Schneier on Security

MAY 20, 2022

Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device attached to a laptop which bridged a large gap between the Tesla and the Tesla owner’s phone. “This proves that any product relying on a trusted BLE connection is vulnerable to attacks even f

Technology 248

Technology Authentication Hacking 248

Tech Republic Security

MAY 20, 2022

A commercial surveillance company previously exposed for selling a spyware service dubbed "Predator" keeps targeting users and uses 0-day exploits to compromise Android phones. Learn more about how to protect yourself from it. The post Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks appeared first on TechRepublic.

Surveillance 180

Surveillance Spyware Mobile 180

Schneier on Security

MAY 20, 2022

“ Google Maps Adds Shortcuts through Houses of People Google Knows Aren’t Home Right Now.” Excellent satire.

Surveillance 185

Surveillance 185

Tech Republic Security

MAY 20, 2022

McAfee and Kaspersky are some of the oldest, most trusted names in the antivirus business, but their ideal use cases vary. See which is best for you. The post McAfee vs Kaspersky: Compare EDR software appeared first on TechRepublic.

Software 163

Software Antivirus 163

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

MAY 20, 2022

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Researchers from NordPass combed through a large list of CEO and business owner breaches.

Passwords 137

Passwords Password Management Authentication VPN 137

Tech Republic Security

MAY 20, 2022

Compare the key features of two EDR tools: SentinelOne's Singularity XDR and Palo Alto's Cortex XDR. The post SentinelOne vs Palo Alto: Compare EDR software appeared first on TechRepublic.

Software 132

Software 132

Tech Republic Security

MAY 20, 2022

See what features you can expect from Carbon Black and CrowdStrike to decide which endpoint detection and response solution is right for you. The post Carbon Black vs. CrowdStrike: EDR software comparison appeared first on TechRepublic.

Software 126

Software 126

We Live Security

MAY 20, 2022

When you hear the term ‘cryptocurrency’, does ‘secure’ also spring to mind? Here are some implications of the lack of sound security practices in the world of crypto. The post Cryptocurrency: secure or not? – Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Cryptocurrency 130

Cryptocurrency 130

Graham Cluley

MAY 20, 2022

I'm not sure if it would be enough for me to switch bank accounts, but I have something of a sneaking respect for the Bank of Zambia.

Banking 145

Banking Accountability Ransomware Malware 145

CyberSecurity Insiders

MAY 20, 2022

All White Hat hackers are from now on exempted from being prosecuted under the Computer Fraud and Abuse Act (CFAA) and this is official as per the statement released by the US Department of Justice. Thus, the latest memo will be applied in place of the 1986 law that made it mandatory for law enforcement to target security researchers if the situation demands it.

Data privacy 120

Data privacy Media Government Accountability 120

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Naked Security

MAY 20, 2022

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

Authentication 133

Authentication 133

Bleeping Computer

MAY 20, 2022

Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely gain access to Redis instances running in NOSi Docker containers. [.].

Software 112

Software 112

The Hacker News

MAY 20, 2022

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is known to have been active since at least 2014.

Malware 109

Malware Encryption 109

Dark Reading

MAY 20, 2022

To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

Authentication 108

Authentication 108

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

MAY 20, 2022

Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, which is believed to have existed since version 8.

107

107

Security Boulevard

MAY 20, 2022

Following years of nation-state cyberattacks targeting United States interests, during a Securing Cyberspace panel hosted by the Washington Post, a pair of lawmakers expressed their determination to establish harsher penalties for such attacks. As recently as March 2022, attackers affiliated with the Chinese government broke into six or more U.S. states using the Log4j vulnerability.

Government 104

Government Risk Cybersecurity 104

Naked Security

MAY 20, 2022

Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.

Government 128

Government 128

Security Boulevard

MAY 20, 2022

Despite its massive attack on Costa Rica, Conti says it's shutting down, an attack leads to a huge sales loss at an ecommerce company, a doctor becomes a hacker. The post Cybersecurity News Round-Up: Week of May 16, 2022 appeared first on Security Boulevard.

eCommerce 104

eCommerce Cybersecurity 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

MAY 20, 2022

Ottawa government’s move follows similar bans in other English-speaking countries, citing potential security risks to 5G communications networks.

Risk 115

Risk 115

The Hacker News

MAY 20, 2022

Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution.

Software 104

Software 104

Threatpost

MAY 20, 2022

More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.

Internet 107

Internet Internet Engineering 107

Digital Guardian

MAY 20, 2022

In this week's Friday Five, read about the outing of a ransomware mastermind, growing threats against the global maritime supply chain, an under-the-radar iPhone exploit, and more!

Ransomware 97

Ransomware 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

MAY 20, 2022

Taiwanese vendor QNAP warned customers of a new wave of DeadBolt ransomware attacks and urges them to install the latest updates. Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. The company issued the alert in response to a new wave of DeadBolt ransomware attacks targeting NAS devices using QTS 4.3.6 and QTS 4.4.1. “QNAP® Systems, Inc. recently detected a new attack by the DEADBOLT Ransomware.

Ransomware 99

Ransomware Internet Internet Firmware 99

Security Boulevard

MAY 20, 2022

What Is DNS Spoofing and How Is It Prevented? 97thfloor. Fri, 05/20/2022 - 09:37. 3 views. What Is the DNS and DNS Server? . To fully understand DNS spoofing, it’s important to understand DNS and DNS servers. To start, each computer and server has a unique Internet Protocol (IP) address that’s a number string ID that signals to websites what computer is using the site.

DNS 98

DNS Cyber Attacks Encryption Risk 98

The Hacker News

MAY 20, 2022

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users.

Spyware 98

Spyware 98

Security Boulevard

MAY 20, 2022

At the close of 2021, security thought leaders across the industry, including myself, issued cybersecurity predictions for the year ahead. While it was nearly impossible to predict some of the recent global events, many forecasted that some of the challenges of the past few years would still be problematic. Over the past two years, threat. The post Staying Protected Against Ongoing Uncertainty appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

MAY 20, 2022

The infamous ransomware gang known as the Conti group has effectively brought an end to their operation by taking their infrastructure down and informing their team leaders that the brand no longer exists. What Happened? Yelisey Boguslavskiy of Advanced Intel tweeted this afternoon that the gang’s internal infrastructure had been shut down, which is where […].

Ransomware 100

Ransomware Cybersecurity 100

Security Affairs

MAY 20, 2022

Microsoft researchers have observed a spike in the activity of the Linux bot XorDdos over the last six months. XORDDoS , also known as XOR.DDoS , first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks against gaming and education websites with massive DDoS attacks that reached 150 gigabytes per second of malicious traffic.

DDOS 96

DDOS Architecture Education Hacking 96

Bleeping Computer

MAY 20, 2022

The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks. [.].

Telecommunications 97

Telecommunications Government 97

The Hacker News

MAY 20, 2022

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression.

Malware 95

Malware Software Cybersecurity 95

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.