Krebs on Security

MAY 5, 2021

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability 316

Accountability Passwords Advertising Phishing 316

Schneier on Security

MAY 5, 2021

There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details : The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process, as the team explains

Engineering 302

Engineering 302

Tech Republic Security

MAY 5, 2021

The first Thursday in May is World Password Day. Learn some tips for what your organization should do to foster good password management techniques.

Passwords 189

Passwords Password Management 189

Anton on Security

MAY 5, 2021

Not the Final Answer on NDR in the Cloud … Back in my analyst years, I rather liked the concept of NDR or Network Detection and Response. And, despite having invented the acronym EDR , I was raised on with NSM and tcpdump way before that. Hence, even though we may still live in an endpoint security era , the need for network data analysis has not vanished.

Encryption 140

Encryption Threat Detection Network Security Architecture 140

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

MAY 5, 2021

Another in our occasional series demystifying Latin American banking trojans. The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity.

Banking 145

Banking Malware 145

Security Boulevard

MAY 5, 2021

Article by Shiela Pulido. Due to our dependence on the internet for digital transformation, most people suffer from the risks of cyberattacks. It is an even greater concern this year due to the trend of remote working and international business expansions. According to IBM , the cost of cyber hacks in 2020 is about $3.86 million. Thus, understanding how cybersecurity and data privacy plays a priority role in organizations, especially in a multilingual setting.

Data privacy 140

Data privacy Cyber Attacks Digital transformation Artificial Intelligence 140

Security Boulevard

MAY 5, 2021

The attacks on Microsoft Exchange servers around the world by Chinese state-sponsored threat group Hafnium are believed to have affected over 21,000 organizations. The impact of these attacks is growing as the four zero-day vulnerabilities are getting picked up by new threat actors. While the world was introduced to these critical vulnerabilities on March 2nd.

Ransomware 138

Ransomware 138

Graham Cluley

MAY 5, 2021

Uh oh. Not only were Peloton bikes leaking personal information about users, but when told about the problem the company was far from perfect in its response.

Data breaches 145

Data breaches 145

We Live Security

MAY 5, 2021

The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions. The post DDoS attack knocks Belgian government websites offline appeared first on WeLiveSecurity.

DDOS 134

DDOS Government Cybercrime 134

Graham Cluley

MAY 5, 2021

Signal tried to run targeted ads on Instagram that showed users *how* they had been targeted, and revealed the extraordinary amount of data Facebook collects about users.

Advertising 138

Advertising 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Heimadal Security

MAY 5, 2021

From securing e-commerce transactions to encrypting data sent via email and verifying software packages, public key infrastructure (PKI) and encryption are essential to secure online communications. But what exactly is PKI, how does PKI work, and what role does it play in encryption and internet security as a whole? Without getting too technical, we’re going […].

Encryption 131

Encryption Internet Internet Software 131

Hot for Security

MAY 5, 2021

Web scraping, or data scraping, is the process of extracting and collecting data from websites. Today, data harvesting is mostly automated, relying on specific tools. On a much smaller scale, regular internet users often participate in data scraping. This manual process requires users to copy-paste the information into a locally stored document or file.

Risk 126

Risk Media Internet Internet 126

Bleeping Computer

MAY 5, 2021

Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts. [.].

Accountability 122

Accountability Software 122

Heimadal Security

MAY 5, 2021

The U.S. Agency for Global Media (USAGM) recently revealed that a phishing attack from December 2020 exposed the personal information of current and former employees and their beneficiaries, including full names and Social Security numbers. Image Source: Voice of America According to the agency, the threat actor gained access to an email inbox with Personally […].

Media 124

Media Phishing Data breaches Cybersecurity 124

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MAY 5, 2021

VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers. [.].

122

122

Security Boulevard

MAY 5, 2021

As ransomware behaviors change from mass attacks to highly targeted incidents and from file-based to fileless and in-memory attacks, IT leaders also need to adapt to these changing behaviors. A recent Sophos survey, The State of Ransomware in 2021, revealed global changes in cybercriminal behavior as these attacks become more targeted. More than half (54%).

Ransomware 124

Ransomware Cybersecurity Network Security 124

Vipre

MAY 5, 2021

As the ransomware epidemic continues to spread, ask yourself how vulnerable your business is to cyber-extortion. Because ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. A vulnerability assessment is a good first step to strengthening your defenses.

Ransomware 122

Ransomware Backups Phishing Education 122

Tech Republic Security

MAY 5, 2021

Recently seized by the government, the site spoofed an actual company developing a coronavirus vaccine in an effort to steal personal data for malicious purposes.

Government 114

Government 114

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

MAY 5, 2021

Australian Labor Party- New South Wales branch has reportedly become a victim of a ransomware attack where the hackers stolen critical information such as passport details, contract details, resumes, financial details of the party, driving licenses and employment contracts. Avaddon Ransomware group is suspected to be behind the attack and are reportedly demanding millions of dollars for not publishing the stolen data on the dark web.

Ransomware 120

Ransomware DDOS Cyber Attacks Marketing 120

Tech Republic Security

MAY 5, 2021

In addition to new blueprints, IBM Security also announced a partnership with the cloud and network security provider Zscaler.

Network Security 131

Network Security 131

CyberSecurity Insiders

MAY 5, 2021

Cybersecurity Firm Mandiant has observed that a new malware campaign is on the prowl that started on December 2nd, 2020 targeting over 50 organizations so far. Researchers say that the campaign was launched by a hacking group named UNC2529 that might be connected to the state funded intelligence belonging to an Asian country. The first campaign started in December last year when the hackers sent phishing emails laced with malicious links to over 247 organizations hailing from US and APAC nations

Phishing 120

Phishing Malware Education Retail 120

Bleeping Computer

MAY 5, 2021

A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives. [.].

142

142

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

MAY 5, 2021

A ransomware attack against Scripps Health in San Diego over the weekend underscores the potentially dangerous impact cyberattack incidents can wreak on health care providers. “Showing just how low cybercriminals will go, the attack on a major healthcare facility like Scripps highlights the dark side of ransomware, disturbingly putting lives at risk,” said Edgard Capdevielle, The post Ransomware Attack Disrupts Scripps Health appeared first on Security Boulevard.

Ransomware 118

Ransomware Healthcare Risk Government 118

Security Affairs

MAY 5, 2021

A new cybercrime gang, tracked as UNC2529 , has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware. The group targeted the organization with phishing attacks aimed at spreading at least three new sophisticated malware strains.

Cybercrime 112

Cybercrime Malware Manufacturing Retail 112

SC Magazine

MAY 5, 2021

Proofpoint offices in Toronto, Canada. (Raysonho @ Open Grid Scheduler / Scalable Grid Engine, CC0, via Wikimedia Commons). Researchers issued a warning on Wednesday to any company running cloud apps, reporting that in 2020 they detected more than 180 different malicious open authorization (OAuth) applications attacking 55% of their customers with a success rate of 22%.

Malware 113

Malware Engineering Social Engineering Phishing 113

The State of Security

MAY 5, 2021

Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that you’ve reused an old password or passphrase from 2012? Surprisingly, quite a lot. Hashed passwords and the plain text equivalent from a breached site can be paired with your […]… Read More.

Passwords 112

Passwords Accountability 112

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

MAY 5, 2021

Hackers no longer rely solely on email when trying to infiltrate your organization. Social media, including LinkedIn, have become the new preferred method of attack for these criminals. This year, Google’s Threat Analysis Group (TAG) discovered a largescale cyberattack that originated out of North Korea. The cyberattack utilized fake blogs, fake email accounts, and even […].

Media 110

Media Hacking Accountability Social Engineering 110

CyberSecurity Insiders

MAY 5, 2021

A distributed denial of service attack has reportedly disrupted the internet services connecting to most parts of Belgium shutting down the much needed web services to Parliament, Universities and some Scientific Institutes. Highly placed sources say that the attack was a large scale sophisticated attack that hit Belnet that offers internet services to many of the government agencies and private entities across the country in the Western Europe.

DDOS 109

DDOS Cyber Attacks Internet Internet 109

Security Boulevard

MAY 5, 2021

Information security used to be much simpler—or at least it seemed to be, right? In the past, most. Read More. The post Security Questionnaires: Why You Received One and How to Answer It Effectively appeared first on Hyperproof. The post Security Questionnaires: Why You Received One and How to Answer It Effectively appeared first on Security Boulevard.

Information Security 110

Information Security CISO Risk Government 110

CSO Magazine

MAY 5, 2021

If you want to know what’s new in cybersecurity, watch what the startup vendors are doing. They typically begin with an innovative idea and are unfettered by an installed base and its mainstream approach. Startups often tackle problems no one else is addressing. The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor relationship.

Cybersecurity 107

Cybersecurity Risk 107

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.