Tech Republic Security

AUGUST 24, 2021

Survey by EY finds that board members are interested in spending more money on technology and data analytics for risk management.

Risk 188

Risk Technology 188

Bleeping Computer

AUGUST 24, 2021

Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. [.].

Spyware 145

Spyware 145

Tech Republic Security

AUGUST 24, 2021

The leaked data included personal information for COVID-19 contact tracing and vaccination appointments, social security numbers for job applicants, employee IDs, names and email addresses.

147

147

Heimadal Security

AUGUST 24, 2021

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments. What motivates the ransomware actors to become even more […].

Ransomware 145

Ransomware Healthcare Encryption Government 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

AUGUST 24, 2021

New research from Palo Alto Networks’ Unit 42 has identified four emerging ransomware groups that have the potential to become bigger problems in the future. These are AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0. [ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the latest from CSO by signing up for our newsletters.

Ransomware 144

Ransomware CSO Malware 144

The State of Security

AUGUST 24, 2021

Information security is an exciting and rapidly growing field for individuals who are interested in protecting users and their data. In an effort to map out the industry as a possible career choice, we recently conducted research into the top 10 infosec jobs based on overall pay grade. We now continue with the second part of our two-part series. #5: […]… Read More.

Information Security 143

Information Security InfoSec Security Awareness 143

Security Boulevard

AUGUST 24, 2021

As the global financial services industry undergoes a seismic shift, disruption is prompting the industry to replace traditional practices, with emphasis on the inevitable digital future banks will have to embrace. In a report from Deloitte, nearly three-quarters (73%) of respondents said they fear their organizations would lose competitive advantage if they fail to adopt.

Financial Services 143

Financial Services Banking Security Awareness Risk 143

CSO Magazine

AUGUST 24, 2021

Intellectual property (IP) is the lifeblood of every organization. It didn’t used to be. As a result, now more than ever, it’s a target, placed squarely in the cross-hairs by various forms of cyber attack. Witness the long list of hacks on Hollywood and the entertainment industry’s IP including “ Pirates of the Caribbean ” and more recently HBO’s “Game of Thrones.

Government 142

Government Cyber Attacks Hacking 142

SecureList

AUGUST 24, 2021

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the option of viewing messages that have been deleted by the sender.

Malware 141

Malware Advertising Mobile Accountability 141

CSO Magazine

AUGUST 24, 2021

Wi-Fi 6E is a technical extension of the Wi-Fi 6 standard to deliver improved Wi-Fi capacity, less interference, and higher throughput. Introduced in January 2021 by the Wi-Fi Alliance, Wi-Fi 6E allows for an increased frequency band of 6 GHz, providing up to 1,200 MHz of additional spectrum compared to Wi-Fi 6. In April 2020, the FCC voted to open 6 GHz for unlicensed use , meaning that electrical consumer products such as phones, tablets, laptops, and routers could benefit from the enhanced Wi

CISO 141

CISO Manufacturing Internet Internet 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

AUGUST 24, 2021

Atlas VPN's analysis finds that theft within decentralized finance networks is taking in more money than phishing and ransomware attacks.

VPN 147

VPN Scams Phishing Hacking 147

Bleeping Computer

AUGUST 24, 2021

Microsoft has released the Windows 10 KB5005932 setup update to fix '"PSFX_E_MATCHING_BINARY_MISSING" errors when attempting to install the latest cumulative updates. [.].

139

139

CyberSecurity Insiders

AUGUST 24, 2021

Finding your first job in any field is often a challenge. But your first job in cybersecurity? With no previous experience? That may seem impossible, but it’s not. According to the (ISC)² Cybersecurity Workforce Study 2020 , the cybersecurity workforce needs to grow by 89% to effectively defend organizations’ critical assets; however, that doesn’t mean jobs are easy to find for all eager applicants.

Cybersecurity 136

Cybersecurity Education 136

CSO Magazine

AUGUST 24, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) has a new director, Jen Easterly. The Senate confirmed Easterly in July, with swearing taking place on August 09, 2021. It should come as no surprise to CISOs to see Easterly dig in and immediately leverage the newly minted Joint Cyber Defense Collaborative (JCDC), which was authorized in the National Defense Authorization Act of 2021.

CISO 136

CISO Education Cybersecurity 136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

AUGUST 24, 2021

The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found. [.].

143

143

Security Boulevard

AUGUST 24, 2021

Data breaches in the cloud consistently make news headlines. Yet, the data breach stories are often vague explanations — a […]. The post Building A Secure Cloud: Strong Data Protection appeared first on Sonrai Security. The post Building A Secure Cloud: Strong Data Protection appeared first on Security Boulevard.

Data breaches 129

Data breaches Government 129

Bleeping Computer

AUGUST 24, 2021

A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack. [.].

Ransomware 144

Ransomware 144

PCI perspectives

AUGUST 24, 2021

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses.

Firewall 128

Firewall Small Business Data breaches eCommerce 128

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

AUGUST 24, 2021

Meet SparklingGoblin, a member of the Winnti family. The post The SideWalk may be as dangerous as the CROSSWALK appeared first on WeLiveSecurity.

Malware 141

Malware 141

CyberSecurity Insiders

AUGUST 24, 2021

Microsoft has issued some tips to protect those who are using Windows 365 Cloud PCs and here are some details-. 1.) First, Microsoft is asking its Windows 365 Enterprise Customers to follow standard Win 10 practices that include admin privileges only to those eligible. 2.) It is also urging its 365 customers to download and install Microsoft Endpoint Manager and leverage Microsoft Defender to secure endpoints, including those PCs using cloud services. 3.

Authentication 122

Authentication Accountability Risk Cybersecurity 122

Bleeping Computer

AUGUST 24, 2021

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide. [.].

133

133

InfoWorld on Security

AUGUST 24, 2021

Companies including Microsoft, Google, and Facebook are backing an initiative to promote the extended Berkley Packet Filter ( eBPF ), technology that enables developers to safely embed programs in any piece of software including operating system kernels. Hosted by the Linux Foundation, the new eBPF Foundation , which was unveiled August 12, plans to expand eBPF and extend it beyond Linux.

Technology 119

Technology Software 119

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

AUGUST 24, 2021

The FBI shared info about OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. The Federal Bureau of Investigation (FBI) has published a flash alert about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020.

Ransomware 119

Ransomware Encryption Banking Phishing 119

Security Boulevard

AUGUST 24, 2021

Picture a house equipped with state-of-the-art alarm systems, sensors, locks and cameras. From the outside, the house might seem reasonably protected against potential intruders. However, if a savvy thief managed to infiltrate the residence through its crawl space, the very foundation of the house might be putting the overall security of the home at risk.

Firmware 118

Firmware Software Risk Security Awareness 118

Security Affairs

AUGUST 24, 2021

Researchers warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. Researchers from SAM Seamless Network warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 se

IoT 115

IoT Firmware Internet Internet 115

Security Boulevard

AUGUST 24, 2021

Let me start this crazy story by saying in 2007 there was a huge debate in Arizona about water washing away the border wall. Yes, you read that right. Nearly 15 years ago — FIFTEEN — federal officials were sternly warned their wall designs would fail catastrophically due to basic water runoff. In October 2007, … Continue reading Rain Washes Away Arizona Border Wall… AGAIN ?.

Network Security 115

Network Security 115

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

AUGUST 24, 2021

Risk officers would rather stay in their compliance roles than add data usage to their duties, EY survey says.

Technology 131

Technology Risk 131

Security Boulevard

AUGUST 24, 2021

Organizations’ increasing use of contractors, freelancers and other third-party workers is weakening consumers’ trust in their data security, according to a study by SecZetta. The survey of more than 2,000 U.S. adults revealed 83% of respondents agree that those data systems have become more vulnerable to cyberattacks and nearly nine in 10 survey respondents said.

CISO 115

CISO Security Awareness Software Risk 115

CyberSecurity Insiders

AUGUST 24, 2021

FBI has issued a fresh alert against the activities being carried out by a newly detected ransomware group dubbed OnePercent. The law enforcement agency says that the threat actors have been targeting companies since Nov’2020 by using the emulation software of Cobalt Strike. In the latest discovery made by FBI, security analysts found that the OnePercent Ransomware group was compromised victims via phishing emails that were laced with malicious attachments such as Banking Trojans.

Ransomware 110

Ransomware Banking Insurance Software 110

We Live Security

AUGUST 24, 2021

The caches of data that were publicly accessible included names, email addresses and social security numbers. The post Microsoft Power Apps misconfiguration exposes millions of records appeared first on WeLiveSecurity.

109

109

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.