Tech Republic Security
FEBRUARY 5, 2021
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
Malwarebytes
FEBRUARY 5, 2021
Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Hot for Security
FEBRUARY 5, 2021
A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data. Read more in my article on the Hot for Security blog.
CyberSecurity Insiders
FEBRUARY 5, 2021
The SolarWinds Cyber Attack seems to be like a never-ending saga as daily a new revelation is being made by US Department of Homeland Security. Now, the latest find is that the hacking group suspected to be from Russia is reported to be only interested in Microsoft Corporation products and services. Brandon Wales, the director of DHS Cybersecurity and Infrastructure Security Agency, has confirmed the news and stated that the hacking operation was massive and could have been launched with a long-
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
FEBRUARY 5, 2021
Emulators have played a part in many tech-savvy users’ lives. They introduce a level of flexibility that not only allows another system to run on top of a user’s operating system—a Windows OS running on a MacBook laptop, for example—but also allows video gamers to play games designed to work on a different platform than the one they own. Recently, ESET revealed a campaign that targeted users of NoxPlayer, a popular Android emulator for PCs and Macs.
Bleeping Computer
FEBRUARY 5, 2021
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
FEBRUARY 5, 2021
This week we saw a few large scale attacks and various ransomware reports indicating ransom payments are falling, while attacks are increasingly destroying data permanently. The good news is a new ransomware decryptor was released, allowing victims to recover files for free. [.].
Google Security
FEBRUARY 5, 2021
Posted by Oliver Chang and Kim Lewandowski, Google Security Team We are excited to launch OSV (Open Source Vulnerabilities), our first step towards improving vulnerability triage for developers and consumers of open source software. The goal of OSV is to provide precise data on where a vulnerability was introduced and where it got fixed, thereby helping consumers of open source software accurately identify if they are impacted and then make security fixes as quickly as possible.
Bleeping Computer
FEBRUARY 5, 2021
Microsoft has announced today that Microsoft Edge Legacy will be permanently removed and replaced with the new Microsoft Edge after installing April's Windows 10 Patch Tuesday security update. [.].
Security Boulevard
FEBRUARY 5, 2021
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the changing face of work in the wake of the COVID-19 pandemic and the vaccine …. The post Five worthy reads: The future of work in a post-COVID world appeared first on ManageEngine Blog. The post Five worthy reads: The future of work in a post-COVID world appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
FEBRUARY 5, 2021
The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions. [.].
The Hacker News
FEBRUARY 5, 2021
A new distributed denial-of-service attack (DDoS) vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline.
Bleeping Computer
FEBRUARY 5, 2021
The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum. [.].
Security Boulevard
FEBRUARY 5, 2021
ThreatStack announced this week that it has integrated its observability platform for tracking cybersecurity events with the EC2 cloud service from Amazon Web Services (AWS). Chris Ford, vice president of product for ThreatStack, said the company’s namesake platform for tracking security events can now consume metadata collected from EC2 by deploying an instance of its.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Hot for Security
FEBRUARY 5, 2021
A former medical researcher at the Ohio-based Nationwide Children’s Hospital was sentenced to 30 months in federal prison after conspiring to steal and sell trade secrets to China, according to the US Department of Justice (DOJ). 47-year old Li Chen pleaded guilty in July 2020 to stealing scientific research while working at one of the largest freestanding pediatric research centers in the US.
The Hacker News
FEBRUARY 5, 2021
Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.
Hot for Security
FEBRUARY 5, 2021
A security researcher has discovered that Spotify has fallen victim to a credential stuffing attack that used data from more than 100,000 accounts. Unlike the previous incident involving Spotify a few months ago, the latest attack is not due to a security breach. This time, bad actors tried to use a malicious Spotify logger database in a credential stuffing attack on Spotify.
CyberSecurity Insiders
FEBRUARY 5, 2021
This post was originally published by (ISC)Management. Did you ever hear the story about the hyphen that cost 80 Million dollars ? In the infancy of the United States’ space program, a programming error resulted in a forced abort of a rocket early in its flight to prevent possible injury along its crash path. Or how about the time a pilot miscalculated the required fuel for a flight from Montreal to Edmonton?
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Heimadal Security
FEBRUARY 5, 2021
Keeping a record of your company’s inventory is essential for the digital and financial well-being of your business. Knowing where your resources are located is not only good for your budget but your cybersecurity strategy as well. Asset tracking software can help you with that. But what is asset tracking software? How does it work? […]. The post Asset Tracking Software: What Is It and How Does It Work?
Bleeping Computer
FEBRUARY 5, 2021
Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. [.].
SC Magazine
FEBRUARY 5, 2021
A phishing attack recently uncovered by researchers pretends to share information about an electronic funds transfer (EFT) by offering up a link to download an HTML invoice that then loads to a page with Microsoft Office branding that’s hosted on Google Firebase. The attack culminates with a final phishing page that looks to extract a victim’s Microsoft login credentials, alternate email address, and phone number, Armorblox researchers wrote in a blog post.
Security Boulevard
FEBRUARY 5, 2021
To better protect personal data and ensure information security, organizations should be taking advantage of vulnerability assessments and measuring against application security benchmarks. These application security validations and certifications ensure your applications comply with fundamental security specifications, including safe programming, organized design structure and secure operations.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SC Magazine
FEBRUARY 5, 2021
Mortgage loan servicing company SN Servicing Corporation notified at least two states in recent weeks of a ransomware attack on its systems. Filings submitted to the California and Vermont state attorneys general disclosed that the company was hit by ransomware attacks on or around Oct. 15, 2020. According to the documents, upon learning of the incident, SN “immediately locked down affected systems and engaged a third party team of forensic experts to determine the impact on our borrowers.”.
CSO Magazine
FEBRUARY 5, 2021
The days of a hopeless disconnect between security leaders and the board of directors have come to a close—at least for enterprises with a healthy risk posture. Digitally savvy or not, in today’s business environment, board directors largely recognize they need an understanding of how cybersecurity risk overlaps with enterprise risk and the board’s overarching governance responsibilities, and they at least need to be conversant in cyber risk and how it could impact the organization—financially,
CyberSecurity Insiders
FEBRUARY 5, 2021
Stormshield, a France-based Cybersecurity firm, has revealed that hackers launched a cyber attack recently to steal its source code. And to a certain extent they reportedly accessed some sensitive content that was only meant to be used by customers or partners. Highly placed sources say that the incident took place in December 2020 when the threat actors took control of Stormshield Network Security(SNS) and Network Security Industrial Firewall Products that was meant to be accessed by customers
Threatpost
FEBRUARY 5, 2021
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
FEBRUARY 5, 2021
Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive Technologies expert Andrey Medov. . 4 XSS in FortiWeb (CVE-2021-22122), found by Andrey Medov, have been patched.
Zero Day
FEBRUARY 5, 2021
A security researcher has found a malicious Chrome extension in the wild abusing the Chrome Sync process.
Security Affairs
FEBRUARY 5, 2021
Trucking and freight transportation logistics giant Forward Air Corporation said a December 2020 ransomware attack had $7.5M Impact. Trucking and freight transportation logistics giant Forward Air Corporation announced that the ransomware attack that hit the company in December will impact its fourth-quarter financial results. This week the company filed a FORM 8-K with SEC that revealed that the ransomware attack that took place in December impacted that infected its systems caused service del
SecureBlitz
FEBRUARY 5, 2021
Malware remains the most significant online threat that poses enormous threats to computers, especially when connected to the internet. This has led to the development of several anti-malware tools, including online virus scanners. Compared with the conventional offline antivirus engine, online virus removers are cloud-based. Hence, they do not use up system resources; neither do.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
185 
Let's personalize your content