Schneier on Security
MARCH 18, 2022
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake.
Tech Republic Security
MARCH 18, 2022
If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide about salaries, job markets, skills and common interview questions in the field, as well as the top security software. The post How to become a cybersecurity pro: A cheat sheet appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
MARCH 18, 2022
Cloud security management issues are increasing the flood of false positive alerts and missed critical issues and contributing to higher burnout rates for IT teams. These were among the findings of an Orca Security survey of 800 IT professionals across five countries and 10 industries, which revealed more than half (55%) of respondents use three. The post Cloud Security Tool Sprawl Draining IT Teams appeared first on Security Boulevard.
Tech Republic Security
MARCH 18, 2022
Just when you thought you knew what phishing perils to watch out for, along comes a new spin: consent phishing. Here’s a look at this latest cybersecurity threat. The post Consent phishing: Top 5 things you should know appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
MARCH 18, 2022
Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. [.].
Security Boulevard
MARCH 18, 2022
In May 2021, the U.S. national gas price average hit its highest level in six years. The cause: A ransomware attack on fuel distribution company Colonial Pipeline, made possible by the most common kind of attack—misused or stolen credentials. A stolen password belonging to a legacy VPN account led to the company paying a ransom. The post Zero-Trust’s Foundation is Identity and Access Management appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
MARCH 18, 2022
Cyber Attackers Tap Cloud Native Technologies in Russia-Ukraine War. brooke.crothers. Fri, 03/18/2022 - 16:58. 13 views. Aqua said it gathered data from public repositories that contain code and tools for targeting cyber-aggression on both sides of the conflict. Then it analyzed container images in Docker Hub and popular code libraries and software packages (including PyPI, NPM, Ruby), searching for names and text labels that called for action against either side.
CyberSecurity Insiders
MARCH 18, 2022
Unconfirmed sources from EU Aviation Safety Agency (EASA) state that Russia has started influencing satellites that is showing a direct impact on the aviation industry as several aircraft had to be rerouted while in Eastern Finland, the Black Sea, eastern Mediterranean, and Kaliningrad. Such instances started on February 28th this year and could be an effect of Global Navigation Satellite System (GNSS) jamming or influence on Satellites by Russian cyber warfare.
Bleeping Computer
MARCH 18, 2022
TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a extortion demand not to release stolen data. [.].
CSO Magazine
MARCH 18, 2022
Is the time right for a unified lexicon of known tactics, techniques and procedures (TTP) used by insiders who opt to break trust with their employers? MITRE thinks so and has positioned itself to serve as the locus for insider threat knowledge. In mid-February, MITRE Engenuity’s Center for Threat Informed Defense, supported by a phalanx of multi-sector powerhouses including Citigroup Technology, Microsoft, Crowdstrike, Verizon, and JP Morgan Chase, published their Design Principles and Methodol
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
MARCH 18, 2022
Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.
Malwarebytes
MARCH 18, 2022
Recently, a fake Instagram email successfully bypassed Google’s email filters and made it into hundreds of employee inboxes used by a prominent US life insurance company based in New York. This was revealed in a report by Armorblox , a cybersecurity company specializing in stopping business email compromise (BEC) campaigns. According to its threat research team, the spoofed email originated from “lnstagram Support” with the email address, membershipform@outlook.com.tr.
Bleeping Computer
MARCH 18, 2022
Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom. [.].
eSecurity Planet
MARCH 18, 2022
Many security professionals think that if they have done the hard work of securing their organization, that should be enough. There is, however, a next step: Documenting policies. Even though drafting IT security policies can be a pain, formal policies provide a valuable resource to protect both the IT team and their organization. In this article, we’ll briefly touch on what policies are; tips for writing them; and the advantages policies provide for compliance, transitions, and IT team liabilit
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
MARCH 18, 2022
As war in Ukraine rages, new destructive malware continues to be discovered. In this short blog post, we will review IsaacWiper and CaddyWiper, two new wipers that do not have much in common based on their source code, but with the same intent of destroying targeted Ukrainian computer systems. IsaacWiper. IsaacWiper was one of the artifacts security company ESET reported to be targeting Ukraine.
Threatpost
MARCH 18, 2022
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.
The Hacker News
MARCH 18, 2022
Google's Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.
Security Boulevard
MARCH 18, 2022
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Heimadal Security
MARCH 18, 2022
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) announced yesterday that they are aware of potential threats to satellite communication (SATCOM) networks in the United States and around the world. The security advisory issued yesterday also notified US critical infrastructure entities about the risk of SATCOM providers’ customers being […].
The Hacker News
MARCH 18, 2022
An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups.
Malwarebytes
MARCH 18, 2022
It’s been a long time coming. The worry over deepfake technology being used during times of major upheaval has been alluded to frequently over the last couple of years. The buildup to the US election was peppered by “any moment now…” style warnings of dramatic and plausible deepfake deployment. In the end, what we got was very little to write home about.
Heimadal Security
MARCH 18, 2022
Social engineering is a term that first emerged in social sciences, somewhat akin to the direct intervention of scientists on human society. The term ‘social engineer’ was first coined in 1894 by Van Marken, in order to highlight the idea that for handling human problems, professionals were needed. Just like you can’t solve technical issues […].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
MARCH 18, 2022
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.
Security Affairs
MARCH 18, 2022
TIM Red Team Research (RTR) researchers discovered a new flaw on Ericsson Network Manager, aka Ericsson flagship network product. TIM Red Team Research (RTR) team discovered a new vulnerability affecting Ericsson Network Manager, which is known as Ericsson flagship network product. Ericsson Network Manager and network OSS. As mentioned, we’re talking about an Ericsson flagship network product, it enables mobile radio network management, and their related evolutions , ensuring the conventional ou
We Live Security
MARCH 18, 2022
Cyberattacks against data centers may ultimately be everyone's problem – how prepared are their operators for the heightened risk of cyber-assaults? The post Defending the data center: The time to act is now appeared first on WeLiveSecurity.
Security Affairs
MARCH 18, 2022
Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Google’s Threat Analysis Group (TAG) researchers uncovered cyberespionage operations conducted by the Chinese People’s Liberation Army (PLA) and other China-linked APT groups and that targeted Ukraine’s government to gather info on the ongoing conflict.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
We Live Security
MARCH 18, 2022
ESET Research finds another data wiper in Ukraine – Securing data centers against threats – A cultural divide between the military and Silicon Valley. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Bleeping Computer
MARCH 18, 2022
Microsoft has released a new Windows 11 build with a long list of changes, improvements, fixes for known issues, available for all Windows Insiders that will install the Windows 11 Insider Preview Build 22579 pushed to the Dev Channel. [.].
WIRED Threat Level
MARCH 18, 2022
Members of the Conti ransomware group may act in Russia’s interest, but their links to the FSB and Cozy Bear hackers appear ad hoc.
Malwarebytes
MARCH 18, 2022
The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. This group has specialized itself as an initial access broker, which means they find a vulnerability in an organization’s defenses, exploit that vulnerability, and sell the access to the victim’s network to an interested party, several times over with different victims.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
261 
Let's personalize your content