The Last Watchdog

NOVEMBER 29, 2021

Mental health at work is undergoing a rapid transformation. Even before the COVID-19 pandemic, which has caused an increase in feelings of loneliness and isolation, workers’ mental health was under pressure. Related: Capital One hacker demonstrated ‘erratic behavior’ According to a recent workforce health survey, 40% of workers experienced mental health issues this past year , double the year before.

Cybersecurity 216

Cybersecurity Social Engineering Risk Cyber Risk 216

Tech Republic Security

NOVEMBER 29, 2021

Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.

210

210

Security Boulevard

NOVEMBER 29, 2021

The cybersecurity world remains dynamic. On November 4, 2021, the Department of Defense (DoD) posted an update to its Cybersecurity Maturity Model Certification (CMMC) initiative, announcing program changes dubbed CMMC 2.0. These changes were driven by a tremendous amount of industry input; taken into consideration during the DoD’s review of the program over the past.

Cybersecurity 145

Cybersecurity CISO Security Awareness IoT 145

CyberSecurity Insiders

NOVEMBER 29, 2021

REvil ransomware gangs, known to fleece millions from their victims, are seen leading luxurious lives in their hideouts protected by Russian government. According to a covert operation launched by leading news publishing resource DailyMail, a suspected hacker running REvil aka Sodinokibi ransomware gang was arrested by the police last week. Named as Yevgeniy Polyanin, the 28-year hacking techie was arrested from Siberia from his $380,000 USD home.

Ransomware 140

Ransomware Cyber Attacks Government Software 140

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

NOVEMBER 29, 2021

The INTERPOL-led operation involved law enforcement from 20 countries and led to the seizure of millions of dollars in illicit gains. The post More than 1,000 arrested in global crackdown on online fraud appeared first on WeLiveSecurity.

Cybercrime 139

Cybercrime 139

Security Boulevard

NOVEMBER 29, 2021

As we approach the end of 2021, we’d like to present our predictions for 2022 for the application security community. It would be easy to just predict that cyber attacks will continue to increase, that we’ll find more vulnerabilities in production code (after four record years and probably a fifth), and that ransomware will exact a record-setting payment from an organization in the coming year.

Cyber Attacks 136

Cyber Attacks Ransomware 136

Dark Reading

NOVEMBER 29, 2021

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.

Data breaches 137

Data breaches Phishing Ransomware 137

Bleeping Computer

NOVEMBER 29, 2021

The Italian financial crime agency (Guardia di Finanza - GdF) has announced the arrest of several individuals suspected of managing Telegram channels to promote fake vaccine certificates, aka 'Green Passes.' [.].

Healthcare 133

Healthcare 133

Security Boulevard

NOVEMBER 29, 2021

The age-old adage that “Criminals crime” is proving true when it comes to the transnational cybercriminals at play. The cybercriminals associated with the forum RAMP (Russian) have reached out to China’s cybercriminals in a somewhat ham-fisted manner to invite their participation in both the forum and their collaboration in criminal activity. According to Flashpoint Intelligence, The post Cybercriminals: Frenemies China, Russia, North Korea appeared first on Security Boulevard.

Security Awareness 131

Security Awareness Risk Government Ransomware 131

CSO Magazine

NOVEMBER 29, 2021

CISO turnover rates are legendary, so let’s say you’re one of the many job-hunting CISOs, and you have two or three targets on your short list. Or maybe you’re being recruited by a prospective employer to be their next CISO. Or you’re a security exec looking to move up to the CISO level. Or you’re just trying to benchmark how your board stacks up when it comes to security.

CISO 126

CISO 126

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

NOVEMBER 29, 2021

Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices.

Banking 123

Banking Malware Cybersecurity 123

CyberSecurity Insiders

NOVEMBER 29, 2021

This blog was written by an independent guest blogger. While remote work has many benefits, it can increase the risk of employees suffering from directed attention fatigue (DAF) , where they find themselves unable to focus due to constant distractions. This is due primarily to isolation and the constant bombardment of emails and instant messages. In fact, one of the most worrying types of DAF for security professionals is email fatigue.

Phishing 124

Phishing Healthcare Data breaches Cyber Attacks 124

Security Boulevard

NOVEMBER 29, 2021

Google’s new Cybersecurity Action Team (CAT) would like you to know that insecure cloud instances can be hijacked by hackers. Stop the press. Did we really need to be told that? The post Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious appeared first on Security Boulevard.

Cybersecurity 121

Cybersecurity Social Engineering Cryptocurrency Security Awareness 121

Security Affairs

NOVEMBER 29, 2021

Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android.

Software 119

Software Hacking Information Security 119

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

NOVEMBER 29, 2021

Source: [link] 1. IPv6 Internet Protocol version 6 (Ipv6) is the newest version of the Internet Protocol (IP), which is the concept of communications protocol that provides an identification and location system for computers on networks. The main purposes of an Internet Protocol are routing traffic across the Internet, packet-switched internetworking, and allowing end-to-end datagram [.].

IoT 121

IoT Internet Internet 121

CSO Magazine

NOVEMBER 29, 2021

NETSCOUT's Chief Security Officer, Debby Briggs, was joined by Tyler Cohen Wood for an insightful conversation with Lisa Martin from theCUBE. Tyler is a nationally recognized cyber security, intelligence, national security expert, and former Director of Cyber Risk Management for AT&T. Together, Debby and Tyler shared valuable insights and advice.

Cybersecurity 116

Cybersecurity Cyber Risk Security Intelligence Media 116

Security Boulevard

NOVEMBER 29, 2021

Co-host Scott Wright joins Tom Eston for part three in our series on how to break into a cybersecurity career. Scott shares his career journey and gives us some insight into his career path going from consulting into starting his own company. If you’re a college student or thinking about getting into cybersecurity, this is […]. The post How to Break Into a Cybersecurity Career – Part 3 with Scott Wright appeared first on The Shared Security Show.

Cybersecurity 115

Cybersecurity Technology InfoSec Information Security 115

CSO Magazine

NOVEMBER 29, 2021

Avery Dennison had to confront a typical challenge: how to best protect its significant, and quickly growing, volume of data.

131

131

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

NOVEMBER 29, 2021

Our thanks to DEFCON for publishing their outstanding DEF CON 29 Red Team Village videos on the Conferences’ YouTube channel. Permalink. The post DEF CON 29 Red Team Village – Russ Hanneman’s ‘Message About The Red Team Village CTF’ appeared first on Security Boulevard.

Social Engineering 112

Social Engineering Education Engineering InfoSec 112

Malwarebytes

NOVEMBER 29, 2021

Emergency services —under which the police, fire, and emergency medical services departments fall—is an infrastructure vital to any country or state. But when those services come under threat from either physical or cyber entities, it’s as good as putting the lives of citizens at risk as well. Unfortunately, not every place has the means and manpower like the US to put pressure on cybercriminals who dare target their vital infrastructures.

Authentication 109

Authentication Hacking Accountability Ransomware 109

Security Boulevard

NOVEMBER 29, 2021

Tomorrow, November 30, is Giving Tuesday, a day of emphasis on charitable giving both by individuals and organizations and enterprises. The Giving Tuesday movement came into being in 2012 to encourage generosity and charitable giving year-round; the Tuesday after the U.S. Thanksgiving holiday is officially designated Giving Tuesday. You’ve no doubt encountered myriad nonprofit organizations.

Social Engineering 110

Social Engineering Scams Security Awareness Engineering 110

Threatpost

NOVEMBER 29, 2021

A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.

120

120

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

NOVEMBER 29, 2021

Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack. [.].

Marketing 110

Marketing DDOS 110

CSO Magazine

NOVEMBER 29, 2021

NETSCOUT protects digital business services against disruptions in availability, performance, and security. As ransomware and DDoS attacks have become events that every business needs to guard against, our cybersecurity solutions have evolved to protect your organization from the latest threat actors. Hear from Paul Barrett , CTO of NETSCOUT's enterprise business, in partnership with the Wall Street Journal.

Cyber threats 108

Cyber threats DDOS Business Services Ransomware 108

CyberSecurity Insiders

NOVEMBER 29, 2021

By deciding to take the CISSP exam, you’ve chosen to further your education and showcase your knowledge and experience by achieving the world’s premier cybersecurity certification. Soon, you will join the ranks of more than 147,000 global leaders committed to a safe and secure cyber world. Make a Timeline. As you prep for your CISSP exam, first consider your experience level and determine a timeline that fits for your current workload and lifestyle.

Education 107

Education Cybersecurity Accountability 107

Cisco Security

NOVEMBER 29, 2021

Introduction. With traditional firewalls, network security teams are charged with the heavy lifting of deploying new solutions. They are responsible for a variety of costs, including licensing, appliance, related infrastructure updates, and ongoing maintenance. From a time-value perspective, inserting firewalls also creates additional complexity for NetOps and SecOps teams, delaying time to deployment in production environments due to design and testing required to integrate the new firewall int

Firewall 106

Firewall Network Security Architecture VPN 106

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CSO Magazine

NOVEMBER 29, 2021

Many of us in cybersecurity have a chance every day to make a difference in the security of the organizations and people around us. Cybersecurity has a role for everyone and it affects us all. Something I also believe is that as professionals in cybersecurity, we also have a duty to encourage others to progress in the field and more importantly encourage new people to consider transition into cybersecurity.

Cybersecurity 106

Cybersecurity 106

Acunetix

NOVEMBER 29, 2021

All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of. Read more. The post Secure coding practices – the three key principles appeared first on Acunetix.

105

105

CyberSecurity Insiders

NOVEMBER 29, 2021

IKEA, the furniture giant from Sweden, has disclosed that its servers were hit by a Qakbot malware that could have compromised its staff and partner accounts to a certain extent. However, as the investigation is still underway, compromise of accounts is yet to be determined. QuakBot aka QuackBot malware is actually a malicious software that has the potential to steal banking credentials and is existing since the year 2007.

Malware 105

Malware Retail Banking Accountability 105

Trend Micro

NOVEMBER 29, 2021

We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) for some time now. While previous versions of the malware have been covered by other researchers, our blog entry focuses on the malicious actor’s latest attacks.

Cryptocurrency 104

Cryptocurrency Malware Phishing 104

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.