Krebs on Security

SEPTEMBER 16, 2020

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. The Justice Department unsealed indictments against Russian nationals Danil Potekhin and Dmitirii Karasavidi , alleging the duo was responsible for a sophisticated phishing and money laundering campaig

Cryptocurrency 334

Cryptocurrency Phishing Accountability Cybercrime 334

Schneier on Security

SEPTEMBER 16, 2020

The Grugq has written an excellent essay on how the Russian cybercriminal gang FIN7 operates. An excerpt: The secret of FIN7’s success is their operational art of cyber crime. They managed their resources and operations effectively, allowing them to successfully attack and exploit hundreds of victim organizations. FIN7 was not the most elite hacker group, but they developed a number of fascinating innovations.

Cybercrime 251

Cybercrime Technology Hacking 251

Adam Levin

SEPTEMBER 16, 2020

A phishing campaign is targeting employees with phony email reminders for cybersecurity and phishing awareness training. . In a clever spin on more widely known phishing methods, hackers are sending emails pretending to be from KnowBe4, a company specializing in training employees to recognize phishing scams. . Source: Cofense.com. The emails prompt their targets to click links to complete “required” training sessions, which redirect them to spoofed Outlook.com login pages hosted at a Russian t

Phishing 238

Phishing Scams Cybersecurity 238

Tech Republic Security

SEPTEMBER 16, 2020

Cybersecurity is critical. With the shift toward remote work, brute-force attacks are increasingly targeting accounts that use Microsoft's Remote Desktop Protocol, says NordVPN Teams.

Accountability 178

Accountability Cybersecurity 178

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. According to security firm Tencent, the team of hackers has been active over the past few months by hacking into Microsoft SQL Servers (MSSQL) to install a crypto-miner. “Tencent Security

Malware 135

Malware Cryptocurrency Advertising Accountability 135

Tech Republic Security

SEPTEMBER 16, 2020

Since the COVID-19 pandemic began, IT teams have been trying to keep up with the ever-evolving array of cyberthreats.

Cybersecurity 164

Cybersecurity 164

Threatpost

SEPTEMBER 16, 2020

The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.

IoT 127

IoT Mobile 127

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.

Firmware 125

Firmware Advertising Manufacturing Malware 125

Tech Republic Security

SEPTEMBER 16, 2020

When cybersecurity reporter Danny Palmer found his card was apparently used on another continent, he set out to discover more.

Cybersecurity 131

Cybersecurity 131

Dark Reading

SEPTEMBER 16, 2020

The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, say researchers. Here's what infosec pros should know.

InfoSec 122

InfoSec 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

SEPTEMBER 16, 2020

The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic institutions since May 2020 until as recently as last week.

Phishing 125

Phishing Hacking 125

Tech Republic Security

SEPTEMBER 16, 2020

Cybersecurity reporter Danny Palmer tells Karen Roby what he discovered when he tried to find out how someone in South America attempted to use his bank details.

Banking 92

Banking Cybersecurity 92

Threatpost

SEPTEMBER 16, 2020

Cynet's report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used to distribute malware in spearphishing attacks.

Cybersecurity 104

Cybersecurity Malware 104

Veracode Security

SEPTEMBER 16, 2020

Theoretical physicist Stephen Hawking was spot on when he said, ???Whether you want to uncover the secrets of the universe, or you just want to pursue a career in the 21st century, basic computer programming is an essential skill to learn.??? It???s no secret that programming is a thriving career path ??? especially with the speed of software development picking up, not slowing down.

Education 98

Education Software Risk 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

SEPTEMBER 16, 2020

Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.

110

110

Threatpost

SEPTEMBER 16, 2020

More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.

DDOS 118

DDOS Healthcare Internet Internet 118

Dark Reading

SEPTEMBER 16, 2020

After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.

128

128

Security Affairs

SEPTEMBER 16, 2020

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a malware analysis report (MAR) that includes technical details about web shells employed by Iranian hackers. A web shell is a code, often written in typical web development programming languages (e.g., ASP, PHP, JSP), that attackers implant on web servers to gain remote access and code execution.

VPN 90

VPN Passwords Advertising Password Management 90

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

SEPTEMBER 16, 2020

While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.

Cybersecurity 111

Cybersecurity 111

WIRED Threat Level

SEPTEMBER 16, 2020

A group known as Barium allegedly attacked hundreds of targets around the globe—and manipulated in-game goods and currency.

95

95

Dark Reading

SEPTEMBER 16, 2020

Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.

Computers and Electronics 95

Computers and Electronics Backups Internet Internet 95

Google Security

SEPTEMBER 16, 2020

Posted by Daniel Rubery, Software Engineer, Chrome, Ryan Rasti, Software Engineer, Safe Browsing, and Eric Mill, Product Manager, Chrome Security Google’s Advanced Protection Program helps secure people at higher risk of targeted online attacks, like journalists, political organizations, and activists, with a set of constantly evolving safeguards that reflect today’s threat landscape.

Malware 75

Malware Engineering Software Risk 75

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

SEPTEMBER 16, 2020

The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.

Cybersecurity 119

Cybersecurity 119

Threatpost

SEPTEMBER 16, 2020

The two hackers allegedly hacked more than 50 websites hosted in the U.S. and vandalized them with pro-Iran messages.

Hacking 77

Hacking Government 77

Dark Reading

SEPTEMBER 16, 2020

The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.

96

96

Spinone

SEPTEMBER 16, 2020

Even though most companies have this policy in place, employee-based mistakes are still responsible for 90 percent of data breaches in the cloud, according to Kaspersky Lab. So, how to compose a cyber security policy that works if you are a small-to-medium business owner or IT admin with no experience in that matter? To build an effective, easily implementable cyber/digital/IT security policy, you must include easy-to-follow directions and security measures for: C-level management IT guys Other

Passwords 52

Passwords Antivirus Malware Accountability 52

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

SEPTEMBER 16, 2020

The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here's what infosec pros should know.

InfoSec 74

InfoSec 74

Herjavec Group

SEPTEMBER 16, 2020

Healthcare institutions to increase their spend on cybersecurity through 2025. Los Angeles, Calif. – September 15, 2020. It’s shouldn’t be surprising to hear that the healthcare industry is suffering from a variety of cyber ailments. The biggest perpetrator? Ransomware. CISOs and security teams are being pulled in many directions during the COVID-19 pandemic – especially in securing the remote workforce.

Healthcare 40

Healthcare Ransomware Cybersecurity CISO 40

Dark Reading

SEPTEMBER 16, 2020

Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?

Firewall 89

Firewall 89

Trend Micro

SEPTEMBER 16, 2020

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Data breaches 40

Data breaches Cybersecurity Ransomware 40

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.