Anton on Security

JANUARY 10, 2022

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF]. If you missed them, the previous papers are: “Future of the SOC: Forces shaping modern security operations” [PDF] (Paper 1 of 4) “Future of the SOC: SOC People?

Engineering 339

Engineering Technology Cybersecurity 339

Schneier on Security

JANUARY 10, 2022

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.

Phishing 295

Phishing 295

Tech Republic Security

JANUARY 10, 2022

The modern world would grind to a halt without URLs, but years of inconsistent parsing specifications have created an environment ripe for exploitation that puts countless businesses at risk.

Risk 215

Risk 215

Bleeping Computer

JANUARY 10, 2022

After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers. [.].

Malware 145

Malware 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 10, 2022

As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.

CISO 215

CISO Cybersecurity 215

Security Boulevard

JANUARY 10, 2022

In 2021, there were a number of major supply chain attacks that crippled multiple companies. Think back to the Kaseya attack in July, or, even before that, the SolarWinds attack that came to light in December 2020. In October 2021, Broward Health in Florida was compromised through a third-party supply chain vulnerability. For many CEOs, The post Is Your Supply Chain Secure?

Security Awareness 144

Security Awareness Ransomware Malware Cybersecurity 144

We Live Security

JANUARY 10, 2022

But as we learned in mashing up other technologies, the security devil is in the details. The post CES 2022 – the “anyone can make an electric car” edition appeared first on WeLiveSecurity.

Technology 144

Technology Cybersecurity 144

Security Boulevard

JANUARY 10, 2022

2021 was a busy year for the cyber security community. Emerging threats posed many challenges to security professionals and created many opportunities for threat actors. Picus has curated a list of the top five threats observed in 2021, detailing ten lessons defenders can learn from them. . Microsoft Exchange Server Vulnerabilities. In January 2021, Volexity detected a large amount of egress data traffic on its customers’ Microsoft Exchange Servers [1].

Cyber threats 141

Cyber threats Ransomware Risk Architecture 141

Tech Republic Security

JANUARY 10, 2022

Check Point Research said Africa had the highest amount with an average of 1,582 per week per organization. Here's how to combat the latest surge in attacks.

136

136

Security Boulevard

JANUARY 10, 2022

One of the biggest problems with the IT / OT convergence in critical infrastructure is that much of the legacy hardware cannot simply be patched to an acceptable compliance level. Recently, Sean Tufts, the practice director for Industrial Control Systems (ICS) and Internet of Things (IoT) security at Optiv, offered his perspectives on where the industry […]… Read More.

Cybersecurity 140

Cybersecurity IoT Internet Internet 140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JANUARY 10, 2022

Ragnar Locker Ransomware, notorious hacking group that spreads file encrypting malware to large-scale organizations, has hit a security firm this time and stole data to prove it’s worth. The said ransomware group also published on the dark web that it has siphoned some critical data related to the Broomfield based company, a business unit of Subex, and has provided a link to the stolen data assets only accessible via TOR browser.

Ransomware 135

Ransomware Cybersecurity IoT Cryptocurrency 135

Security Boulevard

JANUARY 10, 2022

One of the most fundamental challenges of securing the identity-defined perimeter is efficiently managing and securing the cloud identity life cycle. This priority comes into sharpest focus with offboarding users—or, more accurately, the failure of so many organizations to revoke standing access privileges to DevOps environments and other sensitive IT resources.

Security Awareness 140

Security Awareness Cybersecurity Network Security 140

Bleeping Computer

JANUARY 10, 2022

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. [.].

Ransomware 134

Ransomware Encryption Malware 134

Security Boulevard

JANUARY 10, 2022

Many of the cybersecurity predictions for 2022 are, well, predictable. Ransomware will continue to wreak havoc across different industries. Watch for attacks against critical infrastructure. Deep fakes will be used to spread disinformation in the upcoming midterm elections. And expect to hear a lot more about the metaverse and criminal activity. But what all of.

Cybersecurity 138

Cybersecurity Ransomware Security Awareness Malware 138

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

JANUARY 10, 2022

According to a research carried out by Check Point Research, a 50% rise in cyber attacks is being witnessed year on year and the target points were mostly touted to be the organizations operating in education/research and military or government sectors. Security researchers claim from their analysis that the year 2021 witnessed the highest volume of cyber attacks, with an average of over 1,605 targeting each business every week.

Cyber Attacks 133

Cyber Attacks DDOS Manufacturing Education 133

Security Boulevard

JANUARY 10, 2022

In “Alice in Wonderland,” Alice follows the white rabbit as he hurries into his hole and enters a fantastical world. The resulting saga was fantasy in its purest form, full of impossible situations and outrageous characters that, more than 100 years later, remain open to interpretation. There are several ways cybersecurity can be compared with. The post Predict 2022: Down the Cybersecurity Rabbit Hole appeared first on Security Boulevard.

Cybersecurity 132

Cybersecurity Security Awareness 132

Thales Cloud Protection & Licensing

JANUARY 10, 2022

How Can We Secure The Future of Digital Payments? divya. Tue, 01/11/2022 - 06:35. The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. This raises the question of where digital payment technologies will take us in the future, and how will this affect consumers? In the latest episode of Thales Security Sessions podcast , I was asked by Neira Jones to join Simon Keates, Head of Strategy and Payment Security at Thal

Retail 126

Retail Financial Services Banking Authentication 126

Security Boulevard

JANUARY 10, 2022

If you’re an average size healthcare organization, the amount of EMR access happening in your network, per day, can top 2.5 million. That can be hard to fathom at first, but it makes sense. Doctors are checking medical history for patients before prescribing medicine, billing is looking at charts to code the right procedures to […]. The post Why Having A Privacy Monitoring Solution Matters appeared first on SecureLink.

Healthcare 131

Healthcare 131

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

JANUARY 10, 2022

Last week, the U.S. Federal Trade Commission (FTC) issued a warning to companies to remediate the serious vulnerability in the popular open-source Java logging package Log4j to avoid future legal action. In issuing its notice, the FTC underscored that organizations have legal obligations “to take reasonable steps to mitigate known software vulnerabilities.

Risk 129

Risk Software 129

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. The malware campaign is still active and threat actors have already stolen data and credentials of more than 2000 victims across 111 countries as of 2 Jan 2022.

Malware 130

Malware Banking Software Cybercrime 130

CSO Magazine

JANUARY 10, 2022

For a growing number of organizations, IT environments encompass a blend of public cloud services, private clouds, and on-premises infrastructure—with the latter becoming an ever-smaller portion of the mix. The past two years have seen a major uptick in the use of cloud services, and the trend shows no signs of slowing. An April 2021 report by research firm Gartner forecast that worldwide spending on public cloud services will grow 23% this year.

Marketing 128

Marketing Technology Software 128

Bleeping Computer

JANUARY 10, 2022

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. [.].

Software 130

Software 130

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JANUARY 10, 2022

Edward Snowden and Pulitzer Prize-winning journalists Glenn Greenwald and Chris Hedges have recently come together in a video conference call moderated by Amy Goodman of Democracy Now. In the video, the group talks about the past eight years of privacy problems and other significant events. After Snowden leaked documents from the NSA and left their employment in 2013, he has been living in Moscow and since charged with violating the Espionage Act.

Surveillance 127

Surveillance Government 127

The State of Security

JANUARY 10, 2022

Companies today face increasing pressure to implement strong cybersecurity controls. While the U.S. has no comprehensive cybersecurity law, many organizations still fall under state, international, or industry regulations. Two of the most prominent controlling publications are the General Data Protection Regulation (GDPR), and the ISO 27701 standard.

Cybersecurity 126

Cybersecurity 126

CyberSecurity Insiders

JANUARY 10, 2022

As most of the high street banks are showing a blind eye while providing online security to their customers, consumer watchdog ‘Which?’ states that it is paving a way for the hackers to earn £750 million each year. Also, the privacy advocating firm stated that its analysis has discovered major flaws in a few of the renowned banking websites that could lead to money drain from accounts of customers in suburbs of UK and Europe.

Passwords 126

Passwords Banking Accountability Mobile 126

Trend Micro

JANUARY 10, 2022

This report is the fourth part of our LoRaWAN security series, and highlights an attack vector that, so far, has not attracted much attention: the LoRaWAN stack. The stack is the root of LoRaWAN implementation and security. We hope to help users secure it and make LoRaWAN communication resistant to critical bugs.

Risk 125

Risk 125

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CSO Magazine

JANUARY 10, 2022

Enterprises have a substantially lower level of confidence in their MSSP (managed security services provider) support than they do in their in-house capabilities, according to a recent survey commissioned by R&D foundation MITRE Engenuity. To address these concerns, the organization — part of MITRE, a not-for-profit corporation that operates federally funded research facilities focusing on safety and security — has a recommendation.

121

121

Security Boulevard

JANUARY 10, 2022

In what can only be described as one of the most bizarre events in the history of open source, we find that the massively popular open source libraries, colors.js , and faker.js were sabotaged by their very own maintainer, as I first reported on over the weekend. The post npm Libraries ‘colors’ and ‘faker’ Sabotaged in Protest by their Maintainer—What to do Now?

120

120

CSO Magazine

JANUARY 10, 2022

Researchers have warned of a new, critical Java flaw impacting the console of the popular H2 Java SQL database with the same root cause as the Log4Shell vulnerability in Apache Log4j. According to JFrog, the issue carries a critical risk of unauthenticated remote code execution (RCE) for certain organizations who should update their H2 databases immediately.

Risk 120

Risk 120

Security Boulevard

JANUARY 10, 2022

Tripwire’s December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 “LogShell” remote code execution vulnerability. There are many attack vectors via various software applications due to Log4j2’s widespread […]… Read More.

Software 120

Software 120

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.