

Security Affairs

NOVEMBER 3, 2021

The U.K. Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. The U.K. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. The party notified relevant authorities and members that some of their information was impacted by the security breach.

Data breaches 125

Data breaches Ransomware Authentication Hacking 125

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CyberSecurity Insiders

NOVEMBER 3, 2021

A sophisticated cyber attack launched on an IT firm serving UK’s Labour Party has reportedly leaked sensitive details related to members and supporters. Labor Party was informed about the incident on October 29th,2021 after which it review the situation and informed the media, National Crime Agency(NCA), National Cyber Security Centre(NCSC), and Information Commissioner’s Office (ICO).

Cyber Attacks 122

Cyber Attacks Identity Theft Encryption Media 122

Tech Republic Security

NOVEMBER 3, 2021

These four sample policies can help you protect your data by ensuring it's properly encrypted, stored safely, only accessible by certain people, and securely backed up.

Encryption 104

Encryption 104

Malwarebytes

NOVEMBER 3, 2021

In a security advisory , Mozilla’s announced that several security issues in its Firefox browser have been fixed. Several of these vulnerabilities were listed as having a high impact. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).

Encryption 113

Encryption Phishing Accountability 113

CSO Magazine

NOVEMBER 3, 2021

The UK Cyber Security Council is the self-regulatory body for the UK’s cybersecurity profession. It develops, promotes and stewards standards for cybersecurity in support of the UK Government’s national cybersecurity strategy. A key component of these aims is supporting cyber education, skills and career pathways in the UK.

Education 113

Education Cybersecurity 113

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

NOVEMBER 3, 2021

The BlackMatter ransomware gang announced it is going to shut down its operation due to pressure from law enforcement. The BlackMatter ransomware group has announced it is shutting down its operation due to the pressure from local authorities. The announcement was published on the Ransomware-as-a-Service portal operated by the group used by the network of affiliates of the gang.

Ransomware 116

Ransomware Cybercrime Healthcare Encryption 116

CyberSecurity Insiders

NOVEMBER 3, 2021

Security researchers from Lookout have discovered that some apps hosted on the Google Play Store and Samsung Galaxy Store are coming pre-loaded with Rooting Malware that allows hackers to take control of the device within no time and install additional malicious software that can prove devastating to any android smartphone user on an overall note. Named as AbstractEMU Rooting Malware allows the bad guys siphon sensitive data from the infected device and has the potential to transit it to remote

Malware 111

Malware Mobile Marketing Software 111

Bleeping Computer

NOVEMBER 3, 2021

A new version of a banking trojan known as Mekotio is being deployed in the wild, with malware analysts reporting that it's using a new, stealthier infection flow. [.].

Banking 100

Banking Malware 100

Security Affairs

NOVEMBER 3, 2021

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains. Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations. .

Cybercrime 111

Cybercrime VPN Ransomware Hacking 111

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.