Krebs on Security

OCTOBER 1, 2021

The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity. In a long-overdue notice issued Sept. 30 , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before

Wireless 274

Wireless Mobile Passwords Authentication 274

Tech Republic Security

OCTOBER 1, 2021

The study, from Cisco, comes with the announcement of its New Trust Standard, a benchmark for seeing how trustworthy businesses are as they embrace digital transformation.

Digital transformation 187

Digital transformation 187

Bleeping Computer

OCTOBER 1, 2021

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. [.].

Cryptocurrency 145

Cryptocurrency Authentication 145

Tech Republic Security

OCTOBER 1, 2021

The SOS program, run by the Linux Foundation, will reward developers with potentially more than $10,000 for enhancing the security of critical open source software.

Software 187

Software 187

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

OCTOBER 1, 2021

This article was written by an independent guest author. As the threat landscape evolves faster than we can keep up with, organizations must be aware of the type of threats they may face. Certain threat types, like ransomware and malware, are more prominent and therefore must be fought with the appropriate resources. On the other hand, some threat types are not prevalent and pose significantly less risk.

Firewall 139

Firewall Backups Ransomware Phishing 139

Tech Republic Security

OCTOBER 1, 2021

Fetal heartbeat monitors were down in the labor and delivery wards, which the lawsuit claims resulted in a baby being born with brain damage.

Ransomware 160

Ransomware 160

Security Boulevard

OCTOBER 1, 2021

On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) once again threatened sanctions against companies for paying ransom in the event that their data or systems were hijacked by hackers. In a new advisory, the federal agency noted that paying ransom strengthens adversaries, encourages more ransomware attacks and facilitates future.

Ransomware 136

Ransomware Risk Government Malware 136

The Hacker News

OCTOBER 1, 2021

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.

Malware 137

Malware Hacking 137

Malwarebytes

OCTOBER 1, 2021

Researchers have shown that it is possible for attackers to bypass an Apple iPhone’s lock screen to access payment services and make contactless transactions. The issue, which only applies to Apple Pay and Visa, is caused by the use of so-called magic bytes, a unique code used to unlock Apple Pay. In the full paper , researchers from two UK universities—the University of Birmingham and the University of Surrey—show how this feature makes it possible to wirelessly pickpocket money.

Wireless 130

Wireless Banking Authentication 130

Bleeping Computer

OCTOBER 1, 2021

This week comes with reports of a hospital ransomware attack that led to the death of a baby and new efforts by governments worldwide to combat ransomware. [.].

Ransomware 135

Ransomware Government 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

OCTOBER 1, 2021

The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication.

Authentication 125

Authentication 125

Bleeping Computer

OCTOBER 1, 2021

In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Shortly after the mistake, the platform's founder began asking users to return the money—or else they would be reported to IRS, and possibly doxxed, threatened the founder. [.].

Cryptocurrency 124

Cryptocurrency 124

Jane Frankland

OCTOBER 1, 2021

Alvin Toffler once said, “The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn.” His statement couldn’t be truer and as I chaired the European Security Forum 2021 in London this week, I was amazed at how the theme of unlearning what we know glued together (figuratively speaking) all the other speakers’ presentations.

Cybersecurity 100

Cybersecurity Ransomware Identity Theft Technology 100

We Live Security

OCTOBER 1, 2021

The campaign may last for a month, but we should remember that cybersecurity is a year-round affair. The post October is Cybersecurity Awareness Month! Why being cyber‑smart matters appeared first on WeLiveSecurity.

Cybersecurity 137

Cybersecurity 137

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

OCTOBER 1, 2021

As a security professional, you may be tasked with achieving SOC2 compliance for your organization, adopting a NIST framework, or complying with new security laws. These are just a few examples; you likely face many requirements! Compliance with multiple policy, regulatory, and legal security frameworks and standards is challenging and time consuming.

Cybersecurity 115

Cybersecurity 115

The Hacker News

OCTOBER 1, 2021

Cybersecurity researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorized Visa payment with a locked iPhone by taking advantage of the Express Travel mode set up in the device's wallet. "An attacker only needs a stolen, powered on iPhone.

Cybersecurity 113

Cybersecurity 113

CSO Magazine

OCTOBER 1, 2021

Telos, Splunk and StackArmor have teamed up to streamline US federal government ATO (Authorization To Operate) compliance for regulated defense contractors and software providers, using AWS as a foundation. The new initiative, announced this week by the three cloud and security companies, is dubbed FASTTR, short for Faster ATO with Splunk, Telos, and ThreatAlert for Regulated Markets.

Government 113

Government Marketing Software Cybersecurity 113

Security Boulevard

OCTOBER 1, 2021

Twitter bots are tricking users into making PayPal and Venmo payments and other cybersecurity news headlines in this week's round-up. The post Cybersecurity News Round-Up: Week of September 27, 2021 appeared first on Security Boulevard.

Cybersecurity 112

Cybersecurity 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Naked Security

OCTOBER 1, 2021

Gift card fraud may sound like small beer against ransomware - but it's personal, it hurts, and it's still a multi-million dollar problem.

Ransomware 126

Ransomware Social Engineering Scams Engineering 126

eSecurity Planet

OCTOBER 1, 2021

A previously unknown but highly skilled Chinese-speaking cyberespionage group is using sophisticated malware to attack government and private entities in Southeast Asia through a long-running campaign that targets systems running the latest versions of Microsoft’s Windows 10. The group – which researchers with Kaspersky Lab are calling GhostEmporer – uses a multi-stage malware framework designed to give the attackers remote control over the targeted servers.

Engineering 110

Engineering Malware Telecommunications Government 110

CyberSecurity Insiders

OCTOBER 1, 2021

For the first time in the history of digital attacks, a ransomware attack on a hospital network is said to have led to the death of a baby girl in April 2020. And the mother of the dead girl has sued a hospital for not only failing to mitigate a cyber attack but also hiding its consequences that severely affected patient care. The hospital in question is Springhill Memorial Hospital and the baby girl who died because of the cyber incident is Nicko, born with an umbilical cord wrapped around her

Ransomware 108

Ransomware Wireless Encryption Cyber Attacks 108

Threatpost

OCTOBER 1, 2021

The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients.

Malware 109

Malware Banking Mobile 109

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

OCTOBER 1, 2021

Let’s face it: Encryption key management can seem daunting. Sure, it’s easy to connect a hardware security module (HSM) to a database and generate a key, but that’s not how it works in the real world, where mission-critical cryptography is needed and required. Let’s talk pain points and dispel some of the myths. There are. The post Overcoming the Challenges of Enterprise Key Management appeared first on Security Boulevard.

Encryption 104

Encryption Security Awareness Risk Government 104

Bleeping Computer

OCTOBER 1, 2021

The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany's second-largest financial institution. [.].

Banking 105

Banking Malware Mobile 105

Security Boulevard

OCTOBER 1, 2021

I started Cybereason to help defenders protect their networks and data against attacks—to use what I know about how cybercriminals think and how adversaries work to give defenders an advantage against all threats. Right now, one of the most pervasive threats is ransomware, and I am proud to say that we remain undefeated against ransomware attacks. .

Ransomware 104

Ransomware Antivirus Cybersecurity Network Security 104

Bleeping Computer

OCTOBER 1, 2021

The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections. [.].

Malware 104

Malware 104

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

OCTOBER 1, 2021

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.

Malware 103

Malware Hacking 103

Bleeping Computer

OCTOBER 1, 2021

The Federal Communications Commission (FCC) announced earlier this week that phone companies are now required to filter calls from providers who haven't complied with a deadline to block illegal robocalls expired on September 28th. [.].

102

102

Security Affairs

OCTOBER 1, 2021

Threat actors could exploit a stored cross-site scripting (XSS) vulnerability in Apple AirTag product to lure users to malicious websites. Security researcher Bobby Rauch discovered a stored cross-site scripting (XSS) vulnerability in the Apple AirTag product that can be exploited by attackers to lure users to malicious websites. Apple AirTag is a tracking device designed to act as a key finder, it allows users to find personal objects (e.g. keys, bags, apparel, small electronic devices, vehicle

Mobile 101

Mobile Phishing Authentication Hacking 101

Threatpost

OCTOBER 1, 2021

Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.

Phishing 116

Phishing Mobile Hacking 116

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.