Schneier on Security
JULY 20, 2022
The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. It’s actually malware, and provides information back to the Russians: The hackers pretended to be a “community of free people around the world who are fighting russia’s aggression”—much like the IT Army.
Tech Republic Security
JULY 20, 2022
Cybercriminals are creating fake cryptocurrency investment apps designed to defraud US investors and exploit investment firms, cautions the FBI. The post FBI warns of phony cryptocurrency apps aiming to steal money from investors appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Jane Frankland
JULY 20, 2022
This week’s blog comes from one of The Source’s interns, Raisa Begum. Raisa is a STEM undergraduate and having started with us by reading a tonne of content, including INSecurity, I wanted her to dig a little deeper on the struggle for women in male dominated industries, like cyber, get her voice out there, and pull some things together for you.
Tech Republic Security
JULY 20, 2022
Jack Wallen tests the Acronis Cyber Protect Home Office app, a disaster recovery tool anyone can use to create a full disk clone of crucial systems with ease. The post Acronis Cyber Protect Home Office: The full image backup tool to meet today’s demanding needs appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JULY 20, 2022
Salt Security today extended its security platform for application programming interfaces (APIs) to include the ability to visually depict API call sequences, create attack simulations before APIs are released into production and gain insights into attacker behaviors and patterns. Elad Koren, chief product officer for Salt Security, said the latest version of the Salt Security.
Malwarebytes
JULY 20, 2022
Fraudsters have long been leveraging the shady corners of the internet to place malicious adverts, leading users to various scams. However, every now and again we see a campaign that goes mainstream and targets some of the world’s top brands. Case in point, we recently uncovered a malvertising chain abusing Google’s ad network to redirect visitors to an infrastructure of tech support scams.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Veracode Security
JULY 20, 2022
The software security landscape has drastically evolved over the past few years. Think back to the start of COVID-19. The sudden shift to virtual operations expediated digital transformations. Government agencies now have to release new digital products and services in tighter timeframes, causing public sector leadership to choose between speed of deployments or verifiably secure code.
Security Affairs
JULY 20, 2022
Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. Luna ransomware is the third ransomware family that is written in Rust language, other malware strains are BlackCat and Hive.
Anton on Security
JULY 20, 2022
Let’s continue our fun conversation on threat detection in the cloud that we started in “Who Does What In Cloud Threat Detection?” and “How to Think about Threat Detection in the Cloud” and continued somewhat in “Detection as Code? No, Detection as COOKING!” and “Does the World Need Cloud Detection and Response (CDR)?” Many organizations, and industry at large, still have challenges with defining what good looks like in threat detection in general.
The State of Security
JULY 20, 2022
When we get into cybersecurity, one of the first things any organisation or company should do is write a cybersecurity policy, one that is owned by all. Easy words to put down on paper, but what do they mean? So, what is a cybersecurity policy? Well, it is defined in the Gartner IT Glossary as, “an […]… Read More. The post Cybersecurity Policy – time to think outside the box?
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
JULY 20, 2022
Neopets that offer pet lovers the privilege to pamper a virtual pet were hit by a cyber attack resulting in data breach of over 69 million members and the source code of a few of the virtual games that can be played with digital pets. As per an update released by Bleeping Computer, the online resource to publish this info first, a threat actor named TarTarX was the one who intercepted the database to steal source code and the information stored on the database.
Bleeping Computer
JULY 20, 2022
Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges. [.].
CSO Magazine
JULY 20, 2022
Securing the software supply chain continues to be one of the most discussed topics currently among IT and cybersecurity leaders. A study by In-Q-Tel researchers shows a rapid rise in software supply chain attacks starting around 2016, going from almost none in 2015 to about 1,500 in 2020. The Cloud Native Computing Foundation’s (CNCF’s) catalog of software supply chain attacks also supports a rise in this attack vector.
CyberSecurity Insiders
JULY 20, 2022
Black Basta Ransomware has now released the stolen data of one of its victims, which it targeted almost 2-3 weeks ago. As per the information available on its website accessible only through the dark web, Germany company Knauf was targeted by Black Basta on June 29th this year, locking down its database on a temporary note. Knauf that has over 30,000 employees on a global note issued a statement via its website on July 19th this year.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
JULY 20, 2022
Listen to Cameron Camp, Juraj Jánošík, and Filip Mazán discuss the use of machine learning in cybersecurity, followed by Cameron’s insights into the security of medical devices. The post ESET Research Podcast: Hot security topics at RSA or mostly hype? appeared first on WeLiveSecurity.
The State of Security
JULY 20, 2022
Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware. Read more in my article on the Tripwire State of Security blog.
Malwarebytes
JULY 20, 2022
Ring, the Amazon-owned company behind the popular smart doorbells, has admitted to giving doorbell data to law enforcement willy-nilly. All they have to do is fill out a form called the Amazon Law Enforcement Request Tracker —no need to ask for the data owner’s consent, give a warrant or court order. The company revealed this in response to a letter Senator Edward Markey (D-Mass.) sent Amazon in June 2022.
CSO Magazine
JULY 20, 2022
UK-based cybersecurity vendor Sophos announced today that it had reorganized its SophosLabs, Sophos SecOps and Sophos AI teams into an umbrella group called Sophos X-Ops, in order to provide a more unified response to advanced threats. The company said that while its security teams routinely share information among themselves, the creation of the X-Ops team makes that process faster and more streamlined.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
JULY 20, 2022
Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. [.].
Malwarebytes
JULY 20, 2022
A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle, and one which Facebook has just got the upper hand to. This type of tracking involves adding additional parameters to the URLs that you click on a daily basis. When you click one of these parameter-laden links, the organisation which added the parameter to the URL knows that you’ve clicked it.
Security Affairs
JULY 20, 2022
Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely hack them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 million vehicles.
Security Boulevard
JULY 20, 2022
Mature cyber security teams understand a harsh reality often ignored by legacy cyber tools vendors: correlation must not be confused with causation. The post False Narratives in the Cybersecurity Tools Market appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureList
JULY 20, 2022
Introduction. In our crimeware reporting service, we analyze the latest crime-related trends we come across. If we look back at what we covered last month, we will see that ransomware (surprise, surprise!) definitely stands out. In this blog post, we provide several excerpts from last month’s reports on new ransomware strains. Luna: brand-new ransomware written in Rust.
Security Boulevard
JULY 20, 2022
Phishing scams are hardly a new concept. In fact, the first phishing attacks date back nearly 30 years to the mid-1990s. But despite the tactic’s age, it remains incredibly popular among cybercriminals for one important reason: It works. Human beings are just as fallible today as they were in the ’90s, and attackers have had. The post Preventing CEO Impersonation Phishing Scams appeared first on Security Boulevard.
Trend Micro
JULY 20, 2022
In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking.
Security Boulevard
JULY 20, 2022
When we get into cybersecurity, one of the first things any organisation or company should do is write a cybersecurity policy, one that is owned by all. Easy words to put down on paper, but what do they mean? So, what is a cybersecurity policy? Well, it is defined in the Gartner IT Glossary as, “an […]… Read More. The post Cybersecurity Policy – time to think outside the box?
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
JULY 20, 2022
Security pros' experience with transparency and evaluating third-party partners positions them to act as key environmental, social, and governance advisers.
Security Boulevard
JULY 20, 2022
To keep up with data compliance and data protection strategies, IT and security teams use a combination of processes and technologies to track digital assets - such as hardware, software, cloud programs and sensitive data - and gain a better understanding of the company’s internal and external attack surface. The post Penetration Testing Vs Vulnerability Scanning: What’s the Difference?
Malwarebytes
JULY 20, 2022
The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. The seized funds amounting to half a million US dollars, include ransoms paid by health care providers in Kansas and Colorado. Maui ransomware. Deputy Attorney General Lisa O.
Security Boulevard
JULY 20, 2022
Let’s continue our fun conversation on threat detection in the cloud that we started in “Who Does What In Cloud Threat Detection?” and “How to Think about Threat Detection in the Cloud” and continued somewhat in “Detection as Code? No, Detection as COOKING!” and “Does the World Need Cloud Detection and Response (CDR)?”. Many organizations, and industry at large, still have challenges with defining what good looks like in threat detection in general.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
244 
Let's personalize your content