Schneier on Security

JULY 13, 2021

Interesting attack : Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IRGC) intelligence collection efforts, established backstopping for their credential phishing infrastructure by compromising a legitima

Hacking 337

Hacking Phishing Accountability Cybersecurity 337

Krebs on Security

JULY 13, 2021

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft. Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users.

DNS 260

DNS Engineering Internet Internet 260

Adam Shostack

JULY 13, 2021

It’s the latest in the World’s Shortest Threat Modeling videos! Also, I set up [link] to make it easy to find my Youtube channel.

130

130

CSO Magazine

JULY 13, 2021

To protect your enterprise against security threats, you need maximum visibility. That’s the fundamental notion behind SIEM (security information and event management) software, which is essential to the security defenses of most large and many medium enterprises. SIEM aggregates event and log data in real time from a range of network equipment, servers, system software, and other infrastructure to identify patterns, flag anomalies, and send alerts when potential threats are detected.

Software 144

Software Security Defenses 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JULY 13, 2021

Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured. [.].

144

144

CSO Magazine

JULY 13, 2021

The dark web sites operated by the notorious REvil ransomware group suddenly went offline on Tuesday, prompting speculation that the US or Russian governments stepped in. Meanwhile, victims and the security companies working for them to recover data have been put in a more difficult situation. [ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the latest from CSO by signing up for our newsletters.

CSO 144

CSO Ransomware Government Malware 144

Security Boulevard

JULY 13, 2021

Are you tired of seeing your papier-mâché network defenses torn to shreds? Do you wish you could fake your way through yet another audit, but fear being exposed by a data leak? Are hoodlums in Adidas clothing using your IT infrastructure as their own personal cloud? Well, tough. Cybercriminals are here to stay and your. The post How to Build a Cybersecurity Culture appeared first on Security Boulevard.

Cybersecurity 143

Cybersecurity Security Awareness Phishing Malware 143

CyberSecurity Insiders

JULY 13, 2021

From the early hours of Tuesday ( July 13th,2021) most of the ransomware websites owned by REvil ransomware spreading gang have disappeared from the dark web and security researchers from Kaspersky say that the websites might be down because of a disruption caused by a cyber attack launched by a cyber unit operating under the regime of US President Joe Biden.

Cyber Attacks 142

Cyber Attacks Government Ransomware Engineering 142

We Live Security

JULY 13, 2021

How can organizations mitigate the risk of damaging cyberattacks while juggling the constantly changing mix of office and off-site workers? The post The hybrid workplace: What does it mean for cybersecurity? appeared first on WeLiveSecurity.

Cybersecurity 143

Cybersecurity Risk 143

Security Boulevard

JULY 13, 2021

Now everyone can learn what privacy means, how your privacy is impacted when using the web and mobile apps, and how to protect your privacy online thanks to a free course from Coventry University. The UK university has worked closely with experts including Pat Walshe at PrivacyMatters to create an informative online course, offering participants easy access to key information about how to keep their online privacy safe.

Artificial Intelligence 138

Artificial Intelligence Education Mobile Internet 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

JULY 13, 2021

Senior police officials from 167 countries have endorsed proposals set out by The International Criminal Police Organization (INTERPOL) to enhance international police cooperation to combat transnational cyber-related crime and corruption. The measures seek to boost the role of National Central Bureaus (NCBs) as a gateway between INTERPOL and frontline police, including increasing operational and investigative support and extending INTERPOL’s I-24/7 secure communications network to national poli

136

136

Tech Republic Security

JULY 13, 2021

Cyber News reports that this is the third time in four months that member information has shown up on a hacker forum.

155

155

eSecurity Planet

JULY 13, 2021

Email spoofing is a common tactic hackers use in phishing and social engineering attacks. Spoofing trends tend to increase around popular shopping holidays in the U.S., including Black Friday and Amazon Prime Day , and the recent LinkedIn data scrape has already led to an uptick in spoofing attempts. With these threats in mind, it’s important to understand how spoofing works and what you can do to protect yourself, your employees, and your business from falling victim to a spoofing attack.

Social Engineering 132

Social Engineering Phishing Engineering Marketing 132

We Live Security

JULY 13, 2021

Lessons to learn from the Kaseya cyberincident to protect your business' data when doing business with a MSP. The post Choosing your MSP: What the Kaseya incident tells us about third‑party cyber risk appeared first on WeLiveSecurity.

Cyber Risk 137

Cyber Risk Risk Ransomware 137

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

JULY 13, 2021

A report released by Australian Institute of Criminology(AIC) says that the populace of Australia is loosing billions of dollars every year to cyber-crime. When figures are taken into consideration, the report says that the total loss incurred through cyber crime was recorded as $3.5 AUD or $2 billion in USD. And the highlight is that individual victims lost more than $1.9 AUD in 2020.

Cyber Attacks 128

Cyber Attacks Government Cybersecurity Cyber threats 128

Tech Republic Security

JULY 13, 2021

Just as security leaders and pros are firming up their policies and strategies to secure hybrid work for the foreseeable future—they get hit with an all-out assault of ransomware attacks.

Ransomware 114

Ransomware 114

CyberSecurity Insiders

JULY 13, 2021

This blog was written by an independent guest blogger. Ecommerce is a popular business model. Many people are getting into this business and looking for ways to secure early retirement from typical 9 to 5 jobs. With the right ideas and execution, there is a good chance that this will happen, but making it in eCommerce isn’t that easy as it was in the past.

eCommerce 127

eCommerce Cybersecurity Cyber threats 127

Dark Reading

JULY 13, 2021

More than half of enterprises surveyed for Dark Reading's State of Malware Threats report indicate they are making at least a few changes to their supply chain security defenses following recent attacks on software vendors such as SolarWinds.

Security Defenses 125

Security Defenses Threat Reports Malware Software 125

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JULY 13, 2021

For those security professionals who work to mitigate enterprise software vulnerabilities, it may often seem like Groundhog Day—patching and mitigating the same types of vulnerabilities over and over again. As a just-released report from crowdsourced penetration testing provider Cobalt found, that sense of déjà vu is not their imagination. From their database, Cobalt found that.

Penetration Testing 125

Penetration Testing Software Security Awareness Malware 125

Bleeping Computer

JULY 13, 2021

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [.].

Software 143

Software 143

Security Boulevard

JULY 13, 2021

In one of the first major surveys of IT and Security professionals since the Covid19 pandemic, Hysolate together with independent global survey organisation Global Surveyz interviewed 200 IT and Security leaders at top US and UK companies with 500-10,000 employees to learn more about the challenges they are facing. The findings are fascinating. Employees want … Continued.

CISO 123

CISO 123

Bleeping Computer

JULY 13, 2021

A new emergency directive ordered by the Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [.].

VPN 121

VPN Cybersecurity 121

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CSO Magazine

JULY 13, 2021

Learn how to counter the slow erosion of customer trust brought on by cyber threats. Securely Accelerate Digital Transformation and Customer Experiences Through Modern Identity. Derive key insights from Okta-BeyondID joint customers as they discuss how modern identity helps them adapt to the challenges a digital-first world. This session will focus on how to accelerate business transformation in a way that keeps cybersecurity and excellent digital experiences as top priorities.

Digital transformation 121

Digital transformation Cyber threats Cybersecurity 121

Bleeping Computer

JULY 13, 2021

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge. [.].

Software 122

Software 122

Security Boulevard

JULY 13, 2021

Domains impersonating companies and their brand names still pose a significant threat—research from Digital Shadows released today found that on average 1,100 fake websites are registered against individual organizations annually. And with commercial phishing kits available in criminal marketplaces for as little as $50, Digital Shadows found, cybercriminals can target a brand and have a.

Phishing 120

Phishing Financial Services Social Engineering Engineering 120

Bleeping Computer

JULY 13, 2021

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system. [.].

Authentication 119

Authentication 119

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JULY 13, 2021

A good way to monitor the overall health of the IT security industry is to track the publicly traded companies in the space. I previously reported on the performance of 20 cybersecurity companies in 2020. This is an update on those 20 companies with the addition of newly minted SentinelOne, trading on NASDAQ with the. The post How Public Cybersecurity Companies Performed in 1H 2021 appeared first on Security Boulevard.

Cybersecurity 120

Cybersecurity CISO Mobile Network Security 120

SC Magazine

JULY 13, 2021

The Microsoft logo is illuminated on a wall during a Microsoft launch event in New York City. Microsoft released fixes for 117 vulnerabilities. (Photo by Drew Angerer/Getty Images). Microsoft on Tuesday picked up the pace on patching for July and released fixes for 117 vulnerabilities, four of which are being actively exploited in the wild. July represents a dramatic shift from the relatively light releases security researchers have seen over previous months, highlighting an uptick in zero-day e

Marketing 119

Marketing DNS Media Engineering 119

Heimadal Security

JULY 13, 2021

A new Python-based malware that targets online gambling companies in China was recently discovered by Trend Micro researchers Joseph C Chen, Kenney Lu, Jaromir Horejsi, and Gloria Chen. Dubbed BIOPASS RAT, the malware targets its victims through a watering hole attack, tricking them into downloading a malware loader disguised as a legitimate installer for well-known […].

Malware 119

Malware Cybersecurity 119

Bleeping Computer

JULY 13, 2021

The infrastructure and websites for the REvil ransomware operation have mysteriously gone offline as of last night. [.].

Ransomware 145

Ransomware 145

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.