Fri.Jul 01, 2022

article thumbnail

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

The Last Watchdog

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say

Mobile 239
article thumbnail

Data breach of NFT marketplace OpenSea may expose customers to phishing attacks

Tech Republic Security

Triggered by an employee from an external vendor who shared email addresses with an unauthorized party, the breach could lead to phishing attempts against affected individuals. The post Data breach of NFT marketplace OpenSea may expose customers to phishing attacks appeared first on TechRepublic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Analyzing the Swiss E-Voting System

Schneier on Security

Andrew Appel has a long analysis of the Swiss online voting system. It’s a really good analysis of both the system and the official analyses.

204
204
article thumbnail

Get one year of this leading VPN for just $30

Tech Republic Security

ClearVPN's Premium Plan offers advanced security and connectivity, allowing you to easily protect your devices at an affordable price. The post Get one year of this leading VPN for just $30 appeared first on TechRepublic.

VPN 144
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Jenkins discloses dozens of zero-day bugs in multiple plugins

Bleeping Computer

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. [.].

142
142
article thumbnail

The business of hackers-for-hire threat actors

Tech Republic Security

Hackers-for-hire specialize in compromising email boxes. Learn more about these cyber criminals and the threat they represent. The post The business of hackers-for-hire threat actors appeared first on TechRepublic.

Phishing 137

More Trending

article thumbnail

Facebook 2FA phish arrives just 28 minutes after scam domain created

Naked Security

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.

Scams 143
article thumbnail

Highly Sophisticated Malware Attacks Home and Small Office Routers

eSecurity Planet

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. Such routers are rarely monitored or up-to-date, making them attractive targets for hackers to reach adjacent corporate networks.

Malware 106
article thumbnail

Phishing scam poses as Canadian tax agency before Canada Day

We Live Security

The lead-up to the Canada Day festivities has brought a tax scam with it. The post Phishing scam poses as Canadian tax agency before Canada Day appeared first on WeLiveSecurity.

Scams 100
article thumbnail

The Complete Guide to Acceptable Use Policies (AUP)

Heimadal Security

What is an Acceptable Use Policy An acceptable use policy, often known as an AUP, is a collection of guidelines developed by the proprietor of a website, online service, or computer infrastructure with the intention of restricting the improper or illegal use of the owner’s software or information assets. It’s a fundamental component of the […].

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Using AI/ML to Secure the Hybrid Workforce

Security Boulevard

First, workplaces went fully remote to keep business operations running during the COVID-19 pandemic. Now, as the pandemic is easing into endemic, organizations are asking their employees to return to their offices. Many workers are choosing a hybrid setup—working a couple of days a week onsite and the rest of the time remotely. This is. The post Using AI/ML to Secure the Hybrid Workforce appeared first on Security Boulevard.

Mobile 98
article thumbnail

Friday Five 7/1

Digital Guardian

The overturning of Roe v. Wade is sparking more privacy concerns, cybercriminals are using deepfakes to gain access to corporate networks, and home routers are being attacked with malware. Read about these stories and more in this week's Friday Five.

Malware 98
article thumbnail

CISA orders agencies to patch Windows LSA bug exploited in the wild

Bleeping Computer

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft's May 2022 updates. [.].

article thumbnail

Inching Toward Defend Forward

Security Boulevard

The increase in cyberattacks—and the increase in the cost of cyberattacks—sends a clear signal: Something about the cybersecurity industry needs to change. We live in a world where malicious cyberattack campaigns are persistent and relentless. Even as threat actors like ransomware groups face growing pressure from law enforcement, it is clear that the rule of.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Teenagers are being encouraged to spread ransomware

CyberSecurity Insiders

Ransomware-as-a-service gang is on the prowl of teenagers who can act as distributors for malware. As law enforcement is tightening the noose around black hat hackers in all ways, ransomware spreading groups are now focusing more on luring teenagers into their business distribution stream. According to a study made by security software firm Avast, cybercriminals are openly advertising their malware-building tools and distribution schemes on online communities and gaming platforms.

article thumbnail

Wicked Good Development: Vulnerability Drills – the Intention, Habit, and Impact

Security Boulevard

Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and experts in the industry. The post Wicked Good Development: Vulnerability Drills – the Intention, Habit, and Impact appeared first on Security Boulevard.

article thumbnail

New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild

The Hacker News

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022.

article thumbnail

Disgruntled Law School Applicant’s Cyberharassment Ends With Narrow Court Ruling

Security Boulevard

Ho Ka Terrance Yung wanted to go to Georgetown University School of Law. He had good grades and good LSAT scores and arranged for an “alumni” interview—an interview with a former Hoya to accelerate his application process. The interview did not go well. Yung thought the alumnus was insensitive and rude. Ultimately, Yung was rejected. The post Disgruntled Law School Applicant’s Cyberharassment Ends With Narrow Court Ruling appeared first on Security Boulevard.

Risk 98
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Ransomware review: June 2022

Malwarebytes

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In June, LockBit was the most active ransomware , just as it has been all year. The month was also notable for the disappearance of Conti , and the large number of attacks by groups alleged to have links with the disbanded group.

article thumbnail

Facial recognition in Oz

Security Boulevard

Despite concerns from privacy advocates, Australia is currently the only democracy in the world that uses facial recognition technology to aid Covid-19 containment procedures. Police ensure that Western Australian citizens are following the seven-day quarantine rule by sending periodic text messages that require the quarantined person to send a response in the form of a selfie within 15 minutes.

article thumbnail

TikTok Assures U.S. Lawmakers it's Working to Safeguard User Data From Chinese Staff

The Hacker News

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S.

article thumbnail

Making CMMC Compliance Affordable For SMBs

Security Boulevard

Realizing the Total Cost of Compliance Companies in the defense industrial base (DIB) have less than a year before the Interim Rule is in effect. We’ve spoken to many small to medium businesses (SMBs) in the DIB and one concern comes up over and over again. The cost of CMMC 2.0 compliance seems out of […]. The post Making CMMC Compliance Affordable For SMBs appeared first on PreVeil.

96
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

AstraLocker 2.0 ransomware isn’t going to give you your files back

Malwarebytes

Reversing Labs reports that the latest verison of AstraLocker ransomware is engaged in a a so-called “ smash and grab ” ransomware operation. Smash and grab is all about maxing out profit in the fastest time. It works on the assumption by malware authors that security software or victims will find the malware quickly, so it’s better to get right to the end-game as quickly as possible.

article thumbnail

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Security Affairs

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated one such IIS backdoor: SessionManager.

article thumbnail

Google Improves Its Password Manager to Boost Security Across All Platforms

The Hacker News

Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post.

article thumbnail

Zoho ManageEngine ADAudit Plus bug gets public RCE exploit

Bleeping Computer

Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory. [.].

98
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Criminals Use Deepfake Videos to Interview for Remote Work

Dark Reading

The latest evolution in social engineering could put fraudsters in a position to commit insider threats.

article thumbnail

Microsoft: Windows Server 2012 reaches end of support in October 2023

Bleeping Computer

Microsoft has reminded customers that Windows Server 2012/2012 R2 will reach its extended end-of-support (EOS) date next year, on October 10, 2023. [.].

98
article thumbnail

Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps

The Hacker News

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis.

Malware 98
article thumbnail

A ransomware attack forced publishing giant Macmillan to shuts down its systems

Security Affairs

A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted certain files on the Macmillan network.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.