Sun.Feb 14, 2021

article thumbnail

Combatting the Growing Cyberthreat of QR Code Abuse

Lohrman on Security

356
356
article thumbnail

SHAREit Flaw Could Lead to Remote Code Execution

Trend Micro

We discovered vulnerabilities in the SHAREit application. The vulns can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zerologon Vulnerability: What You Need to Know

Security Boulevard

Zerologon made its way into our collective awareness in late September 2020, when it was revealed that hackers were actively targeting the vulnerability. While the complete patch was made available this month, on February 9th, 2021, both Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have encouraged companies to use the available partial.

article thumbnail

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes after the recent attacks on the Oldsmar water treatment plant’s network where attackers tried to raise levels of sodium hydroxid

Passwords 137
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Scotland girls excel in UK Cybersecurity Competition

CyberSecurity Insiders

Scotland School girls have excelled in the ‘Cyberfirst Girls’ competition held by UK recently that was run by the National Cyber Security Center (NCSC) – a part of GCHQ. Information is out that girls belonging to over 9 schools reached the semi final stage of the 2021 CyberFirst Girls Competition held last week. As per the details available to our Cybersecurity Insiders, over 6773 girls entered the 2021 year’s qualifying rounds, competing with more than 10k girls from over 600 schools.

article thumbnail

The Untold History of America’s Zero-Day Market

WIRED Threat Level

The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now.

Marketing 130

More Trending

article thumbnail

PayPal addresses reflected XSS bug in user wallet currency converter

Security Affairs

PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets. PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency converter feature of user wallets on February 19, 2020, close one year ago. The ‘reflected XSS and CSP bypass’ vulnerability was reported by the bug bounty hunter “ Cr33pb0y ” through the HackerOne platform. “An endpoint used fo

Hacking 111
article thumbnail

Egregor ransomware members arrested by Ukrainian, French police

Bleeping Computer

A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine. [.].

article thumbnail

1980 Datsun Electric Car (Lektrikar II) For Sale

Security Boulevard

Would you buy a 1980 Datsun electric car? Let me explain why such a car would exist in America, by telling you an obscure and old story that nobody really remembers anymore, and as far as I can tell has never been told in full before (given so many records/pieces are missing). The New York … Continue reading 1980 Datsun Electric Car (Lektrikar II) For Sale ?.

98
article thumbnail

Pro-India hackers use Android spyware to spy on Pakistani military

Bleeping Computer

This week a report has revealed details on the two spyware strains leveraged by state-sponsored threat actors during the India-Pakistan conflict. The malware strains named Hornbill and SunBird have been delivered as fake Android apps (APKs) by the Confucius advanced persistent threat group (APT), a state-sponsored operation. [.].

Spyware 118
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Ep. 140 – Empathetic Security with Julie Rinehart

Security Through Education

In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional , Julie Rinehart. Julie has spent the last 10 years building and enhancing Fortune 500 enterprise Security Awareness programs. Listen as they discuss using empathy to improve security awareness and the flaws in the “stupid user” philosophy. – Feb 15, 2021.

article thumbnail

Microsoft warns Australia for complicating Cyber Attack response

CyberSecurity Insiders

Microsoft, the American tech giant, has warned the government of Australia to halt its response to cyber attacks as it is complicating the company’s attempt to mitigate hacking incidents. The warning was issued after the Australian News Media starting publishing certain things regarding a critical infrastructure bill of 2020 related to Security Legislation Amendment.

article thumbnail

The kingpin behind Joker’s Stash retires with a billionaire exit

Security Affairs

The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement. Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. According to Forbes, the man has amassed a billion dollars worth of Bitcoin with its activity. “The criminal behind the Joker’s Stash site, which trades in stolen credit and debit card data, has announced th

article thumbnail

Egregor ransomware operators arrested in Ukraine

Zero Day

Arrested suspects are believed to be clients of the Egregor RaaS, not the Egregor gang itself.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The State of Application Security: What the Statistics Tell Us

Security Boulevard

CSO Online ran an article last August covering some important application security statistics from a study run by the Enterprise Security Group (ESG). The article titled The State of Application Security: What the Statistics Tell Us, covered an interesting finding from the report, notably that 79% of organizations push vulnerable code to production either occasionally or regularly.

CSO 89
article thumbnail

Security Affairs newsletter Round 301

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. COMB breach: 3.2B email and password pairs leaked online Hacking Nespresso machines to have unlimited funds to purchase coffee The number of ICS flaws in 2020 was 24,72% higher compared to 2019 Web developers SitePoint discloses a data breach Domestic Kitten has been c

Spyware 91
article thumbnail

BSidesSF 2020 – Mike Malone’s ‘If You’re Not Using SSH Certificates You’re Doing SSH Wrong’

Security Boulevard

Our thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group's BSidesSF 2020 Conference , and on the Organization's YouTube Channel. Additionally, the BSidesSF 2021 Conference will take place on March 6 - 9, 2021 - with no cost to participate. Enjoy! Permalink. The post BSidesSF 2020 – Mike Malone’s ‘If You’re Not Using SSH Certificates You’re Doing SSH Wrong’ appeared first on Security Boulevard.

article thumbnail

Google Chrome, Microsoft Edge getting this Intel security feature

Bleeping Computer

Chromium-based browsers such as Microsoft Edge and Google Chrome will soon support the Intel CET security feature to prevent a wide range of vulnerabilities. [.].

96
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Scams Starting on Social Media and Targeting Your Business

Security Boulevard

Social media is no stranger to scams. However, recent trends show scammers have started to show more aggression toward businesses since the beginning of the pandemic. Being able to recognize these scams can help you prevent injury to your business. Social Media as a Newer Cybercrime Platform for Targeting Businesses Scammers go where the people […]… Read More.

Media 80
article thumbnail

ThreatSwitch Study Finds Security Budgets Increasing in 2021, Driven by COVID-19 and the Cybersecurity Maturity Model Certification (CMMC)

CyberSecurity Insiders

CHARLOTTE, N.C.–(BUSINESS WIRE)– #cmmc–ThreatSwitch, the leading provider of Software-as-a-Service (SaaS) solutions for industrial security compliance, today announced the findings of its “2021 Industrial Security Benchmark Study.” Survey participants included some of the most active and knowledgeable industrial security professionals who provided insights into their top security threats and compliance program priorities for 2021.

article thumbnail

A Secure Supply Chain Requires Independent Visibility Into Firmware

Security Boulevard

Once again, supply chain risks are in the news, with Bloomberg reporting attacks compromising servers via malicious firmware updates. While we don’t have many technical details about the attacks reported in the Bloomberg article, the risk associated with the supply chain remains a serious concern for both the public and private sectors. Organizations today face […].

article thumbnail

Foreside Launches Connect+

CyberSecurity Insiders

PORTLAND, Maine–(BUSINESS WIRE)–Foreside Financial Group, LLC (“Foreside”), a provider of governance, risk management, and compliance service and technology offerings to clients in the global asset and wealth management industry, today announced that it has launched Connect+ , a newly redesigned and upgraded version of its client portal.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 316’

Security Boulevard

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics. Permalink. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 316’ appeared first on Security Boulevard.

article thumbnail

Remote Method Guesser v5.0 releases: Java RMI enumeration and bruteforce of remote methods

Penetration Testing

Remote Method Guesser Remote Method Guesser (rmg) is a command-line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding... The post Remote Method Guesser v5.0 releases: Java RMI enumeration and bruteforce of remote methods appeared first on Penetration Testing.

article thumbnail

BSidesSF 2020 – Daniel Tobin’s & Paul Karayan’s ‘From Cockroaches To Marble Floors’

Security Boulevard

Our thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group's BSidesSF 2020 Conference , and on the Organization's YouTube Channel. Additionally, the BSidesSF 2021 Conference will take place on March 6 - 9, 2021 - with no cost to participate. Enjoy! Permalink. The post BSidesSF 2020 – Daniel Tobin’s & Paul Karayan’s ‘From Cockroaches To Marble Floors’ appeared first on Security Boulevard.

article thumbnail

Looking for Love Online? Be Aware of Scammers and Fraud

Identity IQ

During the COVID-19 pandemic, many people are trying online dating for the first time. Unfortunately, scammers are looking to take advantage of that. Especially during Valentine’s Day and the season of love, singles looking to make that special love connection via an online dating app need to be particularly aware of online romance scams. MatchGroup, which owns some of the most popular dating brands such as Tinder, Hinge and OkCupid, has recorded an increase in users throughout the pandemic.

Scams 98
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Combatting the Growing Cyberthreat of QR Code Abuse

Security Boulevard

Back in 2013, David Geer laid out the dangers of QR codes for security, explaining how a malicious QR — Quick Response — code can contain a link to a website embedded with malware. The Web link then infects the user device with a Trojan. “Once a Trojan infiltrates a mobile device,” Geer wrote, “it. The post Combatting the Growing Cyberthreat of QR Code Abuse appeared first on Security Boulevard.

Mobile 69
article thumbnail

Common Criteria Certification: What Is It, and What Does It Mean for Tripwire Enterprise?

Security Boulevard

The Canadian Centre for Cyber Security performs evaluations on common IT products and releases a report called “Common Criteria Certification.” This process allows for organizations to review an evaluation without needing to set up and configure an IT product that they would like to test. Tripwire Enterprise v8.8.2.2 was recently evaluated and passed the certification. […]… Read More.

article thumbnail

Florida Water Supply Hack, Android App Hijack, US Capitol Riot Phone Tracking

Security Boulevard

In episode 160: An attacker tried to poison a Florida city’s water supply, a popular Android app was hacked to display malicious ads, and how smartphone location data was used to track the US Capitol rioters. ** Links mentioned on the show ** A Hacker Tried to Poison a Florida City’s Water Supply, Officials Say […]. The post Florida Water Supply Hack, Android App Hijack, US Capitol Riot Phone Tracking appeared first on The Shared Security Show.

Hacking 52
article thumbnail

Extracting Heart Rate Data (Two Ways!) from Apple Health XML Export Files Using R (a.k.a. The Least Romantic Valentine’s Day R Post Ever)

Security Boulevard

?? Expand for EKG code library(hrbrthemes) library(elementalist) # remotes::install_github("teunbrand/elementalist") library(ggplot2) read_csv( file = "~/Data/apple_health_export/electrocardiograms/ecg_2020-09-24.csv", # this is extracted below skip = 12, col_names = "µV" ) %>% mutate( idx = 1:n() ) -> ekg ggplot() + geom_line_theme( data = ekg %>% tail(3000) %>% head(2500), aes(idx, µV), size = 0.125, color = "#cb181d" ) + labs(x.

52
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.