Schneier on Security

SEPTEMBER 19, 2022

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from “as many as” 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because “…courts have long granted an exception to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.” CBP’s inspection of people̵

Computers and Electronics 271

Computers and Electronics Surveillance 271

Tech Republic Security

SEPTEMBER 19, 2022

Half of the top 20 most valuable public U.S. companies had at least one single sign-on credential up for sale on the Dark Web in 2022, says BitSight. The post How to protect your organization’s single sign-on credentials from compromise appeared first on TechRepublic.

Phishing 148

Phishing Cybersecurity 148

We Live Security

SEPTEMBER 19, 2022

Here are some of the most common ways that an iPhone can be compromised with malware, how to tell it’s happened to you, and how to remove a hacker from your device. The post Can your iPhone be hacked? What to know about iOS security appeared first on WeLiveSecurity.

Hacking 145

Hacking Malware Mobile 145

Tech Republic Security

SEPTEMBER 19, 2022

Grab a special deal on the secure Ivacy virtual private network and NAT firewall today. The post Get a lifetime of VPN protection for just $60 appeared first on TechRepublic.

VPN 148

VPN Firewall Software Network Security 148

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

CyberSecurity Insiders

SEPTEMBER 19, 2022

By Lisa Xu [Lisa Xu is CEO of the risk-based vulnerability management platform NopSec ]. To better understand how organizations approach vulnerability management, oversee their attack surface, and control risk, NopSec surveyed 426 security professionals with questions designed to illuminate and quantify their day-to-day challenges, frustrations, and priorities.

Risk 140

Risk Ransomware Technology Data breaches 140

SecureList

SEPTEMBER 19, 2022

To prevent a cyberattack, it is vital to know what the attack surface for your organization is. To be prepared to repel the attacks of cybercriminals, businesses around the world collect threat intelligence themselves or subscribe for threat intelligence services. Continuous threat research enables Kaspersky to discover, infiltrate and monitor resources frequented by adversaries and cybercriminals worldwide.

Data collection 128

Data collection Government Software 128

CSO Magazine

SEPTEMBER 19, 2022

The way Yaron Cohen sees it, companies today must do in the digital world what came naturally to neighborhood merchants who saw their customers every day. “In the old world, when people used to go to the corner store and meet the same shopkeeper every day, he’d know their tastes and what they’d buy and would personalize the experience for them,” says Cohen, a user experience researcher focused on digital strategy.

Small Business 123

Small Business Media 123

CyberSecurity Insiders

SEPTEMBER 19, 2022

To help customers recover from data incidents, Google, the internet giant, has introduced cloud backup and Disaster Recovery (DR) feature from its console to all its customers directly from its console. Thus, those using Google cloud storage platform as a repository, directory, and application database can now avail the DR services as an effective backup solution across multiple workloads.

Backups 123

Backups Engineering Internet Internet 123

Heimadal Security

SEPTEMBER 19, 2022

In an update to the notification regarding the cyberattack suffered in August, LastPass, one of the most widely used password management programs in the world, shared the conclusion of the investigation following the attack. The company’s investigation was performed in conjunction with cybersecurity firm Mandiant and shows that the threat actors had had access to […].

Passwords 122

Passwords Encryption Password Management Cybersecurity 122

eSecurity Planet

SEPTEMBER 19, 2022

These days, users need an ever-growing number of online accounts to stay connected with their friends, colleagues, and employers. Since many people use the same passwords or patterns when generating passwords, hackers have more and more opportunities to gain access to sensitive company data. For enterprise organizations with a large workforce that must access a wide variety of applications and databases, the risk is exponentially greater.

Password Management 122

Password Management Passwords Software Encryption 122

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Heimadal Security

SEPTEMBER 19, 2022

New York-based company, Empress EMS (Emergency Medical Services), has disclosed through an official notification that it’s been the victim of a ransomware attack on July 14, 2022. Further investigations found that the intruder gained access to the company’s systems on May 26, 2022. On the 13th of July, “a small subset of files” was exfiltrated by […].

Data breaches 119

Data breaches Ransomware Cybersecurity 119

Security Affairs

SEPTEMBER 19, 2022

Multiple Netgear router models are impacted by an arbitrary code execution via FunJSQ, which is a third-party module for online game acceleration. Researchers at security and compliance assessment firm Onekey warns of an arbitrary code execution via FunJSQ, which is a third-party module developed by Xiamen Xunwang Network Technology for online game acceleration, that impacts multiple Netgear router models.

Firmware 114

Firmware Passwords Technology Hacking 114

Heimadal Security

SEPTEMBER 19, 2022

The European Commission has suggested a new “EU Cyber Resilience Act.” The act intends to protect customers and companies who purchase or use goods and software that include a digital component. Device manufacturers with poor cybersecurity policies and features risk paying fines if the new regulation is enacted. What Is The Act Affecting?

IoT 109

IoT Cybersecurity Manufacturing Software 109

CyberSecurity Insiders

SEPTEMBER 19, 2022

Indian Computer Emergency Response Team (CERT) has issued a warning about two cyber threats hitting the sub-continent populace active online. The first is related to a Zoom Security vulnerability that left unattended could allow hackers to sneak into the data of Zoom application meeting users. The video conferencing platform has already issued a patch to fix the issue.

Malware 106

Malware Computers and Electronics Banking Cyber threats 106

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

SEPTEMBER 19, 2022

A spate of thefts from gym lockers is reminding us that SMS based two-factor authentication (2FA) is utter, UTTER garbage. The post Victims of Gym Phone Theft Lose $10,000 Each (Because SMS 2FA) appeared first on Security Boulevard.

Authentication 105

Authentication Social Engineering Banking Security Awareness 105

CyberSecurity Insiders

SEPTEMBER 19, 2022

Two hackers from Vietnam launched a ransomware attack on the Britain-based Hotel Chain owner Intercontinental Hotels Group (IHG). And since they were digitally blocked to conduct a file encrypting malware attack, they chose to delete huge amounts of data through a wiper malware. The couple who claims to be wife and husband and technically named themselves as ‘TeaPea’ reached the BBC via Telegram Messaging app and provided some screenshots proving their hacking claims.

Ransomware 104

Ransomware Malware Cyber Attacks Encryption 104

Security Affairs

SEPTEMBER 19, 2022

Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. Researchers from Necrum Security Labs discovered a couple of critical vulnerabilities, tracked as CVE–2022–36158 and CVE–2022–36159, impacting the Contec Flexlan FXA3000 and FXA2000 series LAN devices. The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec that conform to IEEE 802.11n/a/b/g wireless.

Wireless 102

Wireless Firmware Passwords Engineering 102

The Hacker News

SEPTEMBER 19, 2022

American video game publisher Rockstar Games on Monday revealed it was a victim of a "network intrusion" that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI.

99

99

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

SEPTEMBER 19, 2022

Revolut has suffered a cyberattack, threat actors have had access to personal information of tens of thousands of customers. The financial technology company Revolut suffered a ‘highly targeted’ cyberattack over the weekend, threat actors had access to the personal information of 0.16% of its customers (approximately 50,000 users). The company states that it has already contacted the impacted customers. “We have contacted the impacted individuals by email with further informati

Social Engineering 100

Social Engineering Data breaches Scams Engineering 100

The Hacker News

SEPTEMBER 19, 2022

Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened.

Risk 98

Risk 98

Security Affairs

SEPTEMBER 19, 2022

Uber hack update: There is no evidence that users’ private information was compromised in the data breach. Uber provided an update regarding the recent security breach of its internal computer systems, the company confirmed that there is no evidence that intruders had access to users’ private information. “We have no evidence that the incident involved access to sensitive user data (like trip history).” reads the update provided by the company. “Internal software to

Data breaches 100

Data breaches Hacking Engineering Passwords 100

The Hacker News

SEPTEMBER 19, 2022

The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year.

Ransomware 98

Ransomware Banking Malware 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

SEPTEMBER 19, 2022

AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs.

Encryption 98

Encryption Cybercrime Hacking Malware 98

Security Boulevard

SEPTEMBER 19, 2022

A couple of weeks ago IT and security professionals gathered in-person at the Gartner Identity & Access Management (IAM) Summit. The post Key takeaways from Gartner IAM summit 2022 appeared first on Entrust Blog. The post Key takeaways from Gartner IAM summit 2022 appeared first on Security Boulevard.

98

98

The Hacker News

SEPTEMBER 19, 2022

Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend.

Security Intelligence 98

Security Intelligence 98

Security Boulevard

SEPTEMBER 19, 2022

A joint advisory published this year by intelligence agencies from the U.S., Canada, UK, Australia and New Zealand, also known as the ‘Five Eyes’, underpins a critical concern about the potential for nation-state-sponsored attacks. The advisory specifically highlighted the threats targeting critical service providers with the goal of enhancing the defenses of likely victims.

Security Awareness 98

Security Awareness Risk Government Cybersecurity 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

SEPTEMBER 19, 2022

The operators of the Chromeloader adware are evolving their attack methods and gradually transforming the low-risk tool into a dangerous malware loader, seen dropping ransomware in some cases. [.].

Adware 98

Adware Malware Ransomware Risk 98

Security Boulevard

SEPTEMBER 19, 2022

Almost every organization’s work environment has experienced changes in the face of the health crisis during previous years. Working remotely became a necessity which drastically changed the cybersecurity landscape. Data breaches, phishing attacks, and cybercrime became daily occurrences—something that’s still prevalent today. In this recap, we’ll cover email security news and cybersecurity news of the […].

Data breaches 98

Data breaches Cybercrime Phishing Cybersecurity 98

Bleeping Computer

SEPTEMBER 19, 2022

Microsoft is investigating a known issue affecting Outlook for Microsoft 365 users and preventing them from creating Teams meetings using the app's ribbon menu. [.].

98

98

Security Boulevard

SEPTEMBER 19, 2022

. The post Arming the Defender Force and Securing the Software Supply Chain: Helping Developers Implement CISA Best Practices – Part 1 appeared first on Security Boulevard.

Software 98

Software Firewall Cybersecurity 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!