Schneier on Security

JULY 13, 2022

This is an excellent essay outlining the post-Roe privacy threat model. (Summary: period tracking apps are largely a red herring.). Taken together, this means the primary digital threat for people who take abortion pills is the actual evidence of intention stored on your phone, in the form of texts, emails, and search/web history. Cynthia Conti-Cook’s incredible article “ Surveilling the Digital Abortion Diary details what we know now about how digital evidence has been used to prose

Surveillance 282

Surveillance Risk Engineering Internet 282

Tech Republic Security

JULY 13, 2022

Use the new Windows Remote Help app to support remote and hybrid employees from Microsoft Endpoint Manager securely without a VPN. The post Secure remote help can be powerful but may not be cheap appeared first on TechRepublic.

VPN 178

VPN Software 178

We Live Security

JULY 13, 2022

In a world of ever-evolving cyberthreats, collaboration and knowledge exchange are vital for keeping an edge on attackers. The post Collaboration and knowledge sharing key to progress in cybersecurity appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

JULY 13, 2022

Organizations are struggling to manage devices and stay ahead of vulnerabilities, patches and attacks, according to a new report from Adaptiva and the Ponemon Institute. The post Nearly half of enterprise endpoint devices present significant security risks appeared first on TechRepublic.

Risk 165

Risk 165

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JULY 13, 2022

A survey of 800 senior IT managers, senior IT security managers and project managers responsible for industrial internet-of-things (IIoT)/operational technology (OT) found 94% reported their organization experienced a security incident in the last 12 months. The survey, conducted by Barracuda Networks, also found 87% of organizations that experienced an incident were impacted for more than.

IoT 141

IoT Technology Internet Internet 141

Tech Republic Security

JULY 13, 2022

Keep your internet connection behind lock and key with these 20 VPN subscriptions and bundles offered through TechRepublic Academy. The post 20 VPN subscriptions and bundles on sale now appeared first on TechRepublic.

VPN 144

VPN Internet Internet Software 144

Javvad Malik

JULY 13, 2022

BMW, a brand known for its amazing cars, a model for everyone – built with the infamous German engineering and now offering a whole bunch of options as a monthly subscription. In some ways it makes sense. Streamline your production and build each and every car with the exact same hardware, but then limit options to those who are willing to pay out extra.

Software 113

Software Engineering Risk Hacking 113

Security Affairs

JULY 13, 2022

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside in the UEFI firmware shipped with over 70 product models, including several ThinkBook models. A remote attacker can trigger these flaws to execute arbitrary code on the vulnerable systems in the early stages of the boot avoiding the detection of s

Firmware 131

Firmware Hacking Technology Information Security 131

Bleeping Computer

JULY 13, 2022

A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks. [.].

Ransomware 131

Ransomware 131

Thales Cloud Protection & Licensing

JULY 13, 2022

Celebrating Emoji Day in CyberSecurity! divya. Thu, 07/14/2022 - 06:57. It's that day of the year again - the time? when we celebrate ?? Emoji Day on ?? 17 July. You might be wondering ??, what is Emoji Day, and what does it have to do with cybersecurity??? And you might think ?? why should security ?? professionals even care? Well, emojis are everywhere and used in all types of digital communication ???

Cybersecurity 126

Cybersecurity VPN Mobile Media 126

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JULY 13, 2022

Smart Phones have become a necessity these days, but the security concerns they offer are many. Especially, the Pegasus software surveillance revelations have left many in the mobile world baffled. And the highlight in the discovery was a Saudi Prince using the NSO Group built software to spy on Amazon Chief Jeff Bezos and leaking his personal life details as texts and photos to the media.

Mobile 130

Mobile Surveillance Media Encryption 130

Malwarebytes

JULY 13, 2022

This blog was authored by Roberto Santos and Hossein Jazi. The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that we attribute with high confidence to UAC-0056 (AKA UNC2589, TA471). This threat group has repeatedly targeted the government entities in Ukraine via phishing campaigns following the same common tactics, techniques and procedures (TTPs).

Government 128

Government Cyber Attacks Phishing Malware 128

Bleeping Computer

JULY 13, 2022

The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations. [.].

Firmware 127

Firmware 127

Security Boulevard

JULY 13, 2022

Most security teams will agree that having a deep understanding of how attackers gain initial access is the most critical factor in building an effective cybersecurity strategy and stopping ransomware attacks in their tracks. According to federal research by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), attackers infiltrate victim networks using five main methods: The post Before the Ransomware Attack: 5 Initial Access Methods appeared first on Security Boulevard.

Ransomware 126

Ransomware Cybersecurity Security Awareness Phishing 126

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JULY 13, 2022

Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data. [.].

Hacking 137

Hacking Ransomware 137

Security Affairs

JULY 13, 2022

Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to evolve implementing new attack vectors to evade detection, Zscaler Threatlabz researchers warn.

Malware 124

Malware Hacking Cybercrime Information Security 124

Bleeping Computer

JULY 13, 2022

A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. [.].

Malware 140

Malware Mobile 140

Malwarebytes

JULY 13, 2022

It’s time to triage a lot of patching again. Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS). This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency (CISA) list of known to be exploited in the wild list that are due for patching by August 2, 2022.

Small Business 120

Small Business Cybersecurity 120

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

JULY 13, 2022

Within a day of each other, the consulting and outsourcing firms Deloitte and HCL Technologies have both launched new managed cybersecurity services, as consultants look to capitalize on the growing appetite for the Zero Trust security model. On Tuesday, Deloitte unveiled its Zero Trust Access managed service, which is heavily influenced by its recent acquisition of TransientX.

Threat Detection 119

Threat Detection Technology Cybersecurity 119

Bleeping Computer

JULY 13, 2022

Windows 8.1 is now displaying full-screen alerts when logging into the operating system, warning that the OS is reaching the end of support in January 2023 and will no longer receive security updates. [.].

119

119

CSO Magazine

JULY 13, 2022

Regulated industry community builder Exostar has announced new updates to its platform designed to help small- and medium-sized businesses (SMBs) overcome the technology, time, and cost obstacles of preparing for and demonstrating compliance with Cybersecurity Maturity Model Certification (CMMC) 2.0. The latest version of the CMMC requires businesses throughout the U.S.

Technology 116

Technology Cybersecurity 116

Heimadal Security

JULY 13, 2022

Luna Moth is a new data extortion gang that has been penetrating corporations to steal personal information. They tell victims that they would make the files publicly accessible unless the victims pay a ransom to keep the contents from being released. Luna Moth has been engaged in phishing attempts that have provided remote access tools […]. The post Luna Moth Is a New Tool Used by Hackers to Break Into Organizations appeared first on Heimdal Security Blog.

Phishing 114

Phishing Cybersecurity 114

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CyberSecurity Insiders

JULY 13, 2022

A few weeks ago, Elon Musk offered a $44 billion deal to Twitter and requested the social media giant to give an exact count of Fake accounts. The firm initially denied the allegations, but later admitted that well over 5% of its total accounts were bot generated. Tesla Chief Musk then issued a statement asking Twitter to be specific on the count of the accounts that were generated by Twitter Bots.

Accountability 108

Accountability Media Internet Internet 108

Naked Security

JULY 13, 2022

Last time they arrived 28 minutes after lighting up their fake domain. this time it was just 21 minutes.

Scams 142

Scams Phishing 142

CSO Magazine

JULY 13, 2022

For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities. But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone. Likewise, data from Netscout’s 2H 2021 Threat Intelligence Report shows that hackers remain laser-focused on attacking the digital supply chain.

Manufacturing 107

Manufacturing Software Hacking 107

Security Boulevard

JULY 13, 2022

A report published by CSC today revealed a spike in fake domain registrations from entities attempting to leverage the ongoing shortages of baby formula and semiconductors to conduct phishing attacks and perpetrate fraud. The CSC report found an 84% increase in baby formula-related domains registered by third parties since January of 2021 and a 95%.

Phishing 105

Phishing Social Engineering DNS Engineering 105

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Identity IQ

JULY 13, 2022

What to Do If My Email Is Found on The Dark Web? IdentityIQ. Pretty much everyone uses email. It’s part of your daily life. But what do you do if your email address is found on the dark web? People might be trying to access your accounts. Unfortunately, the dark web is where you can find a number of criminals and cybercriminals trying to break into your accounts and get access to your money, personal information, login details for other websites, and more.

Identity Theft 103

Identity Theft Passwords Banking Phishing 103

Security Boulevard

JULY 13, 2022

GitOps is arguably the hottest trend in software development today. It is a new work model that is widely adopted due to its simplicity and the strong benefits it provides for development pipelines in terms of resilience, predictability, and auditability. Another important aspect of GitOps is that it makes security easier, especially in complex cloud […]… Read More.

Software 105

Software 105

Heimadal Security

JULY 13, 2022

The second Tuesday of June comes with ‘goodies’ aplenty from Microsoft – 80+ fixes for issues ranging from denial of services to remote code execute, security features bypass, elevations of privilege, and of course, information disclosure. Microsoft has also addressed a zero-day vulnerability that could have allowed threat actors to remotely execute code on the […].

99

99

Security Boulevard

JULY 13, 2022

Check your forwarding rules. Email security is critical for everyone. It’s the account that controls most of your others. Need to reset a password? Or verify your identity for other reasons? You’ll probably get an email with a link. If…. Read More ?. The post Email hacker pest control appeared first on HACK by Simon PG Edwards. The post Email hacker pest control appeared first on Security Boulevard.

Passwords 105

Passwords Accountability Hacking Social Engineering 105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.