Lohrman on Security

MARCH 27, 2022

How bad was cyber crime in 2021? What are the projections for the next few years? More important, what can you do about it?

207

207

Bleeping Computer

MARCH 27, 2022

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. [.].

Firewall 132

Firewall Authentication 132

Security Boulevard

MARCH 27, 2022

If you’re a defense contractor, Plans of Action and Milestones (POAMs) should be part of your compliance strategy. POAMs give organizations a path to compliance that’s specific to the controls that they haven’t met yet. POAMs not only help you direct your efforts, they also allow your organization to bid for contracts before achieving full […]. The post POAMs: What They Are and Why You Should Use Them to Achieve CMMC Compliance appeared first on PreVeil.

113

113

Bleeping Computer

MARCH 27, 2022

Okta has admitted that it made a mistake delaying the disclosure hack from the Lapsus$ data extortion group that took place in January. Additionally, the company has provided a detailed timeline of the incident and its investigation activities. [.].

Hacking 131

Hacking 131

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

MARCH 27, 2022

Many UK business and technology executives aren’t hopeful about their digital security going into 2022. In a survey of 3,600 business and technology executives, of which 257 were from the UK, PwC learned that a majority (61%) of respondents expected to see an increase in reportable ransomware attacks next year. An even greater proportion (64%) […]… Read More.

Cybersecurity 98

Cybersecurity Technology Ransomware 98

Bleeping Computer

MARCH 27, 2022

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations. [.].

Ransomware 118

Ransomware 118

The Hacker News

MARCH 27, 2022

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine.

95

95

Security Boulevard

MARCH 27, 2022

The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1 million weekly downloads released a new tampered version to condemn Russia’s invasion of Ukraine by wiping arbitrary file contents. ** Links mentioned […].

Phishing 98

Phishing Software Hacking Social Engineering 98

Security Affairs

MARCH 27, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. FCC adds Kaspersky to Covered List due to unacceptable risks to national security Anonymous leaked 28GB of data stolen from the Central Bank of Russia Chrome emergency update fixes actively exploited a zero-day bug Chinese threat actor Scarab targe

Banking 89

Banking Hacking Data privacy Ransomware 89

Security Boulevard

MARCH 27, 2022

Introduction When data is compromised, the last line of defense is your backup. In the past year, the tactics being used by cybercriminals have changed. And. The post When, Why and How To Create A Secure Backup Strategy appeared first on Continuity™. The post When, Why and How To Create A Secure Backup Strategy appeared first on Security Boulevard.

Backups 73

Backups 73

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MARCH 27, 2022

Western Digital fixed a critical flaw affecting My Cloud OS 5 devices that allowed attackers to gain remote code execution with root privileges. Western Digital has addressed a critical vulnerability, tracked as CVE-2021-44142 , that could have allowed attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. The CVE-2021-44142 flaw affects the following devices: My Cloud PR2100 My Cloud PR4100 My Cloud EX4100 My Cloud EX2 Ultra My Cloud Mirror Gen 2 My Clo

Firmware 89

Firmware Hacking Information Security 89

Security Boulevard

MARCH 27, 2022

Data exfiltration 101 describes the types of attacks that lead to data exfiltration and why 83% of all attacks rely on it as the primary vector. The post Data Exfiltration 101: How Threat Actors Compromise Networks appeared first on Security Boulevard.

62

62

Security Affairs

MARCH 27, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. ?. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks

Cybersecurity 88

Cybersecurity Hacking Risk Information Security 88

Security Boulevard

MARCH 27, 2022

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink. The post XKCD ‘Graphic Designers’ appeared first on Security Boulevard.

62

62

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

MARCH 27, 2022

This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. March 25 – Anonymous leaked 28GB of data stolen from the Central Bank of Russia. Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. March 25 – Chinese threat actor Scarab targets Ukraine, CERT-UA warns.

Banking 87

Banking Hacking Government Cyber Attacks 87

Security Boulevard

MARCH 27, 2022

Our thanks to Purdue University’s The Center for Education and Research in Information Assurance and Security (CERIAS) for publishing their illuminating security symposiums, seminars, talks, and presentations on the Schools’ YouTube channel. Permalink. The post Purdue University’s CERIAS 2021 Security Symposium – Winn Schwartau’s ‘Security is Probabilistic, Not Deterministic: Get Over It’ appeared first on Security Boulevard.

Education 52

Education 52

Security Affairs

MARCH 27, 2022

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. The CVE-2022-1040 flaw received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. “An authentication bypass vulnerability allowing remote code execution was discover

Firewall 85

Firewall Authentication VPN Hacking 85

Security Boulevard

MARCH 27, 2022

Cloud computing has emerged as the go-to organizational workload choice because of its innate scalability and flexibility. However, cloud computing still comes with some security risks. Examining cloud security is an important part of adopting this new technology. Presently, cloud-native security is experiencing changes and innovations that help address security threat vectors.

Technology 52

Technology Risk Social Engineering Engineering 52

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MARCH 27, 2022

Permalink. The post XKCD ‘Graphic Designers’ appeared first on Security Boulevard.

52

52