Wed.Nov 23, 2022

article thumbnail

Get Pwned, for 30% Less!

Troy Hunt

We've had great feedback from people who have gotten Pwned. Loads of people had told us how much they've enjoyed it and would like to get their friends Pwned too. Personally, I think everyone should get Pwned! Which is why we're making it possible for 30% less 😊 Ok, being more serious for a moment, I'm talking about Pwned the book which we launched a couple of months ago and it's chock full of over 800 pages worth of epic blog posts and more importantly, the stor

211
211
article thumbnail

The US Has a Shortage of Bomb-Sniffing Dogs

Schneier on Security

Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs : Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness. The GOA says that as of February the US federal government had approximately 5,100 working dogs, including detection dogs, across three federal agencies.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Top 6 security risks associated with industrial IoT

Tech Republic Security

Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.

IoT 192
article thumbnail

‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook

Security Boulevard

Some incredibly personal details are being sent to Facebook, without your consent, using the “Meta Pixel.”. The post ‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

DDoS protection from OVHcloud

Tech Republic Security

Distributed denial-of-service protection from OVHcloud takes the complexity out of avoiding denial of service attacks for your business. The post DDoS protection from OVHcloud appeared first on TechRepublic.

DDOS 147
article thumbnail

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users. Apple collects both DSID and Apple ID, which means that it can use the former to identify the user and retrieve associated personal information, including full name, phone number

Hacking 136

More Trending

article thumbnail

Bahamut cybermercenary group targets Android users with fake VPN apps

We Live Security

Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram. The post Bahamut cybermercenary group targets Android users with fake VPN apps appeared first on WeLiveSecurity.

VPN 127
article thumbnail

Backdoored Chrome extension installed by 200,000 Roblox players

Bleeping Computer

Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform. [.].

131
131
article thumbnail

Russia stole the passwords of 50 million users

CyberSecurity Insiders

For the past seven to eight months, we have been constantly reading or listening to Russia’s negative involvement in cybersecurity. Now, the latest that has been published by Group-IB claims Moscow’s involvement in the password stealing of over 50 million users. Yes, according to a report compiled after analyzing over 34 telegram groups’ involvement in cybercrime, researchers from Group-IB have confirmed the involvement of hacking groups linked to the Kremlin stealing 50m passwords from about 89

Passwords 127
article thumbnail

Identity-Based Attacks Increase, MFA-Thwarting Tactics Rise 

Security Boulevard

Multifactor authentication (MFA) push notification fatigue attacks are increasing and are proving more effective, according to Expel’s quarterly threat report, based on data from the company’s customer base. The report also indicated that automated orchestration is proving to be a big advantage, with the median time to perform a remediation action automated via orchestration dropping.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Meta outlines US involvement in social media disinformation in new report

CSO Magazine

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. “Coordinated inauthentic behavior” is Meta’s term for misinformation activity performed by groups of social media accounts on its platforms that target particular groups or demographics.

Media 118
article thumbnail

Ducktail information stealer continues to evolve

Security Affairs

The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn. In late July 2022, researchers from WithSecure (formerly F-Secure Business) discovered an ongoing operation, named DUCKTAIL, that was targeting individuals and organizations that operate on Facebook’s Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to be active since 2018.

Malware 116
article thumbnail

Russian cybergangs stole over 50 million passwords this year

Bleeping Computer

At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. [.].

Passwords 112
article thumbnail

Thanks for Nothing

Security Boulevard

As we embark on the U.S. Thanksgiving holiday, we’re supposed to be grateful for our gifts. And I am certainly thankful for my family, my health (injured knee notwithstanding) and being able to work at Techstrong, which is a very cool gig. But to be honest, I’m just not feeling very thankful from a security. The post Thanks for Nothing appeared first on Security Boulevard.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Meta links U.S. military with covert Facebook influence operation

Bleeping Computer

Meta has removed several accounts on Facebook and Instagram associated with the U.S. military, saying they were used as part of covert influence operations targeting the Middle East and Russia. [.].

article thumbnail

How Health Care Data Encryption Fits Into Your Security Strategy

Security Boulevard

Hospitals, government health agencies and other health care entities have a growing need to securely store and transfer personal data, both from patient to provider and with relevant agencies, insurers and regulators. Considering the exponential rise in cyberattacks, it has never been more crucial for health care organizations to take the risk out of data.

article thumbnail

Mali GPU ‘patch gap’ leaves Android users vulnerable to attacks

Bleeping Computer

A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks. [.].

Mobile 106
article thumbnail

Black Friday deals 2022

Security Boulevard

This Black Friday, we are offering an amazing 50% discount on all new plugin subscriptions. This is the perfect opportunity to shore up your WordPress security and administration (at a hefty discount) as we head into a busy festive season. The post Black Friday deals 2022 appeared first on WP White Security. The post Black Friday deals 2022 appeared first on Security Boulevard.

104
104
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

UK finalizes first independent post-Brexit data transfer deal with South Korea

CSO Magazine

The UK has finalized its first independent data adequacy decision since leaving the European Union (EU) which will allow UK organisations to securely transfer personal data to the Republic of Korea without restrictions by the end of the year. The UK government stated that the new legislation, first agreed upon in principle in July, will allow businesses in both countries to share data more easily, enhancing opportunities for cooperation and growth.

article thumbnail

Black Friday shoppers beware: online threats so far in 2022

SecureList

The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25 th , deals are already starting. The day kickstarts the frenzied holiday shopping season with eye-catching promotional deals that lure shoppers into spending more of their hard-earned cash. In the weeks leading up to Black Friday, we have already seen discounts reaching 70% and even 80%, grabbing the attention of millions of customers.

Phishing 101
article thumbnail

Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966

Security Affairs

Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966 , that impacts Windows Server.

article thumbnail

Hot Ticket: 'Aurora' Go-Based InfoStealer Finds Favor Among Cyber-Threat Actors

Dark Reading

The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Leveraging the NIST Cybersecurity Framework For Business

Security Boulevard

The NIST cybersecurity framework is a powerful tool to organize and improve your cybersecurity program. Today many businesses see cybersecurity with a kind of laissez-faire attitude where they purchase few tools and assign some people to look after their overall IT […]. The post Leveraging the NIST Cybersecurity Framework For Business appeared first on WeSecureApp :: Simplifying Enterprise Security!

article thumbnail

Fake MSI Afterburner targets Windows gamers with miners, info-stealers

Bleeping Computer

Windows gamers and power users are being targeted by fake MSI Afterburner download portals to infect users with cryptocurrency miners and the RedLine information-stealing malware. [.].

article thumbnail

Sealing Off Your Cloud’s Blast Radius

Security Boulevard

Understand the challenges of securing your cloud and key best practices for minimizing your cloud’s blast radius. The post Sealing Off Your Cloud’s Blast Radius appeared first on Ermetic. The post Sealing Off Your Cloud’s Blast Radius appeared first on Security Boulevard.

97
article thumbnail

CryptoRom “pig butchering” scam sites seized, suspects arrested in US

Naked Security

Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers.

Scams 125
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

GitHub repojacking attack: 10 lessons for software teams

Security Boulevard

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack. The post GitHub repojacking attack: 10 lessons for software teams appeared first on Security Boulevard.

article thumbnail

Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack

Dark Reading

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.

IoT 100
article thumbnail

Pro-Russian group Killnet claims responsibility for DDoS attack that has taken down the European Parliament site

Security Affairs

Pro-Russian hacker collective Killnet took down the European Parliament website with a DDoS cyberattack. The Pro-Russia group of hacktivists Killnet claimed responsibility for the DDoS attack that today took down the website of the European Parliament website. #KILLNET , the Pro-Russia #hacking group, claims to have launched a #DDoS attack against the European Parliament's ( @Europarl_EN ) official website.

DDOS 93
article thumbnail

Google Ads Used to Distribute Royal Ransomware in Malvertising Campaign

Heimadal Security

Microsoft Security Threat Intelligence research team warn about a threat actor identified as DEV-0569, which has been observed using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group allegedly carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in […].

article thumbnail

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.