Schneier on Security

DECEMBER 7, 2020

Clever tactic : This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming (also known as Magecart) attacks. The payment skimmer malware pulls its sleight of hand trick with the help of a double payload structure where the source code of the skimmer script that steals customers’ credit cards will be concealed in a social sharing icon loaded as an HTML ‘svg’ element with a ‘path&

Media 275

Media Malware Social Engineering Engineering 275

Tech Republic Security

DECEMBER 7, 2020

Using SMS as an additional means to authenticate your password is better than nothing, but it's not the most reliable. Tom Merritt lists five reasons why SMS should not be used for MFA.

Authentication 207

Authentication Passwords 207

Adam Shostack

DECEMBER 7, 2020

A few weeks back, I mentioned the Distinguished Lecture I gave at Ruhr University Bochum. I’m happy to say that the video is now online, and I also want to share the references.

Cybersecurity 147

Cybersecurity 147

Tech Republic Security

DECEMBER 7, 2020

Including both financial losses and cybersecurity spending, the $1 trillion in costs will represent a 50% increase over 2018, says McAfee.

Cybercrime 194

Cybercrime Cybersecurity 194

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

DECEMBER 7, 2020

The Greater Baltimore Medical Center, Maryland, was hit by a ransomware attack that impacted computer systems and operations. The Greater Baltimore Medical Center in Towson, Maryland was a victim of a ransomware attack that impacted its IT systems. At the time of this writing, it is not clear the family of ransomware that hit the healthcare providers, it only confirmed that the security breach forced some procedures scheduled for Monday to be canceled. “On the morning of Sunday, December 6

Ransomware 126

Ransomware Healthcare Hacking Technology 126

Tech Republic Security

DECEMBER 7, 2020

The pandemic warfare will shift to vaccine supply chains, home networks, and data from telemedicine visits in the new year.

Data breaches 198

Data breaches 198

Tech Republic Security

DECEMBER 7, 2020

Using SMS as an additional means to authenticate your password is better than nothing, but it's not the most reliable. Tom Merritt lists five reasons why SMS should not be used for MFA.

Authentication 143

Authentication Passwords 143

Trend Micro

DECEMBER 7, 2020

The onset of the new decade has challenged the cybersecurity sector — and industries as a whole. What will change? We identify some of the drivers that will underpin organizations’ priorities in 2021.

Cybersecurity 99

Cybersecurity Risk 99

Tech Republic Security

DECEMBER 7, 2020

About half of IT decision makers in a new survey say they have not added any cybersecurity training for teachers and students since remote learning started.

Antivirus 127

Antivirus Software Cybersecurity 127

Veracode Security

DECEMBER 7, 2020

In our first blog in this series, Nature vs. Nurture Tip 1: Use??SAST With DAST , we discussed how this year???s State of Software Security (SOSS) report looked at how both ???nature??? and ???nurture??? contribute to the time it takes to close out a security flaw. We found that the ???nature??? of applications ??? like size or age ??? can have a negative effect on how long it takes to remediate a security flaw.

Software 98

Software 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

DECEMBER 7, 2020

A vulnerability in VMWare has prompted a warning that companies—and government agencies—need to patch as soon as possible.

Government 114

Government 114

Security Affairs

DECEMBER 7, 2020

The National Security Agency (NSA) warns that Russia-linked hackers are exploiting a recently patched VMware flaw in a cyberespionage campaign. The US National Security Agency has published a security alert warning that Russian state-sponsored hackers are exploiting the recently patched CVE-2020-4006 VMware flaw to steal sensitive information from their targets.

System Administration 92

System Administration Authentication Hacking Cybersecurity 92

WIRED Threat Level

DECEMBER 7, 2020

Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.

IoT 123

IoT 123

Dark Reading

DECEMBER 7, 2020

A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom.

Accountability 136

Accountability Financial Services Phishing Insurance 136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

DECEMBER 7, 2020

The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more.

Malware 103

Malware Spyware Mobile 103

Dark Reading

DECEMBER 7, 2020

The COVID-19 crisis has raised the level of cyber-risk significantly over previous Dark Reading Strategic Security surveys.

Cyber Risk 103

Cyber Risk Risk 103

We Live Security

DECEMBER 7, 2020

The new release patches a total of eight vulnerabilities affecting the desktop versions of the popular browser. The post Google patches four high‑severity flaws in Chrome appeared first on WeLiveSecurity.

83

83

Threatpost

DECEMBER 7, 2020

With the promise of a widely available COVID-19 vaccine on the horizon, Europol, the European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity. The agency joins a chorus of security professionals that have concerns about widespread attacks on the COVID-19 vaccine rollout. The warning comes after Europol discovered […].

Phishing 83

Phishing 83

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

DECEMBER 7, 2020

Jack Wallen shows you how to make SSH connections even easier from your macOS machine.

105

105

Threatpost

DECEMBER 7, 2020

Feds are warning that adversaries are exploiting a weeks-old bug in VMware’s Workspace One Access and VMware Identity Manager products.

95

95

Dark Reading

DECEMBER 7, 2020

We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.

Technology 86

Technology 86

GlobalSign

DECEMBER 7, 2020

The data landscape now is completely shaken as browsers have made third-party cookies obsolete. Apple, too, has given its users the option to opt-out of sharing IDFDs or IDs for advertising. So, where can CMOs and CIOs get data to make campaign decisions?

Marketing 78

Marketing Advertising 78

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

DECEMBER 7, 2020

Israeli scientists warn that cybersecurity around DNA synthesis devices needs improvement -- or else the industry risks harmful DNA produced through cyber means.

Risk 116

Risk Cybersecurity 116

Threatpost

DECEMBER 7, 2020

The hotly anticipated game -- featuring a digital Keanu Reeves as a major character -- is being used as a lure for cyberattacks.

Scams 91

Scams Hacking 91

Security Affairs

DECEMBER 7, 2020

Electronics contract manufacturer Foxconn is the last victim of the DoppelPaymer ransomware operators that hit a Mexican facility. DoppelPaymer ransomware operators infected the systems at a Mexican facility of Foxconn electronics giant over the Thanksgiving weekend. The plan is located in Ciudad Juárez, Chihuahua, Mexico. The hackers also claim to have stolen unencrypted files before encrypting the targeted systems.

Ransomware 70

Ransomware Manufacturing Encryption Hacking 70

Google Security

DECEMBER 7, 2020

Posted by the Information Security Engineering team at Google Every summer, Google’s Information Security Engineering (ISE) team hosts a number of interns who work on impactful projects to help improve security at Google. This year was no different—well, actually it was a little bit different because internships went virtual. But our dedication to security was still front and center as our intern team worked on improvements in open source software.

Engineering 75

Engineering Computers and Electronics Education Software 75

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

DECEMBER 7, 2020

Cisco released security updates to fix multiple pre-authentication RCE flaws with public exploits affecting Cisco Security Manager. Cisco has released security updates to address multiple pre-authentication remote code execution vulnerabilities with public exploits affecting Cisco Security Manager (CSM). CSM provides a comprehensive management solution for CISCO devices, including intrusion prevention systems and firewalls (i.e.

Authentication 68

Authentication Firewall Software Hacking 68

Google Security

DECEMBER 7, 2020

Posted by Dominic Rizzo, OpenTitan Lead, Google During the past year, OpenTitan has grown tremendously as an open source project and is on track to provide transparent, trustworthy, and cost-free security to the broader silicon ecosystem. OpenTitan, the industry’s first open source silicon root of trust, has rapidly increased engineering contributions, added critical new partners, selected our first tapeout target, and published a comprehensive logical security model for the OpenTitan silicon, a

Engineering 75

Engineering Software Mobile Technology 75

Threatpost

DECEMBER 7, 2020

In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive. Lost in the chaos was IT security.

Healthcare 80

Healthcare Cybersecurity Data privacy Ransomware 80

Dark Reading

DECEMBER 7, 2020

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

78

78

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.