Mon.Jan 18, 2021

article thumbnail

OpenWRT forum hacked, intruders stole user data

Security Affairs

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. The main components are Linux, util-linux, musl, and BusyBox. All components have been optimized to be small enough to fit into the limited storage and memory available in home routers.

Hacking 127
article thumbnail

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda

CSO Magazine

The federal government and private sector are still reeling from the SolarWinds supply chain hack , and Congress is on edge as it begins a new term beset by fears of domestic terrorism. It would seem all bets are off in terms of the previous legislative agenda for cybersecurity, at least in the near-term. The relevant committees in the new 117th Congress have yet to weigh in on specific pieces of legislation, but it’s clear that cybersecurity will be a big focus across both the House and Senate.

Hacking 125
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

German laptop retailer fined €10.4m under GDPR for video-monitoring employees

Security Affairs

German data regulator LfD announced a €10.4M fine under GDPR against the online laptop and electronic goods retailer NBB for video-monitoring employees. The State Commissioner for Data Protection (LfD) Lower Saxony announced a €10.4 million fine under the GDPR against an online laptop and electronic goods retailer NBB’s (notebooksbilliger.de) for video-monitoring employees for at least a couple of years.

Retail 113
article thumbnail

How to reboot a broken or outdated security strategy

CSO Magazine

An enterprise security strategy should be like a weather report: subject to frequent updates. Allowing a security plan to fall out of sync with current and emerging threats, as well as evolving enterprise technologies and interests, can open the door to financial and reputational catastrophes.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Trump’s Worst, Most Bizarre Statements About ‘the Cyber’

WIRED Threat Level

Over the course of his presidency, he managed to be consistently wrong, outrageous, and dangerous in equal measure. We look back at his most notorious remarks.

113
113
article thumbnail

VPNFilter Two Years Later: Routers Still Compromised

Trend Micro

We look into VPNFilter, an IoT botnet discovered over two years ago, to see why there are still routers infected by the malware and what else can be done to minimize its potential risks.

IoT 102

More Trending

article thumbnail

WhatsApp delays privacy policy update after confusion, backlash

We Live Security

Millions of people flock to Signal and Telegram as WhatsApp scrambles to assuage users' concerns. The post WhatsApp delays privacy policy update after confusion, backlash appeared first on WeLiveSecurity.

Media 100
article thumbnail

Medical Device Security: Diagnosis Critical

Threatpost

Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.

IoT 106
article thumbnail

Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack

Graham Cluley

Members of one of England's most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.

article thumbnail

Apple paid a $50,000 bounty to two bug bounty hunters for hacking its hosts

Security Affairs

A duo of white hat hackers claims to have earned $50,000 from Apple for reporting serious flaws that allowed them to company’s servers. The Indian white hat hackers Harsh Jaiswal and Rahul Maini claim to have discovered multiple flaws that allowed them to access Apple servers. The duo started focusing on Apple’s infrastructure in an attempt to emulate the success of a team of researchers composed of Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes that reporte

Hacking 94
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How Do You Say the Word ‘CISO’?

SecureWorld News

If you work in cybersecurity, you probably already know what CISO stands for: Chief Information Security Officer. The number and prominence of CISOs continues to grow as organizations get more serious about improving their security posture. However, a burning question remains: how do you pronounce CISO? CISO falls into the category of words that have more than one correct pronunciation such as tomato vs. to-mahto, potato vs. po-tahto, caramel vs. car-mel, and data vs. day-tuh.

CISO 81
article thumbnail

500K+ records of C-level people from Capital Economics leaked online

Security Affairs

Experts from Cyble recently found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum. During a routine Darkweb monitoring, researchers from Cyble found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum. CapitalEconomics.com is one of the leading independent economic research companies in the world that provides macroeconomic, financial market and sectoral forecasts and consultancy. “Upon analysis of the da

Mobile 71
article thumbnail

What’s up with WhatsApp’s privacy policy?

Malwarebytes

WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem? Are you at risk? Or should you keep using your apps as you were previously?

article thumbnail

Attack Surface Monitoring: Definition, Benefits and Best Practices

SecurityTrails

Defining, understanding and effectively using attack surface monitoring in order to prevent security risks.

Risk 83
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

A week in security (January 11 – January 17)

Malwarebytes

Last week on Malwarebytes Labs, we looked at IoT problems , Microsoft’s Patch Tuesday , and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy , and asked if MSPs have picked the right PSA. Other cybersecurity news. Hot phishing targets: Some brands are more appealing to scammers than others (Source: ZDNet) Not so private: Student finds way to watch private YouTube videos (Source: The Register) Gone dark: Dark-web marketplace DarkMarket take

Scams 73
article thumbnail

Cryptocurrency scammers hijack verified accounts once again, jumping on Elon Musk’s Twitter threads

Graham Cluley

Hackers are still making hay hijacking the accounts of verified celebrity users to promote cryptocurrency scams.

article thumbnail

ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

Digital Shadows

ShadowTalk hosts Alec, Charles, Austin, and Ivan bring you the latest in threat intelligence. This week they cover: Significant updates. The post ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds! first appeared on Digital Shadows.

52
article thumbnail

Key lessons from the first major GDPR fines for cyber breaches

Privacy and Cybersecurity Law

The first headlines on the future threat of “mega fines” under the EU General Data Protection Regulation (GDPR) appeared as far back as 2016, when the text of the GDPR was first adopted by the European Parliament. Back then, major cyber and data security breaches were mentioned as prime candidates for mega fines approaching the 4% maximum. This era seemed to have finally arrived when, in 2019, the UK Information Commissioner’s Office (ICO) signalled its intention to levy fines against British Ai

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

How To Write A Research Paper Introduction (Cybersecurity)

SecureBlitz

This post reveals how to write a research paper introduction, especially for a cybersecurity audience. The introduction of an essay determines whether a reader will maintain the interest and curiosity that was generated by the title. It should give a general overview of the content of your paper such that the reader knows what to. The post How To Write A Research Paper Introduction (Cybersecurity) appeared first on SecureBlitz Cybersecurity.

article thumbnail

Cloud and Remote App Access Climbs Skyward

Duo's Security Blog

The 2020 Duo Trusted Access Report shows a significant increase in year over year growth in remote access and the use of cloud applications. Cloud applications are more flexible, scalable and accessible remotely than typical on-premises applications. Securing the cloud was once a barrier to entry, but MFA (multi-factor authentication) has paved the way for an easy and effective way to secure remote and cloud access.

article thumbnail

Leadership in the Industry - Customer Blog

Trend Micro

Jason Cradit, Principal Cloud Architect, 1898 & Company.

52
article thumbnail

Naked Security Live – Staying safe online at home (especially if you’re homeschooling!)

Naked Security

Here's our latest live video talk - enjoy!

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Joker’s Stash Carding Market to Call it Quits

Krebs on Security

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers. A farewell message posted by Joker’s Stash admin on Jan. 15, 2021.

Marketing 226
article thumbnail

G Suite CASB: Why Your Business Needs It

Spinone

Google Workspace (formerly G Suite) is a vital part of many companies’ workflow. Every company needs to have a clear picture of how their data is accessed, shared (including sharing outside/ in violation of policies ), and protected from digital threats. Using CASB is a way to address these issues. But what, exactly, is CASB, and why is it essential for your security strategy?

article thumbnail

Why Regression Testing Matters

ForAllSecure

Regression testing is the practice of re-running functional and non-functional tests to ensure that previously developed and tested software still performs after new code commits are submitted. Inevitably, as more functions are added and more code is integrated into existing codebases, this integration of the old and new can result in new mistakes. When previously tested software does not perform successfully against previously run tests, it is called a “regression” While the practic

B2B 52
article thumbnail

MY TAKE: With disinformation running rampant, embedding ethics into AI has become vital

The Last Watchdog

Plato once sagely observed, “A good decision is based on knowledge and not on numbers.” . Related: How a Russian social media site radicalized U.S. youth. Th at advice resonates today, even as we deepen our reliance on number crunching — in the form of the unceasing machine learning algorithms whirring away in the background of our lives , setting in motion many of the routine decisions each of us make daily.

Education 215
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?