Krebs on Security
AUGUST 19, 2021
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.
Schneier on Security
AUGUST 19, 2021
It’s a big one : As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social security numbers , driver’s license information, and IMEI numbers , unique identifiers tied to each mobile device.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
AUGUST 19, 2021
TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information. At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Related: Kaseya hack worsens supply chain risk.
Tech Republic Security
AUGUST 19, 2021
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
AUGUST 19, 2021
Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands. The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity.
Tech Republic Security
AUGUST 19, 2021
As the predominantly pandemic-caused global chip shortage rolls on, businesses are now facing another challenge — component scams and bogus supply-chain claims.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 19, 2021
ThroughTek's Kalay is used to manage security cameras, baby monitors, DVRs and more. A newly discovered flaw lets attackers watch, listen and steal recordings from hardware sold by dozens of vendors.
Bleeping Computer
AUGUST 19, 2021
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. [.].
Tech Republic Security
AUGUST 19, 2021
With 40 million people having their SSN exposed during the T-Mobile hack, it's time to reconsider the usefulness of the Social Security number.
Graham Cluley
AUGUST 19, 2021
Got a grudge against an Instagram user? Like to wipe your ex-partner's sickening selfies off social media? Well, scammers may just have the perfect service for you - at quite an affordable price. Read more in my article on the Tripwire State of Security blog.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
AUGUST 19, 2021
Attackers captured the names, dates of birth, Social Security numbers and driver's license numbers of millions of current, former and potential T-Mobile customers.
CSO Magazine
AUGUST 19, 2021
I am proud to say that the annual Life and Times of Cybersecurity Professionals report from ESG and ISSA is now available for free download. As part of the research for this report, we always ask cybersecurity professionals several questions about the global cybersecurity skills shortage. Is it real? Are things improving or getting worse? Is your organization impacted and, if so, how?
Tech Republic Security
AUGUST 19, 2021
Looking for an easier way to configure SSH on your data center servers? How about Webmin? Jack Wallen walks you through some of the options for better SSH security using this web-based GUI.
Bleeping Computer
AUGUST 19, 2021
Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer—no verification needed. And worse, the employer cannot easily take these down. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
AUGUST 19, 2021
Britain is all set to launch a new law where the common public will be subjected to AI driven CCTV surveillance that will help nab criminals. But privacy advocates worry that the new law that is proposed to be implemented by this year’s end in councils related to England and Wales might trigger additional concerns. Soon those living in & around Britain might face a dystopian future as the government is planning to turn public spaces into open air prisons.
Security Boulevard
AUGUST 19, 2021
Researchers have disclosed a nasty new way for bad people to mess up the internet for the rest of us. The post Great Firewall Ready to Unleash ‘Gigantic’ DDoS—so are Other Middleboxes appeared first on Security Boulevard.
CyberSecurity Insiders
AUGUST 19, 2021
These days, all latest versions of Android phones come up with in-built protection that helps in keeping threats of any range at bay. But as not all are activated by default, it is the duty of the user to see if their device is tweaked with all basic security settings that are as follows-. Screen Lock- In order to secure an android phone or tablet, one needs to secure it with a screen lock that can be a PIN, pattern, or a password.
CSO Magazine
AUGUST 19, 2021
Anyone who has ever traveled knows that bedbugs are the kiss of death for a hotel, and possibly the franchise, as no one likes to get bit. BlackBerry is hoping the analogy doesn’t transfer to the bugs found in its QNX embedded operating system. The company opted to quietly handle the vulnerability with its partners, apparently hoping the public wouldn’t get a whiff of the bad news. [ Learn what you need to know about defending critical infrastructure. | Get the latest from CSO by signing up for
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
AUGUST 19, 2021
At the end of last week, T-Mobile was investigating reports of a “massive” customer data breach. A hacker claimed to stolen 100 million people’s data from T-Mobile’s servers, which included everything from names and driver licences to addresses and social security numbers. It’s now confirmed something bad did take place. Their estimate is currently “at least” 47m affected people, with around 7.8 million current postpaid customers impacted.
InfoWorld on Security
AUGUST 19, 2021
Cloud-based authentication and authorization platforms—sometimes known as IDaaS, or identity as a service — are an expanding area of cloud tooling, and it’s easy to see why. App security is difficult and error-prone, and virtually every project requires it. The ability to offload much of the work to a dedicated and proven service is enticing. Auth0 is an up-and-coming provider of authentication and authorization services (and open source software ).
Bleeping Computer
AUGUST 19, 2021
Microsoft has finally released the first official ISOs for Windows 11, allowing users to perform clean installs of the new operating system. [.].
CSO Magazine
AUGUST 19, 2021
Reading a list of cybersecurity compliance frameworks is like looking at alphabet soup: NIST CSF, PCI DSS, HIPAA, FISMA, GDPR…the list goes on. It’s easy to be overwhelmed, and not only because of the acronyms. Many frameworks do not tell you where to start or exactly how to become compliant. Cybersecurity best practices from the Center for Internet Security (CIS) provide prioritized, prescriptive guidance for a strong cybersecurity foundation.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
AUGUST 19, 2021
Memorial Health System, based in Ohio, is trending on Google for becoming a recent victim to a ransomware attack. Highly placed sources report that the IT systems of the healthcare organization were hit by a ransomware on August 15th,2021 affecting emergency services at over 64 clinics and three hospitals- Selby General, Sistersville General and Marietta Memorial.
CSO Magazine
AUGUST 19, 2021
What is the CCSP certification? CCSP is a cloud-focused security certification for experienced security pros offered by the International Information System Security Certification Consortium, or (ISC) 2. CCSP stands for Certified Cloud Security Professional, and it's one of a suite of certs offered by (ISC) 2 , a nonprofit focused on training and certifying cybersecurity professionals.
Bleeping Computer
AUGUST 19, 2021
Likely inspired by the LockBit ransomware gang, a Nigerian threat actor tried their luck with a $1 million payment lure to recruit an insider to detonate a ransomware payload on the company servers. [.].
CSO Magazine
AUGUST 19, 2021
The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS Benchmark was released in 2000. Today, there are more than 100 CIS Benchmarks configuration guidelines across 25+ product vendor families. Without community participation, we would not have CIS Benchmarks, as the community is at the heart of what drives development and consensus across industries and technologies.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
AUGUST 19, 2021
Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks. [.].
Malwarebytes
AUGUST 19, 2021
In a security advisory , Cisco has informed users that a vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.
Bleeping Computer
AUGUST 19, 2021
Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. [.].
CyberSecurity Insiders
AUGUST 19, 2021
As a cybersecurity professional, you probably spend most of your day honing your craft, refining your technical skills. While this is important, there are other focal points that should not be neglected. One of these is your responsibility to know all of the assets that are present in your organization. Achieving full asset visibility is a difficult endeavor.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
355 
Let's personalize your content