Schneier on Security
APRIL 8, 2022
Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country’s largest police departments. We obtained records from eight police departments.
Troy Hunt
APRIL 8, 2022
I hope scheduling these in advance is working well for everyone, the analytics certainly suggest a much higher viewership so I'm going to keep scheduling these and refining the whole thing further. Other than that, it's same-same this week with the usual array of breaches, tech and life down under. Enjoy 😊 References I keep forgetting to talk about upcoming events (that's a list of what's coming in 2022, I'll try to remember to discuss it next week given I&
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 8, 2022
A new malware has infiltrated AWS Lambda services, and investigators still aren’t sure how it happened. Here’s how it works and how to protect your organization. The post AWS Lambda sees its first malware attack with Denonia, and we don’t know how it got there appeared first on TechRepublic.
Malwarebytes
APRIL 8, 2022
The US Department of Justice (DoJ) and Microsoft have taken the sting out of two operations believed to be controlled by the Russian Federation’s Main Intelligence Directorate (GRU). On Wednesday, the DOJ announced that it had disrupted GRU’s control over thousands of internet-connected firewall devices compromised by the Russian Sandworm group. One day later, Microsoft disclosed information about the steps it took to disrupt cyberattacks it had seen targeting Ukraine.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
APRIL 8, 2022
A new report from Black Kite shows the entire sector may be ripe for ransomware attacks. The post Insurance industry being ravaged by high rate of cyberattacks appeared first on TechRepublic.
CyberSecurity Insiders
APRIL 8, 2022
By Steve Moore, Chief Security Strategist, Exabeam. When you take a step back and consider these statistics, you will quickly realize the gravity of what is at stake for organizations when it comes to effectively securing their confidential information – and that there is still a lot more to be done to combat this growing trend. According to cybercrime prosecution statistics , 2022 is expected to see a worldwide annual spend of nearly $134 billion to both prevent and also deal with the aftermath
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
APRIL 8, 2022
There’s no question that advanced digital technologies are becoming increasingly prevalent, requiring strong cybersecurity measures for all organizations. All industries can benefit from a comprehensive plan, but many face challenges finding quality candidates that fit the bill. Companies that utilize new computer and information system technologies must find, recruit and hire top talent with a strong understanding of cybersecurity practices and processes.
Bleeping Computer
APRIL 8, 2022
An update to Raspberry Pi OS Bullseye has removed the default 'pi' user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials. [.].
CyberSecurity Insiders
APRIL 8, 2022
By Raj Dodhiawala, President, Remediant. Imagine you’re the manager of a hotel. Your position entitles you to a master key to all the hotel rooms, with access to any room, at any point in time. This of course comes with the territory and assigned role, enables ease of operations, and is demonstrative of the inherent trust that is conferred to you as the person in charge.
Tech Republic Security
APRIL 8, 2022
Based on new findings the group is now employing various cyberattack methods, from ransomware to backdoors. The post FIN7 hacking group returns with new methods and members, what should you look out for? appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
APRIL 8, 2022
Microsoft has reminded customers today that multiple editions of Windows 10 20H2 and Windows 10 1909 are reaching the end of service (EOS) on May 10, 2022. [.].
CyberSecurity Insiders
APRIL 8, 2022
Tim Cook, the Apple CEO, will deliver keynotes at the International Association of Privacy Professionals (IAPP) that will be held between April 11 to April 13 in Washington, DC. Mr. Cook will speak at the Global Privacy Summit on April 12th,2022 at 9:15 am Eastern time and the speech will be streamed live on YouTube for those listed in the guest lists on other continents.
Bleeping Computer
APRIL 8, 2022
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks. [.].
Malwarebytes
APRIL 8, 2022
Ledger is one of the biggest hardware cryptocurrency wallets around and scammers have noticed. Phishing mails are in circulation, hoping to snag Ledger users with a sneaky request for passphrases. What is a Ledger recovery phrase? A recovery phrase is an incredibly important combination of words that act as the literal keys to your digital crypto kingdom.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
eSecurity Planet
APRIL 8, 2022
Bypassing detection tools is part of a hacker’s routine these days. Despite the incredible evolution of defensive technologies, attackers often remain undetected for weeks or months, earning the label advanced persistent threat (APT). Classic security tools are necessary but less and less sufficient. That’s why most security companies are now focusing on behavioral analysis and active endpoint protection , as evasion keeps becoming easier.
Malwarebytes
APRIL 8, 2022
Some of the biggest stars around have seen content placed on their YouTube accounts without permission over the last couple of days. Taylor Swift has around 40 million subscribers. Justin Bieber? 68 million. Harry Styles, a respectable 12 million. You can even add Eminem and Michael Jackson to the list of those taken over. Big names, and even bigger numbers.
CyberSecurity Insiders
APRIL 8, 2022
By: Julie Smith, executive director, Identity Defined Security Alliance . According to the latest Verizon Data Breach Investigations Report, 61% of all breaches were a result of stolen credentials. It’s no wonder why nearly all (97%) respondents in a recent Identity Defined Security Alliance (IDSA) survey responded that they will make identity security investments in the next two years.
Security Boulevard
APRIL 8, 2022
All bubbles burst—but with around 2.72 million unfilled cybersecurity jobs as of October 2021 according to (ISC)2, it seems the cybersecurity talent bubble will be floating around for the foreseeable future. The fact is, there simply aren’t enough experienced cybersecurity professionals to go around, said Mark Sasson, managing partner at Pinpoint Search Group.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Heimadal Security
APRIL 8, 2022
Identity and access management is a key component in ensuring the security of data. It can be used to protect companies against data breaches by providing a layer of security that protects information from unauthorized access. Find more about this concept along with why IAM is important and what is the best approach when implementing […]. The post Identity and Access Management (IAM) Explained: Definition, Benefits and More appeared first on Heimdal Security Blog.
Security Boulevard
APRIL 8, 2022
Meta says it’s eliminated countless fake Facebook troll accounts, controlled by state actors from Russia and Belarus. The post Facebook Destroys Russian Trolls (Hey Hey Rise Up) appeared first on Security Boulevard.
Security Affairs
APRIL 8, 2022
Microsoft obtained a court order to take over seven domains used by the Russia-linked APT28 group to target Ukraine. Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group APT28 in attacks against Ukraine. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.
Security Boulevard
APRIL 8, 2022
A career in cybersecurity guarantees many things: Job stability, competitive compensation and room for growth, just to name a few. Cybersecurity professionals are drawn to the fact that they are part of something bigger, working to stop adversaries and protecting the good guys. Along with the pride that comes with a career in cybersecurity is. The post Fostering the Next Generation of Cybersecurity Talent appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
APRIL 8, 2022
The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. This week Anonymous claimed to have hacked multiple private businesses and leaked their data through the DDoSecrets platform. The list of recently compromised businesses includes: Forest – The hacktivists leaked 37,500 emails stolen from the company which is a Russian logging and wood manufacturing firm.
Heimadal Security
APRIL 8, 2022
A financial-motivated threat organization that has been active since 2013, FIN7 has targeted the retail, restaurant, and hospitality industries in the United States, often deploying point-of-sale malware to achieve its objectives. Combi Security, a front firm for FIN7, was used to administer a component of the organization. The FIN7 group has changed its approach to […].
Security Affairs
APRIL 8, 2022
A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. Denys Iarmak, a Ukrainian national (32), has been sentenced to five years in prison in the U.S. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). The man was arrested in Bangkok, Thailand in November 2019 at the request of U.S. law enforcement, then he was extradited to the U.S. in May 2020.
Heimadal Security
APRIL 8, 2022
Microsoft was able to successfully disrupt cyberattacks targeting Ukraine that were conducted by the Russian APT28 cybercrime group after shutting down seven domains used as attack infrastructure. What Is APT28? The Russian-backed APT28 (also known as Fancy Bear or Strontium) hacking gang, which is connected to the GRU Russian military intelligence agency, is a threat […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
APRIL 8, 2022
Finland's defence and foreign affairs ministries have just been hit with a cyber attack, VMware urges customers to update their software to resolve critical vulnerabilities, a major British retailer shuts down stores after a cyberattack and a data breach impacts Spanish energy giant Iberdrola. The post Cybersecurity News Round-Up: Week of April 4, 2022 appeared first on Security Boulevard.
Bleeping Computer
APRIL 8, 2022
Today, the U.S. has announced exemptions on previously imposed sanctions on Russia related to telecommunications and internet-based communications, likely to prevent Russians from being isolated from Western news sources. [.].
Security Boulevard
APRIL 8, 2022
Freight Frights Over the past two years, as the pandemic’s effects on health, travel and the economy expanded, supply chain issues have established themselves regularly in the headlines. Practically every industry has been impacted, from a lack of used car parts to labor shortages. In an attempt to streamline systems, and connect globally, a massive push to digitize is underway: Read More.
The Hacker News
APRIL 8, 2022
Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
298 
Let's personalize your content