Troy Hunt

JUNE 14, 2021

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on the Finnish government. Finland is now the 5th Nordic country and 21st national CERT to be onboarded with many more from around the globe to be announced shortly.

Government 358

Government Data breaches 358

Schneier on Security

JUNE 14, 2021

This is a current list of where and when I am scheduled to speak: I’ll be part of a European Internet Forum virtual debate on June 17, 2021. The topic is “Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?” I’m speaking at the all-online Society for Philosophy and Technology Conference 2021 , June 28-30, 2021.

Internet 251

Internet Internet Encryption Technology 251

Tech Republic Security

JUNE 14, 2021

Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.

166

166

Schneier on Security

JUNE 14, 2021

This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained.

Data collection 330

Data collection Media 330

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 14, 2021

US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang, which claims to be auctioning data stolen during the attack. [.].

Ransomware 145

Ransomware 145

Security Boulevard

JUNE 14, 2021

$4.4 million. That’s how much ransom Colonial Pipeline paid recently after a ransomware attack crippled the company’s computers, forcing it to shut down 5,500 miles of its gas pipeline, sending the Southeast into an almost overnight gas shortage. The post Ransomware Attacks Increasing: Tips to Keep Your Organization Safe | Apptega appeared first on Security Boulevard.

Ransomware 145

Ransomware Risk Government Cybersecurity 145

Security Boulevard

JUNE 14, 2021

A nasty vulnerability in most Linux distributions is raising eyebrows among the penguinistas. The post Who, Us? Linux Root Bug Quietly Added 7 Years Ago appeared first on Security Boulevard.

Cybersecurity 145

Cybersecurity 145

Graham Cluley

JUNE 14, 2021

The head of the UK's National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. And says ransomware gangs "are often enabled and facilitated by states acting with impunity." Read more in my article on the Tripwire State of Security blog.

Ransomware 140

Ransomware Cybersecurity Malware 140

Security Boulevard

JUNE 14, 2021

In this post, we'll look at a campaign, that targeted multiple 3D or digital artists using NFT, with malware named RedLine. This malware is a so called "infostealer" or "information stealer" that is capable of extracting sensitive data from your machine (such as wallet information, credentials, and so on). As a side-note; NFTs, or non-fungible tokens, are digital tokens tied to assets that can be bought, sold and traded.

Antivirus 142

Antivirus Accountability Malware Passwords 142

CyberSecurity Insiders

JUNE 14, 2021

1.) Chinese intelligence-backed hacking group APT41 has given a hint that its hackers were behind the cyberattacks launched on Air India and SITA-the IT and Telecom solutions provider to the air travel industry. In both incidents, vital data belonging to passengers was accessed and stolen by hackers last month. And the stolen information includes ticket sales-related data, passport info of some passengers, contact data, date of birth, names, and hotel lodging details of frequent flyers.

Cyber Attacks 139

Cyber Attacks Computers and Electronics Healthcare Threat Detection 139

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 14, 2021

Japanese multinational conglomerate Fujifilm says that it has resumed normal business and customer operations following a ransomware attack that forced it to shut the entire network on June 4. [.].

Ransomware 140

Ransomware 140

CyberSecurity Insiders

JUNE 14, 2021

Executive summary. AT&T Alien Labs has observed the Mirai variant botnet, known as Moobot, scanning for known but uncommon vulnerabilities in Tenda routers, resulting in a considerable peak in our internal telemetry. The research associated with this peak resulted in the discovery of a malware hosting domain, providing several different Mirai variants, like Moobot and Satori.

Malware 136

Malware Cybersecurity Threat Detection Cyber threats 136

The Hacker News

JUNE 14, 2021

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4, comes with three security fixes, including a memory corruption issue in the ASN.

Engineering 133

Engineering 133

Bleeping Computer

JUNE 14, 2021

Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan (RAT) capable of stealing the victims' sensitive info and backdooring their systems. [.].

Malware 135

Malware 135

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Hot for Security

JUNE 14, 2021

Consumers are sometimes skeptical about warnings that smartphones face just as many security threats as regular computers. While some security experts might seem over-zealous shouting about the dangers, the vast majority of warnings about mobile security threats are indeed justified. Just because our phones are not tethered physically to a network doesn’t mean they’re safe from cyber threats.

Mobile 132

Mobile Malware Spyware Media 132

CSO Magazine

JUNE 14, 2021

It’s no secret that the scope and severity of ransomware attacks are on the rise. Yet, what often flies under the radar of small and medium-size businesses (SMBs) is that the target is not only larger enterprises. An overwhelming 85% of managed service providers (MSPs) report attacks against SMBs. Yet, remarkably, only 28% of SMBs are concerned about ransomware.

Ransomware 129

Ransomware 129

The Hacker News

JUNE 14, 2021

In response to malicious actors targeting US federal IT systems and their supply chain, the President released the "Executive Order on Improving the Nation’s Cybersecurity (Executive Order)." Although directed at Federal departments and agencies, the Executive Order will likely have a ripple effect through the Federal technology supply stream.

Cybersecurity 124

Cybersecurity Technology 124

CSO Magazine

JUNE 14, 2021

Protecting systems and devices has never been more challenging. Attack surfaces continue to expand and cybercriminals use increasingly sophisticated methods to gain entry into organizations. It’s a mistake to think that small and medium-sized businesses (SMBs) aren’t in the crosshairs. While news headlines focus on high-profile ransomware attacks, the damage and destruction that small and medium-sized businesses incur is significant.

Ransomware 126

Ransomware 126

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Heimadal Security

JUNE 14, 2021

McDonald’s, the world’s largest restaurant chain by revenue, recently revealed that it was the target of a security breach. What Happened? On Friday, the burger chain said it hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week […].

Data breaches 124

Data breaches Cybersecurity 124

Malwarebytes

JUNE 14, 2021

One year ago, as countless employees settled into new routines for working from home (WFH), a Reddit user shared a video online of a strange contraption: A wire coat hanger bent out of shape, one side gripping an external USB mouse, the other side latched onto an oscillating fan. As the fan swished left and then right, so, too, did the USB mouse. What was the point?

Surveillance 118

Surveillance Software Hacking Cybersecurity 118

Heimadal Security

JUNE 14, 2021

The change comes just after the recent Codecov supply-chain incident that lasted two months. The attackers altered the Codecov Bash Uploader so it can collect sensitive credentials from customer CI/CD environments. The new platform recently introduced is currently supporting Windows, Linux, and macOS operating systems. NodeJS uploader Will Replace the Bash Uploader Codecov has launched a beta release of its […].

Cybersecurity 120

Cybersecurity 120

Identity IQ

JUNE 14, 2021

Employment scammers try to trick job seekers using the same methods that real employers do – with job ads online, in newspapers and even on TV or radio. They may even reach out to individuals directly via email, phone or social media. These scammers dangle the carrot of employment, but they actually want to get their hands on your money or personal information.

Scams 116

Scams Banking Accountability Media 116

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Heimadal Security

JUNE 14, 2021

Sol Oriens, a small U.S. nuclear weapons contractor, has confirmed it has been affected by a cyberattack that specialists say came from the tenacious REvil aka Sodinokibi Ransomware-as-a-Service (RaaS) group and resulted in data theft. The subcontractor for the U.S. Department of Energy (DOE) that works on nuclear weapons with the National Nuclear Security Administration (NNSA) declared […].

Ransomware 119

Ransomware Cybersecurity 119

Security Boulevard

JUNE 14, 2021

A few days ago, SC magazine published an article reporting that TeamTNT – a hacker group that became notorious about a year ago for targeting the unencrypted credentials of AWS IAM identities – is now targeting 16 more applications, including Google Cloud. If that weren’t bad enough, the new SC report suggests the group is […]. The post TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements appeared first on Ermetic.

116

116

Threatpost

JUNE 14, 2021

Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.

Phishing 116

Phishing Ransomware Risk 116

Security Boulevard

JUNE 14, 2021

The global pandemic has accelerated business transformation far past the cloud tipping point and uncovered severe and far-reaching implications for security teams, according to an Enterprise Strategy Group (ESG) survey of 500 IT and security personnel in North America and Europe. The vast majority—90%—of organizations surveyed said they have increased their use of public cloud.

Security Awareness 111

Security Awareness Software Cybersecurity 111

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

JUNE 14, 2021

Apple released an out-of-band iOS update for older iPhones and iPads and warned that threat actors are actively exploiting two flaws in WebKit. Apple released an out-of-band iOS update ( iOS 12.5.4 patch ) for older iPhones and iPad, the IT giant also warned that some vulnerabilities affecting its WebKit may have been actively exploited. WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all iOS web browsers.

Engineering 108

Engineering Hacking Information Security Cybersecurity 108

Security Boulevard

JUNE 14, 2021

Data classification tools not only help organizations to protect their data, they also help users understand how to treat different types of data with different levels of sensitivity. Automation plays a central role in data governance and helps to maintain the required balance between technology and people-focused training to achieve an inclusive security culture.

Government 111

Government Technology 111

SC Magazine

JUNE 14, 2021

Seen here, Comparitech’s ransomware map. Human-powered gangs remain the most dangerous and insidious threat on the ransomware front, but a newly introduced map feature serves as a reminder that there is still a wide array of automated campaigns designed to serve up ransomware as well. Updated on a daily basis, the map , from Comparitech, visualizes attempted ransomware attacks around the world over the past three weeks, showing the geolocations of publicly accessible, compromised IPs runni

Ransomware 106

Ransomware CISO Media Encryption 106

Security Boulevard

JUNE 14, 2021

At Akamai, our mission is to make application and API security highly effective and easy. As part of that effort, we are excited to announce the Adaptive Security Engine -- a new core technology powering Akamai's application and API protection offerings, designed to enable a hands-off approach to protecting web applications and APIs with the highest degree of confidence.

Engineering 107

Engineering Technology 107

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.