Krebs on Security

FEBRUARY 22, 2022

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they will not pursue charges following revelations that the data had been exposed since 2011 — two years after responsibility for securing the state’s IT systems was centralized within Parson’s own Office of Administration.

Education 330

Education Technology Hacking Media 330

Schneier on Security

FEBRUARY 22, 2022

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age — one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations for each. Such a shift is momentous but not without precedent.

Cybersecurity 283

Cybersecurity Surveillance Marketing Encryption 283

Tech Republic Security

FEBRUARY 22, 2022

2021 saw a decrease in mobile malware attacks, yet they have become increasingly sophisticated. Learn more about these threats and how to avoid being a victim. The post 2021 mobile malware evolution: Fewer attacks, escalating dangers appeared first on TechRepublic.

Mobile 204

Mobile Malware 204

CyberSecurity Insiders

FEBRUARY 22, 2022

Since a Seattle based healthcare company named Sea Mar Community Health Centers has failed to protect the health care information of over 688,000 people, it will have to respond to a lawsuit filed in the district court early this month. According to the sources reporting to our Cybersecurity Insiders, the data breach was detected in June 2021, where a portion of data related to patients was stolen by a hacking gang named Marketo.

Healthcare 133

Healthcare Data breaches Cyber Attacks Cybersecurity 133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

FEBRUARY 22, 2022

A devious new phishing technique allows attackers to bypass MFA by secretly having victims log in to their accounts directly on attacker-controlled servers using VNC. [.].

Phishing 132

Phishing Software Accountability 132

CSO Magazine

FEBRUARY 22, 2022

In mid-2017, Russian state-sponsored attackers installed a malicious worm in a Ukrainian financial software package. When businesses updated their software, it became infected. The worm, NotPetya, spread quickly, doing billions of dollars of damage around the world. The White House called it "the most destructive and costly cyberattack in history." Three years later, Russia-linked attackers hijacked the software upgrade process of another piece of enterprise software, SolarWinds' Orion network m

Software 128

Software 128

CyberSecurity Insiders

FEBRUARY 22, 2022

Microsoft Teams, a chat based service is in news for spreading malware these days and the Satya Nadella led company has taken a note of the situation and has acknowledged it with a fix. The chat based service that is claimed to be used by over 270 million users was trending in news from the last weekend for spreading malicious executable files to participants in the conversation.

Malware 124

Malware Healthcare Media Software 124

The State of Security

FEBRUARY 22, 2022

In the early years of cybersecurity, it was often said that people are the weakest link. This did nothing to encourage support, as it was insulting and demeaning. The new and better way to inspire people towards a cybersecurity mindset is to engage with and treat them as a valuable part of an organization’s overall cybersecurity […]… Read More.

Cybersecurity 120

Cybersecurity CISO 120

CyberSecurity Insiders

FEBRUARY 22, 2022

Trickbot Malware that started just as a banking malware has now emerged into a sophisticated data stealing tool capable of injecting malware like ransomware or serve as an Emotet downloader. And security experts from Check Point believe that the malicious software has so far targeted over 140,000 victims since November 2020, hitting high profile victims including those on PayPal, Microsoft, Amazon, Bank of America and Wells Fargo.

Malware 122

Malware Social Engineering Banking Phishing 122

Security Boulevard

FEBRUARY 22, 2022

If Russia launches cyberattacks on the U.S. or on NATO allies, it risks being hacked back. This warning comes from Deputy Attorney General Lisa O. Monaco. The post Puttin’ Putin on Notice—We Will Hack Russia Back appeared first on Security Boulevard.

Hacking 117

Hacking Risk Social Engineering Security Awareness 117

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

FEBRUARY 22, 2022

Threat analysts have observed a new wave of attacks installing Cobalt Strike beacons on vulnerable Microsoft SQL Servers, leading to deeper infiltration and subsequent malware infections. [.].

Malware 116

Malware 116

Dark Reading

FEBRUARY 22, 2022

Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security — even human life.

Data breaches 128

Data breaches 128

Security Boulevard

FEBRUARY 22, 2022

Security has long taken a back seat to speed when it comes to app development. A Synopsys blog explains one reason why: Developers are builders first. “Developers’ primary job is to create features that work—not to worry about what might go wrong.” Could it be something more than a focus on the creative, however? Perhaps. The post Developers Need Security Training appeared first on Security Boulevard.

Security Awareness 113

Security Awareness Cybersecurity 113

Heimadal Security

FEBRUARY 22, 2022

More than 50,000 Android devices have been infected with a new banking trojan called Xenomorph, which was spread via Google Play Store in order to steal financial information. Users of dozens of banks in Spain, Portugal, Italy, and Belgium are being targeted by the new malware, which is still in the early stages of development. […]. The post Xenomorph Malware Targets Android Devices to Steal Financial Info appeared first on Heimdal Security Blog.

Malware 114

Malware Banking Cybersecurity 114

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

eSecurity Planet

FEBRUARY 22, 2022

Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. Zero-click attacks remove this hurdle. They can compromise the targeted device despite a victim’s good security hygiene and practices. There is no need for social engineering , as the program can implant backdoors directly without forced consent.

Spyware 110

Spyware Software Government Social Engineering 110

We Live Security

FEBRUARY 22, 2022

It’s never too late to prevent children from being dragged to the dark side and to ensure their skills are a force for good. The post Teenage cybercrime: How to stop kids from taking the wrong path appeared first on WeLiveSecurity.

Cybercrime 106

Cybercrime 106

Webroot

FEBRUARY 22, 2022

According to the latest ISACA State of Security 2021 report , social engineering is the leading cause of compromises experienced by organizations. Findings from the Verizon 2021 Data Breach Investigations Report also point to social engineering as the most common data breach attack method. Social engineering is a term used to describe the actions a cybercriminal takes to exploit human behavior in order to gain access to confidential information or infiltrate access to unauthorized systems and da

Social Engineering 106

Social Engineering Engineering Cybercrime Hacking 106

Malwarebytes

FEBRUARY 22, 2022

Besides the name of the creature that “stars” in the Alien movies by 20 th Century Fox, Xenomorph is also the name given to an Android banking Trojan. Researchers found this banking Trojan to be distributed on the official Google Play Store, with more than 50,000 installations. The researchers dubbed this malware Xenomorph because it shows similarities to another banking Trojan that is generally known as Alien.

Banking 105

Banking Backups Malware Cryptocurrency 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

FEBRUARY 22, 2022

With challenging cybersecurity requirements on the horizon for automotive companies in 2022, security teams can look to BSIMM12 for guidance. The post Navigating the road ahead for automotive cybersecurity appeared first on Software Integrity Blog. The post Navigating the road ahead for automotive cybersecurity appeared first on Security Boulevard.

Cybersecurity 104

Cybersecurity Software Penetration Testing Risk 104

Bleeping Computer

FEBRUARY 22, 2022

The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites. [.].

Phishing 101

Phishing Mobile 101

The Hacker News

FEBRUARY 22, 2022

Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.

99

99

Security Boulevard

FEBRUARY 22, 2022

Many thanks to BSidesAugusta for publishing their outstanding videos from the BSidesAugusta 2021 Conference on the organization’s YouTube channel. Permalink. The post BSidesAugusta 2021 – Tim Crothers’ ‘Analyzing Public Breaches’ appeared first on Security Boulevard.

Education 98

Education InfoSec Information Security Cybersecurity 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

FEBRUARY 22, 2022

Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million.

Phishing 97

Phishing Authentication 97

Security Boulevard

FEBRUARY 22, 2022

The classic approach, though, revolves around combining SOAR and IRP to automate routine operations and speed up incident response. The post Automating Incident Response appeared first on Radware Blog. The post Automating Incident Response appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

The Hacker News

FEBRUARY 22, 2022

An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector.

Government 97

Government 97

Security Boulevard

FEBRUARY 22, 2022

Motivated by the continual surge in eCommerce, which according to UNCTAD has seen unprecedented growth during the COVID-19 pandemic, retailers are scrambling to adapt to a shift in consumer demand and create unique customer experiences that set them apart from the competition. The rise in online sales and new technologies means businesses are being more […].

eCommerce 98

eCommerce Retail Technology Accountability 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

FEBRUARY 22, 2022

US cookware distributor giant Meyer Corporation discloses a data breach that affected thousands of its employees. Meyer Corporation, the second-largest cookware distributor globally, has disclosed a data breach that affects thousands of its employees. The attack took place on October 25, 2021, as reported by the data breach notification letter shared with the U.S.

Data breaches 96

Data breaches Insurance Ransomware Government 96

Security Boulevard

FEBRUARY 22, 2022

Managed service providers (MSPs) are needed globally by companies in the modern-day. Email processes and marketing are a massive portion of the common work of an MSP. Due to this, the rampant rise in email scams and attacks has become a subject that MSPs should concern themselves with. In fact, research has shown that attackers […]. The post Why MSPs Need to Focus on Email Security?

Scams 98

Scams Marketing Security Awareness 98

Acunetix

FEBRUARY 22, 2022

2021 was a banner year for cyberattacks, with reported breaches increasing by 68 percent. The record-breaking number of 1,862 data breaches put previous years to shame, especially considering industry-rocking incidents like Log4Shell, which had most organizations in the public and private sectors scrambling to secure. Read more. The post The cutting-edge conundrum: Why federal agencies can’t compromise on security appeared first on Acunetix.

Data breaches 96

Data breaches 96

Security Boulevard

FEBRUARY 22, 2022

Last year, we wrote an analysis on data privacy legislation updates. Last year, Mississippi didn’t pass its privacy bill and more than a dozen states had bills that are still under consideration. Iowa, Indiana, and Oklahoma are all in the process of moving various privacy bills through their legislatures, and several other states have begun to consider new laws.

Data privacy 98

Data privacy 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.