Schneier on Security

MARCH 30, 2021

Researchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). From a news article : The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone (it

Malware 281

Malware Manufacturing Encryption Government 281

Tech Republic Security

MARCH 30, 2021

One way to get C-level managers and cybersecurity department heads on the same page is to employ cyber risk quantification, as it speaks to costs versus risks.

Cyber Risk 209

Cyber Risk Risk Cybersecurity 209

Adam Shostack

MARCH 30, 2021

I have been lucky through these unprecendented and challenging times, and I’m grateful to have avoided many of the awful problems that others have faced. In my own little way, I spent a lot of time worried that delivering threat modeling training was only possible with us in the same room together. Through the pandemic, I’ve rebuilt the way I teach threat modeling.

Education 130

Education 130

Tech Republic Security

MARCH 30, 2021

KODA advising CTO John Suit discusses the skills and languages that are important for developers who want to build software and systems for modern robots.

Software 196

Software 196

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Hot for Security

MARCH 30, 2021

Australia’s Channel 9 network disrupted by cybercriminals Staff told to work from home as station attempts to recover from attack. Live broadcasts from Australia’s Channel 9 TV network were disrupted this weekend following what is believed to have been a cyber attack. As Channel Nine’s “Weekend Today” programme was scheduled to go live on air, the show’s presenters were forced to turn to Twitter to explain their absence.

Cyber Attacks 145

Cyber Attacks Encryption Government Ransomware 145

Tech Republic Security

MARCH 30, 2021

Malicious commits were made to the php-src repo on Sunday that could have enabled hackers to perform remote code execution on websites running the hijacked code.

156

156

Tech Republic Security

MARCH 30, 2021

Two of three phishing pages analyzed by Armorblox were hosted on legitimate services to try to sneak past the usual security protection.

Security Defenses 162

Security Defenses Phishing 162

Bleeping Computer

MARCH 30, 2021

VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers. [.].

137

137

Tech Republic Security

MARCH 30, 2021

Over the past six months, the number of organizations hurt by ransomware shot up by more than 50%, says Check Point Research.

Ransomware 163

Ransomware 163

Security Boulevard

MARCH 30, 2021

By now most CISOs understand that focusing your cybersecurity program on regulatory compliance is no longer sufficient. Meeting. Read More. The post Developing a Risk Management Approach to Cybersecurity appeared first on Hyperproof. The post Developing a Risk Management Approach to Cybersecurity appeared first on Security Boulevard.

Risk 135

Risk Cybersecurity CISO Government 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MARCH 30, 2021

To no one's great surprise, as a means of authentication, passwords still suck. E-commerce customers will jump ship if there's too much hassle.

Passwords 150

Passwords Authentication 150

Security Boulevard

MARCH 30, 2021

With the explosion of internet-of-things (IoT) and connected, industrial IoT (IIoT), and connected, smart home devices, it is getting harder and harder to find things that don’t have some sort of embedded operating system and connectivity today. While connected devices can streamline productivity and provide a variety of benefits, they also expose you to risk. [.].

IoT 131

IoT Internet Internet Risk 131

Tech Republic Security

MARCH 30, 2021

Security expert says because we can't inspect the inner workings of the software we buy, we're at the mercy of software companies' security practices.

Software 135

Software 135

CyberSecurity Insiders

MARCH 30, 2021

Microsoft issued a press statement yesterday saying that simple patching of its Exchange Servers will not remove the access of the attacker on systems that have been compromised. So, the cyber threat still exists in the patched systems and can be exploited by hackers soon, says a research conducted by F-Secure. Supporting this newly discovered theory is the research carried out by Microsoft 365 Defender Threat Intelligence Team that released a report that human operated ransomware attacks or dat

Cyber threats 130

Cyber threats Banking Manufacturing Ransomware 130

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

MARCH 30, 2021

While you need endpoint protection to secure your remote workers, you must still guard all your network services at the office and in the cloud, says WatchGuard Technologies.

Technology 120

Technology 120

CyberSecurity Insiders

MARCH 30, 2021

This blog was written by an independent guest blogger. Educational institutions are reaping the many benefits and new possibilities offered by online learning, but these new methods of educational instruction come with serious cyber security concerns. These institutions are also a prime focus for hackers because they often host a lot of sensitive data about teachers and students.

Education 128

Education Cyber threats Technology Cybersecurity 128

CSO Magazine

MARCH 30, 2021

Unknown attackers managed to break into the central code repository of the PHP project and add malicious code with the intention to insert a backdoor into the runtime that powers most websites on the internet. The hackers impersonated two high-profile PHP developers, but the code commits were not very subtle and were detected within hours when other developers reviewed them. [ Learn how to track and secure open source in your enterprise. | Get the latest from CSO by signing up for our newsletter

Authentication 128

Authentication CSO Internet Internet 128

Tech Republic Security

MARCH 30, 2021

KODA advising CTO John Suit discusses the skills and languages that are important for developers who want to build software and systems for modern robots.

Software 123

Software 123

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Hot for Security

MARCH 30, 2021

Instagram is a big part of the lives of many people, who use it daily to interact with friends and family. The popularity of the social media platform has also ensnared many businesses and individuals who find success in parading out various products, outfits and locations. With over 1 billion active users every month, Instagram is brimming with fraudsters and cybercriminals who prey on naive internet users through various scams.

Scams 124

Scams Accountability Phishing Media 124

Bleeping Computer

MARCH 30, 2021

US federal agencies have warned today against making or selling fake COVID-19 vaccination record cards as this is breaking the law. [.].

141

141

SC Magazine

MARCH 30, 2021

A medical technician in Bates Memorial Baptist Church in Louisville, Kentucky. A new study found that in health care, one in five files were visible to all employees. (Jon Cherry/Getty Images). The healthcare sector’s information security could use a check up. According to a new study by Varonis that tracked 3 billion files across 58 health care firms, one in five files were visible to all employees – including one in eight containing sensitive information.

Healthcare 122

Healthcare Account Security Accountability Risk 122

We Live Security

MARCH 30, 2021

Had the incident gone unnoticed, the attackers could have taken over websites using the tainted code. The post Backdoor added to PHP source code in Git server breach appeared first on WeLiveSecurity.

Malware 121

Malware 121

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CSO Magazine

MARCH 30, 2021

“I need a site hacker for $2,000,” “Break this site for $10K,” “Can you collect information from our competitors’ websites?” or “Can you delete reviews? Budget $300.

125

125

Tech Republic Security

MARCH 30, 2021

MFA can help make your organization more secure. Tom Merritt lists five things you need to know about multi-factor authentication.

Authentication 126

Authentication 126

CSO Magazine

MARCH 30, 2021

Remote learning has moved classrooms online and have students connected to their home networks for the majority of their day. Even outside their virtual classrooms, children often remain online, whether it be streaming television shows, playing video games, or browsing through social media. Cybercriminals have honed in on the influx of new devices connected to the home network as an opportunity to execute ransomware attacks, steal information, or compromise public school district’s security defe

Risk 114

Risk Cybersecurity Education Security Defenses 114

Security Boulevard

MARCH 30, 2021

According to a Pew Research Center survey, about 66% of Americans are over the age of 65 and many of them are online. The post Internet Safety Tips for Seniors and Scams to Watch Out for appeared first on Security Boulevard.

Scams 113

Scams Internet Internet 113

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

MARCH 30, 2021

The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, read on. What is PYSA ransomware? Home page image of the PYSA data leak site (Courtesy of Marcelo Rivero).

Ransomware 112

Ransomware Encryption Education Government 112

Hot for Security

MARCH 30, 2021

The severity of a data breach typically jumps in the short term and decreases as time progresses. But, according to a survey by International Information System Security Certification Consortium, or (ISC)², the 2020 SolarWinds incident bucked that trend in the eyes of cybersecurity professionals. Four months in, the infosec community is more concerned than ever about the infamous supply chain attack that resulted in the breach of more than 18,000 (confirmed) organizations.

InfoSec 111

InfoSec Software Data breaches Cybersecurity 111

Security Affairs

MARCH 30, 2021

VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that could allow threat actors to steal admin credentials from vulnerable installs. VMware vRealize Operations is a self-driving and AI-powered platform for the management of IT operations for private, hybrid, and multi-cloud environments.

Authentication 109

Authentication Hacking Technology Information Security 109

The Hacker News

MARCH 30, 2021

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month.

Data breaches 107

Data breaches Mobile Passwords 107

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.