The Last Watchdog

JULY 1, 2022

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say

Mobile 217

Mobile Education Phishing Technology 217

Schneier on Security

JULY 1, 2022

Andrew Appel has a long analysis of the Swiss online voting system. It’s a really good analysis of both the system and the official analyses.

199

199

Tech Republic Security

JULY 1, 2022

Triggered by an employee from an external vendor who shared email addresses with an unauthorized party, the breach could lead to phishing attempts against affected individuals. The post Data breach of NFT marketplace OpenSea may expose customers to phishing attacks appeared first on TechRepublic.

Data breaches 195

Data breaches Phishing 195

Bleeping Computer

JULY 1, 2022

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. [.].

137

137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 1, 2022

ClearVPN's Premium Plan offers advanced security and connectivity, allowing you to easily protect your devices at an affordable price. The post Get one year of this leading VPN for just $30 appeared first on TechRepublic.

VPN 142

VPN 142

The Hacker News

JULY 1, 2022

Amazon, in December 2021, patched a high severity vulnerability affecting its Photos app for Android that could have been exploited to steal a user's access tokens. "The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino said.

Authentication 124

Authentication 124

eSecurity Planet

JULY 1, 2022

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. Such routers are rarely monitored or up-to-date, making them attractive targets for hackers to reach adjacent corporate networks.

Malware 114

Malware DNS Antivirus Internet 114

Naked Security

JULY 1, 2022

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.

Scams 143

Scams Phishing 143

We Live Security

JULY 1, 2022

The lead-up to the Canada Day festivities has brought a tax scam with it. The post Phishing scam poses as Canadian tax agency before Canada Day appeared first on WeLiveSecurity.

Scams 102

Scams Phishing 102

Bleeping Computer

JULY 1, 2022

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft's May 2022 updates. [.].

Authentication 98

Authentication 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JULY 1, 2022

First, workplaces went fully remote to keep business operations running during the COVID-19 pandemic. Now, as the pandemic is easing into endemic, organizations are asking their employees to return to their offices. Many workers are choosing a hybrid setup—working a couple of days a week onsite and the rest of the time remotely. This is. The post Using AI/ML to Secure the Hybrid Workforce appeared first on Security Boulevard.

Mobile 98

Mobile Network Security Cybersecurity 98

Digital Guardian

JULY 1, 2022

The overturning of Roe v. Wade is sparking more privacy concerns, cybercriminals are using deepfakes to gain access to corporate networks, and home routers are being attacked with malware. Read about these stories and more in this week's Friday Five.

Malware 98

Malware 98

Security Boulevard

JULY 1, 2022

The increase in cyberattacks—and the increase in the cost of cyberattacks—sends a clear signal: Something about the cybersecurity industry needs to change. We live in a world where malicious cyberattack campaigns are persistent and relentless. Even as threat actors like ransomware groups face growing pressure from law enforcement, it is clear that the rule of.

Ransomware 98

Ransomware Cybersecurity Technology 98

CyberSecurity Insiders

JULY 1, 2022

Ransomware-as-a-service gang is on the prowl of teenagers who can act as distributors for malware. As law enforcement is tightening the noose around black hat hackers in all ways, ransomware spreading groups are now focusing more on luring teenagers into their business distribution stream. According to a study made by security software firm Avast, cybercriminals are openly advertising their malware-building tools and distribution schemes on online communities and gaming platforms.

Ransomware 98

Ransomware DDOS Scams Education 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JULY 1, 2022

Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and experts in the industry. The post Wicked Good Development: Vulnerability Drills – the Intention, Habit, and Impact appeared first on Security Boulevard.

Software 98

Software 98

The Hacker News

JULY 1, 2022

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022.

Internet 97

Internet Internet Malware Software 97

Security Boulevard

JULY 1, 2022

Ho Ka Terrance Yung wanted to go to Georgetown University School of Law. He had good grades and good LSAT scores and arranged for an “alumni” interview—an interview with a former Hoya to accelerate his application process. The interview did not go well. Yung thought the alumnus was insensitive and rude. Ultimately, Yung was rejected. The post Disgruntled Law School Applicant’s Cyberharassment Ends With Narrow Court Ruling appeared first on Security Boulevard.

Risk 98

Risk Government Cybersecurity 98

Bleeping Computer

JULY 1, 2022

Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory. [.].

97

97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JULY 1, 2022

Despite concerns from privacy advocates, Australia is currently the only democracy in the world that uses facial recognition technology to aid Covid-19 containment procedures. Police ensure that Western Australian citizens are following the seven-day quarantine rule by sending periodic text messages that require the quarantined person to send a response in the form of a selfie within 15 minutes.

Technology 97

Technology Network Security 97

Security Affairs

JULY 1, 2022

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated one such IIS backdoor: SessionManager.

Passwords 96

Passwords Hacking Government Information Security 96

Security Boulevard

JULY 1, 2022

Realizing the Total Cost of Compliance Companies in the defense industrial base (DIB) have less than a year before the Interim Rule is in effect. We’ve spoken to many small to medium businesses (SMBs) in the DIB and one concern comes up over and over again. The cost of CMMC 2.0 compliance seems out of […]. The post Making CMMC Compliance Affordable For SMBs appeared first on PreVeil.

96

96

The Hacker News

JULY 1, 2022

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S.

Engineering 96

Engineering 96

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Malwarebytes

JULY 1, 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In June, LockBit was the most active ransomware , just as it has been all year. The month was also notable for the disappearance of Conti , and the large number of attacks by groups alleged to have links with the disbanded group.

Ransomware 93

Ransomware Software Technology Malware 93

Security Affairs

JULY 1, 2022

A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted certain files on the Macmillan network.

Ransomware 93

Ransomware Data breaches Cyber Attacks Media 93

Malwarebytes

JULY 1, 2022

Reversing Labs reports that the latest verison of AstraLocker ransomware is engaged in a a so-called “ smash and grab ” ransomware operation. Smash and grab is all about maxing out profit in the fastest time. It works on the assumption by malware authors that security software or victims will find the malware quickly, so it’s better to get right to the end-game as quickly as possible.

Ransomware 92

Ransomware Encryption Adware Software 92

The Hacker News

JULY 1, 2022

Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post.

Password Management 91

Password Management Passwords 91

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

JULY 1, 2022

The latest evolution in social engineering could put fraudsters in a position to commit insider threats.

Social Engineering 120

Social Engineering Engineering 120

Bleeping Computer

JULY 1, 2022

Microsoft has reminded customers that Windows Server 2012/2012 R2 will reach its extended end-of-support (EOS) date next year, on October 10, 2023. [.].

98

98

The Hacker News

JULY 1, 2022

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis.

Malware 89

Malware Mobile 89

Bleeping Computer

JULY 1, 2022

Azure Active Directory (Azure AD) now allows admins to issue time-limited passcodes that can be used to register new passwordless authentication methods, during Windows onboarding, or to recover accounts easier when losing credentials or FIDO2 keys. [.].

Authentication 90

Authentication Accountability 90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.