Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? People like moving up rankings, so let’s use that! How to use this model. The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene.

Authentication 363

Authentication Passwords Internet Internet 363

Schneier on Security

MARCH 24, 2021

It’s not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used. Listen to Your Key: Towards Acoustics-based Physical Key Inference. Abstract: Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raise

327

327

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. People like moving up rankings, so let’s use that! Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? How to use this model. The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene.

Authentication 363

Authentication Passwords Internet Internet 363

Tech Republic Security

MARCH 24, 2021

A year into the pandemic, 79% of security leaders expressed fears over the risks of staff working from home, says Cybersecurity Insiders.

Risk 164

Risk Cybersecurity 164

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MARCH 24, 2021

A former IT consultant hacked a company in Carlsbad, California, and deleted almost all its Microsoft Office 365 accounts in an act of revenge that has brought him two years of prison time. [.].

Accountability 145

Accountability Hacking 145

Malwarebytes

MARCH 24, 2021

We’ve been tracking a fraudulent scheme involving renewal notifications for several months now. It came to our attention because the Malwarebytes brand as well as other popular names were being used to send fake invoices via email. The concept is simple but effective. You receive an invoice for a product you may or may not have used in the past for an usually high amount.

Software 145

Software Scams Passwords Banking 145

CyberSecurity Insiders

MARCH 24, 2021

In this blog, I am joined by my colleague Christelle Toureille, VP Telecom SIM cards here at Thales, to discuss the latest innovation in removable SIM cards. Sébastien Violette (SV): Before delving into the specifics of our new Eco SIM it is important to understand why we felt there was a need to make SIM cards more eco-friendly. As a global enterprise, we are acutely aware of our role in providing our markets with products that are more sustainable and waste less of the earth’s precious resourc

Mobile 140

Mobile Manufacturing Marketing Technology 140

Bleeping Computer

MARCH 24, 2021

Google has mysteriously removed the popular browser extension ClearURLs from the Chrome Web Store. ClearURLs is a privacy-preserving browser add-on which automatically removes tracking elements from URLs. This, according to its developer, can help protect your privacy when browsing the Internet. [.].

Internet 138

Internet Internet 138

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. After the public disclosure of ProxyLogon vulnerabilities, multiple threat actors started targeting vulnerable Microsoft Exchange servers exposed online. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry.

Ransomware 137

Ransomware Encryption VPN Malware 137

Bleeping Computer

MARCH 24, 2021

Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China. [.].

Surveillance 138

Surveillance Accountability Malware Hacking 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MARCH 24, 2021

“Ransomware is not only about weaponizing encryption, it’s more about bridging the fractures in the mind with a weaponized message that demands a. The post Ransomware Reminding Cyber Security Experts It Still Exists appeared first on Kratikal Blog. The post Ransomware Reminding Cyber Security Experts It Still Exists appeared first on Security Boulevard.

Ransomware 136

Ransomware Encryption Hacking 136

Bleeping Computer

MARCH 24, 2021

The Windows Sandbox and the Microsoft Defender Application Guard (WDAG) now launch faster in Windows 10 after installing the Insider Preview Build 21343 for Windows Insiders in the Dev Channel. [.].

136

136

Security Boulevard

MARCH 24, 2021

To get a preview of the next possible mass casualty terrorist attack, look no further than the town – and critical infrastructure – of Oldsmar, Florida. In what was surely a Sum of All Fears moment for government officials, a cyber intruder of unknown origin attempted to poison Oldsmar’s water supply on Feb. 5, 2021, The post Preventing Cyberattacks on Water Infrastructure appeared first on Security Boulevard.

Government 134

Government Risk Cybersecurity 134

CSO Magazine

MARCH 24, 2021

The pandemic has pushed admins to realize that identity should be the first thing they think of when designing a secure network. If you aren’t prioritizing your identity focus in your organization, it’s time for you to do so. If you’re managing identity with an on-premises mindset but support remote staff, then it might be time to update your approach.

133

133

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SC Magazine

MARCH 24, 2021

Sacramento, View of California State Capitol from 10th Street. ( Andre m via CC BY-SA 3.0 ). A California state agency was victimized by a phishing incident last week in which an employee clicked on a link that provided access to the employee’s account for some 24 hours. During that time, the attackers allegedly stole social security numbers and sensitive files on thousands of state workers and then sent targeted phishing messages to at least 9,000 other state workers and their contacts, accordi

Phishing 129

Phishing Social Engineering Security Awareness Accountability 129

Security Boulevard

MARCH 24, 2021

Over 30 years ago, a disgruntled researcher unleashed the first noted ransomware virus, the “ Aids Trojan.” Distributed on 20,000 floppy disks marked “AIDS Information — Introductory Diskettes'' using hijacked mail subscriber lists to the World Health Organization AIDS conference, the Aids Trojan enc rypted hard drives and directed victims to post ransom money to a P.O. box located in Panama.

Ransomware 128

Ransomware 128

SC Magazine

MARCH 24, 2021

The CNA Center in Chicago. (Antoine Taveneaux, CC BY-SA 3.0 [link] , via Wikimedia Commons). Insurance firm CNA Financial, a prominent provider of cyber insurance, confirmed a cyberattack against its systems, which has some concerned that cybercriminals may target policyholders. Cybercriminals generally know that companies represented by a cyber insurance company are more likely to pay a large ransomware demand than an uninsured business that doesn’t have the financial backing.

Cyber Insurance 128

Cyber Insurance Insurance Hacking Ransomware 128

Bleeping Computer

MARCH 24, 2021

Cisco has addressed a critical arbitrary program execution vulnerability impacting several Cisco Jabber client software for Windows, macOS, Android, and iOS. [.].

Software 131

Software 131

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

MARCH 24, 2021

The company was left to deal with three months’ worth of IT problems. The post Vengeful IT worker gets jail time for deleting company’s Microsoft user accounts appeared first on WeLiveSecurity.

Accountability 126

Accountability Cybercrime 126

Security Boulevard

MARCH 24, 2021

Healthcare companies must follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to. The post Hacking medical devices: Five ways to inoculate yourself from attacks appeared first on Software Integrity Blog. The post Hacking medical devices: Five ways to inoculate yourself from attacks appeared first on Security Boulevard.

Hacking 126

Hacking Healthcare Software 126

Bleeping Computer

MARCH 24, 2021

Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices. [.].

Technology 145

Technology 145

Adam Shostack

MARCH 24, 2021

This is a really encouraging set of trends that Sandy Carielli reports on: My latest report, “The State Of Application Security, 2021,” draws heavily from that security survey mentioned above, and by far the most encouraging piece of data I share in the report is about how security pros are prioritizing application security. When asked about their top tactical priorities for the coming year, improving application security was the most common response, and building security into the development p

Software 100

Software Engineering 100

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

MARCH 24, 2021

Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser's next stable version. [.].

125

125

Security Boulevard

MARCH 24, 2021

The security breach of security camera startup Verkada, which gave hackers access to videos from nearly 150,000 cameras – including those in prisons, schools, hospitals and electric car giant Tesla -means organizations deploying cloud-based IoT devices should give their security plans another look. The hackers were able to gain access to Verkada’s infrastructure through a.

IoT 122

IoT Surveillance Data breaches Cybersecurity 122

Hot for Security

MARCH 24, 2021

Fraud losses climbed to $56 billion in 2020 and identity fraud scams accounted for a staggering $43 billion of that cost, according to a new report. The reduction in transaction activity in 2020, combined with financial institutions’ more robust antifraud measures, made it harder for criminals to succeed in their ‘traditional’ fraud activities, according to Javelin Strategy & Research , which provides insights for financial institutions, government, payments companies, merchants, fintechs an

Scams 122

Scams Accountability Authentication Internet 122

SC Magazine

MARCH 24, 2021

With the COVID-19 vaccine rollout, employees may soon accomplish what was for a year impossible for many: Returning to the office. That return will often include laptops that have been off-network for a year, translating to 365 days of pent-up alerts ready to flood security teams all at once. . Combine those issues with problems tied to workspaces and equipment left unattended for months on end, rapidly changing personnel, and the need to acclimate employees back into an office environment.

CISO 121

CISO Technology Wireless Cybercrime 121

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

MARCH 24, 2021

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Were such detailed personally identifiable information (PII) to fall in the wrong hands, it could have been used in the execution of a wide range of cyber threats.

Passwords 122

Passwords Accountability Media Identity Theft 122

Threatpost

MARCH 24, 2021

Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes - but attackers are targeting those who haven't yet applied security updates.

122

122

Security Affairs

MARCH 24, 2021

Cisco has addressed a critical arbitrary program execution flaw in its Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco has addressed a critical arbitrary program execution issue, tracked as CVE-2021-1411 , that affects several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco Jabber delivers instant messaging, voice and video calls, voice messaging, desktop sharing, conferencing, and presence. .

Software 122

Software Authentication Mobile Accountability 122

Security Boulevard

MARCH 24, 2021

Sonrai Security announced today it has extended its ability to incorporate metadata captured from the public cloud operated by Amazon Web Services (AWS) into a platform that applies security policies based on identity. Brendan Hannigan, CEO, Sonrai Security, said in addition to achieving an AWS security competency, the Sonrai Dig platform is also now integrated.

IoT 116

IoT Cybersecurity 116

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.