Schneier on Security

FEBRUARY 24, 2021

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year — uses to delete the invasive files and infrastructure that malware can create.

Malware 255

Malware 255

Tech Republic Security

FEBRUARY 24, 2021

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.

Ransomware 217

Ransomware Healthcare 217

The Hacker News

FEBRUARY 24, 2021

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.

Ransomware 145

Ransomware Data breaches Cybersecurity 145

Tech Republic Security

FEBRUARY 24, 2021

A new FlexJobs survey reveals 14 of the most common--and successful--job-search scams. Here's how to identify them and not become a victim.

Scams 183

Scams 183

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

FEBRUARY 24, 2021

Sysdig announced today it has donated a sysdig kernel module, along with libraries for the Falco security platform for Kubernetes, to the Cloud Native Computing Foundation (CNCF) as part of an effort to advance Linux security. The sysdig kernel module runs in the extended Berkeley Packet Filter (eBPF) microkernel created by the Linux community to. The post Sysdig Donates eBPF to CNCF to Improve Linux Security appeared first on Security Boulevard.

Security Awareness 140

Security Awareness Cybersecurity 140

Tech Republic Security

FEBRUARY 24, 2021

Understanding the nature of the latest threats can help you identify shifts in tactics and techniques, prioritize security resources and test the most likely scenarios, says IBM X-Force.

159

159

Tech Republic Security

FEBRUARY 24, 2021

A new survey of tech decision makers finds that security concerns are high and trust is low when it comes to artificial intelligence.

Artificial Intelligence 185

Artificial Intelligence 185

Security Boulevard

FEBRUARY 24, 2021

Phishing attacks use deceptive emails to trick users. They have become one of the foremost attack vectors to deliver malicious Continue reading. The post Prevention of Phishing Attacks in 2021 appeared first on Kratikal Blog. The post Prevention of Phishing Attacks in 2021 appeared first on Security Boulevard.

Phishing 130

Phishing Security Awareness 130

Tech Republic Security

FEBRUARY 24, 2021

As more organizations migrate to the cloud, cybercriminals are taking advantage of the vulnerabilities in online apps, says Netskope.

Accountability 159

Accountability 159

Zero Day

FEBRUARY 24, 2021

Proof-of-concept exploit code has been published online earlier today, and active scans for vulnerable VMware systems have been detected already.

143

143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

FEBRUARY 24, 2021

To better combat cyberattacks, prevention is better than detection, says Check Point Software.

Software 175

Software 175

WIRED Threat Level

FEBRUARY 24, 2021

A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos.

Hacking 135

Hacking 135

Security Boulevard

FEBRUARY 24, 2021

The cyber world has faced unprecedented challenges and changes within the last year. It has shown a need for increased visibility within the cybersecurity landscape as blended threats and vulnerabilities become the new normal for threat responders to combat. In the interview below, Myla Pilao, head of security research communications for TrendLabs at Trend Micro, The post Cybersecurity Threats on the Rise appeared first on Security Boulevard.

Cybersecurity 125

Cybersecurity Cyber threats 125

Bleeping Computer

FEBRUARY 24, 2021

The US Federal Reserve suffered a massive IT systems outage today that prevented wire transfers, ACH transactions, and other services from operating. [.].

Banking 132

Banking Technology Government 132

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

FEBRUARY 24, 2021

Stop criminals from exploiting vulnerabilities in web browsers -- the apps that your users use most, and can’t work without -- to keep malware from reaching your company networks. The post A Powerful New Approach to Phishing — the Biggest Issue in Cybersecurity appeared first on Ericom Blog. The post A Powerful New Approach to Phishing — the Biggest Issue in Cybersecurity appeared first on Security Boulevard.

Phishing 125

Phishing Cybersecurity Malware Network Security 125

Malwarebytes

FEBRUARY 24, 2021

Malwarebytes’ Threat Intelligence analysts are continually researching and monitoring active malware campaigns and actor groups as the prevalence and sophistication of targeted attacks rapidly evolves. In this paper , we introduce a new APT group we have named LazyScripter, presenting in-depth analysis of the tactics, techniques, procedures, and infrastructure employed by this actor group.

Phishing 124

Phishing Malware 124

Tech Republic Security

FEBRUARY 24, 2021

One in four remote workers reuses work credentials on consumer sites, but IT isn't doing them any favors by reportedly failing to provide essential protection while away from the office.

109

109

Hot for Security

FEBRUARY 24, 2021

The New York Department of Financial Services (NYDFS) has issued an alert to instant-quote websites, particularly car insurers, warning of a growing campaign to steal nonpublic information (NPI). The agency says it learned of the threat after receiving reports from auto insurers that cybercriminals were targeting their premium quote sites to steal driver’s license numbers.

Financial Services 122

Financial Services Insurance Cybercrime Hacking 122

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

FEBRUARY 24, 2021

Attackers used an outdated File Transfer Appliance from Accellion to gain access to data, the company said.

Data breaches 142

Data breaches 142

The Hacker News

FEBRUARY 24, 2021

With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.

DNS 116

DNS Advertising Technology 116

The State of Security

FEBRUARY 24, 2021

According to Risk Based Security’s 2020 Q3 report, around 36 billion records were compromised between January and September 2020. While this result is quite staggering, it also sends a clear message of the need for effective database security measures. Database security measures are a bit different from website security practices. The former involve physical steps, […]… Read More.

Risk 117

Risk Authentication 117

Security Affairs

FEBRUARY 24, 2021

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software began in mid-December 2020, threat actors use to deploy a

Manufacturing 119

Manufacturing Ransomware Cybercrime Hacking 119

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

FEBRUARY 24, 2021

New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.

Social Engineering 113

Social Engineering Antivirus Threat Detection Engineering 113

Bleeping Computer

FEBRUARY 24, 2021

The US Federal Reserve suffered a massive IT systems outage today that prevented wire transfers, ACH transactions, and other services from operating. [.].

Banking 122

Banking Technology Government 122

CyberSecurity Insiders

FEBRUARY 24, 2021

All those who are worried about phishing attacks on Apple iPhones, here’s news to rejoice. With the latest update, the Cupertino giant has made it difficult for hackers to break into iPhones just by sending malicious links via messages or emails. From March 12th, 2021, Apple will change the way it secures a code that works on the operating system that will keep all zero-click attacks at bay.

Mobile 114

Mobile Wireless Authentication Cyber Attacks 114

The State of Security

FEBRUARY 24, 2021

Each February, the United States, Canada, the United Kingdom and other countries observe Black History Month. It’s a month-long celebration of the generations of black people who have elevated society by the way in which they’ve lived their lives. It’s also an opportunity for us to recognize that there’s still plenty of work to do […]… Read More.

Technology 112

Technology Cybersecurity 112

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

FEBRUARY 24, 2021

NASA and the US Federal Aviation Administration (FAA) have also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack, according to a& Washington Post report. [.].

111

111

Security Affairs

FEBRUARY 24, 2021

Crooks are exploiting BTC blockchain transactions to hide backup command-and-control (C2) server addresses for a cryptomining botnet. Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. This technique allows botnet operators to make their infrastructure resilient to takedown conducted by law enforcement. . “A recent piece of malware from a known crypto mi

Backups 111

Backups Cryptocurrency DNS Malware 111

Bleeping Computer

FEBRUARY 24, 2021

Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data. [.].

Ransomware 107

Ransomware Data breaches 107

Security Boulevard

FEBRUARY 24, 2021

Each week Breach Clarity compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach. The post Breach Clarity Data Breach Report: Week of Feb. 22 appeared first on Security Boulevard.

Data breaches 105

Data breaches Risk Government Cybersecurity 105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.