Combatting the Growing Cyberthreat of QR Code Abuse
Lohrman on Security
FEBRUARY 14, 2021
Trend Micro
FEBRUARY 14, 2021
We discovered vulnerabilities in the SHAREit application. The vulns can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
FEBRUARY 14, 2021
Zerologon made its way into our collective awareness in late September 2020, when it was revealed that hackers were actively targeting the vulnerability. While the complete patch was made available this month, on February 9th, 2021, both Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have encouraged companies to use the available partial.
Security Affairs
FEBRUARY 14, 2021
The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes after the recent attacks on the Oldsmar water treatment plant’s network where attackers tried to raise levels of sodium hydroxid
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
FEBRUARY 14, 2021
Scotland School girls have excelled in the ‘Cyberfirst Girls’ competition held by UK recently that was run by the National Cyber Security Center (NCSC) – a part of GCHQ. Information is out that girls belonging to over 9 schools reached the semi final stage of the 2021 CyberFirst Girls Competition held last week. As per the details available to our Cybersecurity Insiders, over 6773 girls entered the 2021 year’s qualifying rounds, competing with more than 10k girls from over 600 schools.
WIRED Threat Level
FEBRUARY 14, 2021
The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
FEBRUARY 14, 2021
PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets. PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency converter feature of user wallets on February 19, 2020, close one year ago. The ‘reflected XSS and CSP bypass’ vulnerability was reported by the bug bounty hunter “ Cr33pb0y ” through the HackerOne platform. “An endpoint used fo
Bleeping Computer
FEBRUARY 14, 2021
A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine. [.].
Security Boulevard
FEBRUARY 14, 2021
Would you buy a 1980 Datsun electric car? Let me explain why such a car would exist in America, by telling you an obscure and old story that nobody really remembers anymore, and as far as I can tell has never been told in full before (given so many records/pieces are missing). The New York … Continue reading 1980 Datsun Electric Car (Lektrikar II) For Sale ?.
Bleeping Computer
FEBRUARY 14, 2021
This week a report has revealed details on the two spyware strains leveraged by state-sponsored threat actors during the India-Pakistan conflict. The malware strains named Hornbill and SunBird have been delivered as fake Android apps (APKs) by the Confucius advanced persistent threat group (APT), a state-sponsored operation. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Through Education
FEBRUARY 14, 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional , Julie Rinehart. Julie has spent the last 10 years building and enhancing Fortune 500 enterprise Security Awareness programs. Listen as they discuss using empathy to improve security awareness and the flaws in the “stupid user” philosophy. – Feb 15, 2021.
CyberSecurity Insiders
FEBRUARY 14, 2021
Microsoft, the American tech giant, has warned the government of Australia to halt its response to cyber attacks as it is complicating the company’s attempt to mitigate hacking incidents. The warning was issued after the Australian News Media starting publishing certain things regarding a critical infrastructure bill of 2020 related to Security Legislation Amendment.
Security Affairs
FEBRUARY 14, 2021
The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement. Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. According to Forbes, the man has amassed a billion dollars worth of Bitcoin with its activity. “The criminal behind the Joker’s Stash site, which trades in stolen credit and debit card data, has announced th
Zero Day
FEBRUARY 14, 2021
Arrested suspects are believed to be clients of the Egregor RaaS, not the Egregor gang itself.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
FEBRUARY 14, 2021
CSO Online ran an article last August covering some important application security statistics from a study run by the Enterprise Security Group (ESG). The article titled The State of Application Security: What the Statistics Tell Us, covered an interesting finding from the report, notably that 79% of organizations push vulnerable code to production either occasionally or regularly.
Security Affairs
FEBRUARY 14, 2021
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. COMB breach: 3.2B email and password pairs leaked online Hacking Nespresso machines to have unlimited funds to purchase coffee The number of ICS flaws in 2020 was 24,72% higher compared to 2019 Web developers SitePoint discloses a data breach Domestic Kitten has been c
Security Boulevard
FEBRUARY 14, 2021
Our thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group's BSidesSF 2020 Conference , and on the Organization's YouTube Channel. Additionally, the BSidesSF 2021 Conference will take place on March 6 - 9, 2021 - with no cost to participate. Enjoy! Permalink. The post BSidesSF 2020 – Mike Malone’s ‘If You’re Not Using SSH Certificates You’re Doing SSH Wrong’ appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 14, 2021
Chromium-based browsers such as Microsoft Edge and Google Chrome will soon support the Intel CET security feature to prevent a wide range of vulnerabilities. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Boulevard
FEBRUARY 14, 2021
Social media is no stranger to scams. However, recent trends show scammers have started to show more aggression toward businesses since the beginning of the pandemic. Being able to recognize these scams can help you prevent injury to your business. Social Media as a Newer Cybercrime Platform for Targeting Businesses Scammers go where the people […]… Read More.
CyberSecurity Insiders
FEBRUARY 14, 2021
CHARLOTTE, N.C.–(BUSINESS WIRE)– #cmmc–ThreatSwitch, the leading provider of Software-as-a-Service (SaaS) solutions for industrial security compliance, today announced the findings of its “2021 Industrial Security Benchmark Study.” Survey participants included some of the most active and knowledgeable industrial security professionals who provided insights into their top security threats and compliance program priorities for 2021.
Security Boulevard
FEBRUARY 14, 2021
Once again, supply chain risks are in the news, with Bloomberg reporting attacks compromising servers via malicious firmware updates. While we don’t have many technical details about the attacks reported in the Bloomberg article, the risk associated with the supply chain remains a serious concern for both the public and private sectors. Organizations today face […].
CyberSecurity Insiders
FEBRUARY 14, 2021
PORTLAND, Maine–(BUSINESS WIRE)–Foreside Financial Group, LLC (“Foreside”), a provider of governance, risk management, and compliance service and technology offerings to clients in the global asset and wealth management industry, today announced that it has launched Connect+ , a newly redesigned and upgraded version of its client portal.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Security Boulevard
FEBRUARY 14, 2021
via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics. Permalink. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 316’ appeared first on Security Boulevard.
Penetration Testing
FEBRUARY 14, 2021
Remote Method Guesser Remote Method Guesser (rmg) is a command-line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding... The post Remote Method Guesser v5.0 releases: Java RMI enumeration and bruteforce of remote methods appeared first on Penetration Testing.
Security Boulevard
FEBRUARY 14, 2021
Our thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group's BSidesSF 2020 Conference , and on the Organization's YouTube Channel. Additionally, the BSidesSF 2021 Conference will take place on March 6 - 9, 2021 - with no cost to participate. Enjoy! Permalink. The post BSidesSF 2020 – Daniel Tobin’s & Paul Karayan’s ‘From Cockroaches To Marble Floors’ appeared first on Security Boulevard.
Identity IQ
FEBRUARY 14, 2021
During the COVID-19 pandemic, many people are trying online dating for the first time. Unfortunately, scammers are looking to take advantage of that. Especially during Valentine’s Day and the season of love, singles looking to make that special love connection via an online dating app need to be particularly aware of online romance scams. MatchGroup, which owns some of the most popular dating brands such as Tinder, Hinge and OkCupid, has recorded an increase in users throughout the pandemic.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Security Boulevard
FEBRUARY 14, 2021
Back in 2013, David Geer laid out the dangers of QR codes for security, explaining how a malicious QR — Quick Response — code can contain a link to a website embedded with malware. The Web link then infects the user device with a Trojan. “Once a Trojan infiltrates a mobile device,” Geer wrote, “it. The post Combatting the Growing Cyberthreat of QR Code Abuse appeared first on Security Boulevard.
Security Boulevard
FEBRUARY 14, 2021
The Canadian Centre for Cyber Security performs evaluations on common IT products and releases a report called “Common Criteria Certification.” This process allows for organizations to review an evaluation without needing to set up and configure an IT product that they would like to test. Tripwire Enterprise v8.8.2.2 was recently evaluated and passed the certification. […]… Read More.
Security Boulevard
FEBRUARY 14, 2021
In episode 160: An attacker tried to poison a Florida city’s water supply, a popular Android app was hacked to display malicious ads, and how smartphone location data was used to track the US Capitol rioters. ** Links mentioned on the show ** A Hacker Tried to Poison a Florida City’s Water Supply, Officials Say […]. The post Florida Water Supply Hack, Android App Hijack, US Capitol Riot Phone Tracking appeared first on The Shared Security Show.
Security Boulevard
FEBRUARY 14, 2021
?? Expand for EKG code library(hrbrthemes) library(elementalist) # remotes::install_github("teunbrand/elementalist") library(ggplot2) read_csv( file = "~/Data/apple_health_export/electrocardiograms/ecg_2020-09-24.csv", # this is extracted below skip = 12, col_names = "µV" ) %>% mutate( idx = 1:n() ) -> ekg ggplot() + geom_line_theme( data = ekg %>% tail(3000) %>% head(2500), aes(idx, µV), size = 0.125, color = "#cb181d" ) + labs(x.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Let's personalize your content