Schneier on Security

FEBRUARY 17, 2022

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”.

Surveillance 271

Surveillance Government 271

The Last Watchdog

FEBRUARY 17, 2022

Data helps digital businesses make meaningful decisions and fast-track their growth in a global market so that companies that are skilled at harvesting data regularly and consistently tend to grow faster than those that only involve data scantily in making decisions. Related: Kaseya hack highlight supply-chain risks. This has made data extraction one of the most crucial aspects of what makes a company strive in today’s economy.

Internet 194

Internet Internet Marketing Media 194

Tech Republic Security

FEBRUARY 17, 2022

The only category to decrease was malware attacks, but SonicWall said in its report that even that number was deceptive. . The post Report: Pretty much every type of cyberattack increased in 2021 appeared first on TechRepublic.

Malware 168

Malware 168

Security Affairs

FEBRUARY 17, 2022

Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users , threat actors started using it as an attack vector. Starting in January 2022, security researchers from Avanan observed attackers compromising Microsoft Teams accounts attach malicious executables to chat and infect participants in the conversation.

Malware 142

Malware Phishing Accountability Data breaches 142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 17, 2022

It was a banner year for online fraudsters. Almost every industry saw an attack spike, with online fraud jumping 85% year over year in 2021, says Arkose Labs. The post Metaverse companies faced 60% more attacks last year, and 5 other online fraud statistics appeared first on TechRepublic.

147

147

CSO Magazine

FEBRUARY 17, 2022

When the insider is the President of the United States, the mishandling and removal of information take on a different demeanor given the national security implications. The U.S. media has widely reported how the National Archives and Records Administration bird-dogged the return of missing presidential records, most recently 15 boxes of presidential papers that should have been directed to the National Archives when President Trump’s term ended on January 20, 2021.

Media 137

Media 137

Veracode Security

FEBRUARY 17, 2022

What is SQL injection? A SQL injection flaw allows for an attacker to modify or inject SQL syntax into the request to make the application behave in a manner that was not initially intended. In other words, an attacker can change a database query to: Read sensitive data Modify the database Execute other database functions Break authentication Lead to remote code execution Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise oft

Authentication 136

Authentication Information Security 136

Security Boulevard

FEBRUARY 17, 2022

On this episode of The View With Vizard, Mike Vizard talks with CyberGRX CISO Dave Stapleton about the Cybersecurity Literacy Act, its promise and whether or not it will actually make a difference. The video is below followed by a transcript of the conversation. Michael Vizard: Hey, guys. Thanks for the throw. We’re here with. The post Will the Cybersecurity Literacy Act Make a Difference?

Cybersecurity 133

Cybersecurity CISO Security Awareness Education 133

Graham Cluley

FEBRUARY 17, 2022

The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a joint warning that Russian hackers have targeted defence contractors to steal sensitive data. Read more in my article on the Tripwire State of Security blog.

Government 131

Government Cybersecurity Data breaches Malware 131

Security Boulevard

FEBRUARY 17, 2022

Alan Shimel and Mike Rothman from Securosis and DisruptOps talk Colonial Pipeline, JBS and all things ransomware. The video is below followed by a transcript of the conversation. Alan Shimel: Hey, everyone. Thanks for joining us on another segment for TechStrong TV. My guest in this segment is the one, the only Mike Rothman. I. The post The New Realities of Ransomware appeared first on Security Boulevard.

Ransomware 129

Ransomware CISO Malware Cybersecurity 129

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Heimadal Security

FEBRUARY 17, 2022

Five major banks from Canada were impacted by an hours-long outage that got them offline. Online and mobile banking together with customer e-transfer services were blocked during this time. Canadian Online Banking Off for Hours Among the impacted Canadian banks were also BMO (Bank of Montreal), Scotiabank, TD Bank Canada, Royal Bank of Canada (RBC), […].

Banking 129

Banking Mobile Cybersecurity 129

Security Boulevard

FEBRUARY 17, 2022

Open source tools offer software that–in addition to being free–has had its code reviewed by numerous users. This means that most of the time (squints at Log4Shell) problems with the code are identified and resolved. Plus, they often offer appealing features since users can post requests for them. Want to learn more about how [.]. The post Open Source Favorites: 7 Security Tools You Should Know appeared first on Hurricane Labs.

Software 123

Software InfoSec 123

CyberSecurity Insiders

FEBRUARY 17, 2022

For all those companies who are planning to renew their cyber insurance policy or are in a procedure to take one, here’s a piece of information that might interest you. Most of the Cyber Insurance companies have excluded ‘Cyber War’ consequences from their policies. And the term shall come into effect an immediate note, with no further delay. Some companies, such as Lloyd’s London, have also mandated their customers that most of their policies will fall void if their IT infrastructure falls prey

Cyber Insurance 120

Cyber Insurance Insurance Cyber Attacks Cybersecurity 120

Identity IQ

FEBRUARY 17, 2022

How to Protect My Business from Identity Theft? IdentityIQ. According to recent reports, identity theft is on the rise. Javelin Strategy reported identity theft resulted in an annual loss of $56 million in a mixed result of different criminal and fraudulent activities last year. When it comes to keeping your business database secure, there can be numerous challenges.

Identity Theft 119

Identity Theft Phishing Advertising Authentication 119

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

FEBRUARY 17, 2022

The International Committee of the Red Cross (ICRC) has issued a statement that its servers were infiltrated in January this year leading to a data breach. And preliminary inquiry made by its security experts has revealed that the hackers accessed the servers through a Zoho Vulnerability- once used by Chinese hacking groups to launch cyber attacks. ICRC released the statement in mid-February to maintain transparency with its stakeholders and consumers and added that the exploit bug in the passwo

Data breaches 120

Data breaches Password Management Cyber Attacks Hacking 120

SecureBlitz

FEBRUARY 17, 2022

In this article, we will tell you how to rent a car for cheap in different places of our world. Save your time and money to have a great rest! How To Rent A Cheap Car In Various Countries When you are going on vacation, and thinking about renting a vehicle there, it’s important to. The post How To Rent A Cheap Car In Various Countries appeared first on SecureBlitz Cybersecurity.

Cybersecurity 131

Cybersecurity 131

Security Boulevard

FEBRUARY 17, 2022

Hi, everyone, This is Dancho. Big news! I've decided to make approximately 15 years of active and unique threat actor specific research publicly accessible online for free using the OpenCTI STIX STIX2 TAXII platform and not only convert all the cool and juicy and full of never-published and discussed before niche threat actors both internationally and in Russia but also make them into a free STIX STIX2 TAXII threat intelligence feed and turn them into a machine readable format with the idea to c

Cybercrime 117

Cybercrime Authentication Internet Internet 117

CyberSecurity Insiders

FEBRUARY 17, 2022

In coming weeks, the European Data Protection Board (EDPB) has decided to launch a serious probe into the use of cloud services by the public sector. Therefore, from May 2022 around 22 national authorities across the European Economic Area (EEA) will be asked to probe firms operating in/for healthcare, finance, tax, and IT services/. Highly placed sources say that the investigation will begin with a national level questionnaire, followed by a high level inquiry depending on the answers.

Digital transformation 112

Digital transformation Cyber Risk Healthcare Risk 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

TrustArc

FEBRUARY 17, 2022

Privacy Predictions by CEO Chris Babel Privacy was ubiquitous prior to 2018. The General Data Protection Regulation (GDPR) deadline came and went as companies scrambled to meet and maintain compliance under the new regulation. Data protection has a strong presence in the media as large companies’ handling of user data is often widely discussed and […].

Media 111

Media 111

Bleeping Computer

FEBRUARY 17, 2022

A French dad faces jail time and a hefty fine after using a signal jammer to prevent his kids from going online and taking the rest of a nearby town down with them. [.].

Internet 113

Internet Internet Technology 113

Approachable Cyber Threats

FEBRUARY 17, 2022

Category Risk Modeling, Quantitative Risk Risk Level. “What are heuristics?” Heuristics are simplified problem solving procedures, mental shortcuts, or rules of thumb. They may be implicit habits of thought (e.g. avoid fire), explicit decision trees in a document (e.g. ePHI means high risk), or they could be decision rules we encode into algorithms, like those used in software for malware and virus detection (e.g. hooking keyboard drivers = malware).

Cybersecurity 106

Cybersecurity Data breaches Risk Identity Theft 106

Threatpost

FEBRUARY 17, 2022

On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not.

DDOS 110

DDOS Government Malware Hacking 110

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

FEBRUARY 17, 2022

Gartner analysts Paul Furtado and Jonathan Care recently published a short piece on insider risk management titled: The Rule of 3 for Proactive Insider Risk Management. The research note provides readers new to the topic with a solid foundation of insider risk management and how to attack the challenge of insider risk. For example, it … Continued. The post Exploring the Gartner Rule of Three for Proactive Insider Risk Management appeared first on DTEX Systems Inc.

Risk 104

Risk 104

CSO Magazine

FEBRUARY 17, 2022

As high-stakes cryptocurrency and blockchain projects proliferate and soar in value, it’s no surprise that malicious actors were enticed to steal $14 billion in cryptocurrency during 2021 alone. The frantic pace of cryptocurrency thefts is continuing into 2022. In January, thieves stole $30 million in currency from Crypto.com and $80 million in cryptocurrency from Qubit Finance.

Cryptocurrency 101

Cryptocurrency Hacking 101

Security Boulevard

FEBRUARY 17, 2022

25 vulnerabilities to look out for in Node JS applications: Directory traversal, prototype pollution, XSSI, and more…. Photo by Greg Rakozy on Unsplash. Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really daunting.

Authentication 104

Authentication Encryption Engineering Firewall 104

Bleeping Computer

FEBRUARY 17, 2022

Microsoft announced the general availability of hotpatching for Windows Server Azure Edition core virtual machines allowing admins to install Windows security updates on supported VMs without requiring server restarts. [.].

100

100

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

FEBRUARY 17, 2022

In recent months, there has been significant momentum within the U.S. government and lawmakers to introduce more stringent and effective cybersecurity legislation. To a great extent, this is motivated by the need to deter adversaries from attacking public sector agencies, to safeguard critical infrastructure and to require defense and intelligence agencies to better protect themselves.

Cybersecurity 104

Cybersecurity Government Security Awareness Malware 104

Bleeping Computer

FEBRUARY 17, 2022

Security researchers warn that some attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation. [.].

Malware 99

Malware Accountability 99

Security Boulevard

FEBRUARY 17, 2022

Next year will continue a five-year skills gap trend for businesses confronting the growing complexity of cybersecurity threats. A report by Enterprise Strategy Group noted that 95% of cybersecurity employees interviewed say the skills shortage persists, worsened by heavy workloads and the overall labor shortage. Against this landscape, more enterprises, notably the small to medium-sized.

Cybersecurity 104

Cybersecurity Security Awareness Network Security 104

CSO Magazine

FEBRUARY 17, 2022

New research has revealed the full viability of a novel quantum key distribution (QKD) network for metropolitan areas that is resistant to quantum computing attacks. According to JPMorgan Chase, Toshiba and Ciena, the newly developed QKD network supports 800 Gbps encryption under real-world environmental conditions and can instantly detect and defend against quantum-enabled threats.

Engineering 99

Engineering Encryption 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.