Thu.Oct 29, 2020

article thumbnail

Why Predator is the ultimate CISO movie

Javvad Malik

There’s often a lot of debate as to what the best security or hacking movie is. Many people talk about Hackers, or Sneakers, or try and slip Mr Robot into the mix. But they are all way way waaaaay off the mark. I was reminded of this by Phil Cracknell who posted on linkedin that in his opinion the Kevin Costner, Whitney Houston classic, Bodyguard was the best infosec movie.

CISO 246
article thumbnail

Tracking Users on Waze

Schneier on Security

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users: I found out that I can visit Waze from any web browser at waze.com/livemap so I decided to check how are those driver icons implemented. What I found is that I can ask Waze API for data on a location by sending my latitude and longitude coordinates. Except the essential traffic information, Waze also sends me coordinates of other drivers who are nearby.

255
255
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybersecurity policy is a must in government

Tech Republic Security

One policy expert says cybersecurity measures should be an expected item that comes with every purchase, like the safety measures in your car.

article thumbnail

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

FBI and the DHS’s CISA agencies published a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia. The FBI, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) has issued a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Business Email Compromise attacks are on the rise

Tech Republic Security

BEC campaigns continue to shift their targets from C-suite executives and finance employees to group mailboxes, says Abnormal Security.

185
185
article thumbnail

Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals

Threatpost

Amid an uptick in attacks on healthcare orgs, malware families, Kegtap, Singlemalt and Winekey are being used to deliver the Ryuk ransomware to already strained systems.

Malware 114

More Trending

article thumbnail

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies. Experts from the US Cyber Command’s Cyber National Mission Force (CNMF) unit and the Cybersecurity and Infrastructure Security Agency (CISA) uploaded the samples on the V

Malware 108
article thumbnail

How to install the FreeIPA identity and authorization solution on CentOS 8

Tech Republic Security

Jack Wallen walks you through the process of installing an identity and authorization platform on CentOS 8.

165
165
article thumbnail

Catch the Most Sophisticated Attacks Without Slowing Down Your Users

McAfee

Most businesses cannot survive without being connected to the internet or the cloud. Websites and cloud services enable employees to communicate, collaborate, research, organize, archive, create, and be productive. Yet, the digital connection is also a threat. External attacks on cloud accounts increased by an astounding 630% in 2019. Ransomware and phishing remain major headaches for IT security teams, and as users and resources have migrated outside of the traditional network security perimete

article thumbnail

How phishing attacks are targeting schools and colleges

Tech Republic Security

Attackers are exploiting the need for schools to receive critical updates from teachers, principals, and department heads, says Barracuda.

Phishing 137
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

University Email Hijacking Attacks Push Phishing, Malware

Threatpost

Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF.

Phishing 107
article thumbnail

FBI: Hospitals and healthcare providers face imminent ransomware threat

Tech Republic Security

The FBI warns of a threat against the healthcare sector from Ryuk ransomware, and one that's already affected some hospitals.

article thumbnail

A Software Security Checklist Based on the Most Effective AppSec Programs

Veracode Security

Veracode???s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security team

article thumbnail

Government should make cybersecurity policy a priority

Tech Republic Security

Professor and cybersecurity policy expert says it should be something that is already in place with each purchase or subscription.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

McAfee Launches XDR, Browser Isolation, Cloud App Security Tools

Dark Reading

New additions are built to help organizations better respond to threats and protect applications and data in the cloud.

114
114
article thumbnail

A Guide to Increasing Your Email Security and Deliverability: DMARC

Approachable Cyber Threats

Category Guides. Risk Level. This is part three of a three part series on securing your email. You can read part one here and part two here. Have you ever found out that your email was being used to send spam - and when you check your “sent” folder, you don’t see any suspicious emails? Or have you ever had your legitimate emails end up in someone’s spam folder; including your marketing emails sent through third parties like Constant Contact , Mailchimp , Amazon SES , Salesforce , or SendGrid ?

DNS 90
article thumbnail

Cybercriminals Aim BEC Attacks at Education Industry

Dark Reading

Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.

Education 108
article thumbnail

Russia-linked Turla APT hacked European government organization

Security Affairs

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization. The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizat

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

How Healthcare Organizations Can Combat Ransomware

Dark Reading

The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.

article thumbnail

Ransomware Hits Dozens of Hospitals in an Unprecedented Wave

WIRED Threat Level

As Covid-19 infections spike in many parts of the US, malware gangs are wreaking havoc on the health care system.

article thumbnail

'Act of War' Clause Could Nix Cyber Insurance Payouts

Dark Reading

The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card.

article thumbnail

All the Ways Slack Tracks You—and How to Stop It

WIRED Threat Level

From changing privacy settings to putting limits on those infuriating notifications, here’s how to take control of Slack.

110
110
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Why Defense, Not Offense, Will Determine Global Cyber Powers

Dark Reading

Darktrace director of strategic threat Marcus Fowlers explains what to expect from nation-state attackers in the months to come -- and why kindergarten classes are a good model for solid cybersecurity.

article thumbnail

NVIDIA Patches Critical Bug in High-Performance Servers

Threatpost

NVIDIA said a high-severity information-disclosure bug impacting its DGX A100 server line wouldn't be patched until early 2021.

94
article thumbnail

Is Your Encryption Ready for Quantum Threats?

Dark Reading

Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.

article thumbnail

Critical Oracle WebLogic flaw CVE-2020-14882 actively exploited in the wild

Security Affairs

Threat actors have started exploiting a critical vulnerability in Oracle WebLogin, tracked as CVE-2020-14882, in attacks in the wild. Threat actors have started scanning the Internet for servers running vulnerable installs of Oracle WebLogic in the attempt of exploiting the a critical flaw tracked as CVE-2020-14882. The CVE-2020-14882 can be exploited by unauthenticated attackers to take over the system by sending a simple HTTP GET request.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Ransomware Wave Targets US Hospitals: What We Know So Far

Dark Reading

A joint advisory from the CISA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.

article thumbnail

Home Depot Confirms Data Breach in Order Confirmation SNAFU

Threatpost

Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information.

article thumbnail

Analysis: Forcepoint Can Still Succeed, But it Needs Committed Ownership

Dark Reading

Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.

78
article thumbnail

Oracle WebLogic Server RCE Flaw Under Active Attack

Threatpost

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.

Hacking 92
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.