Wed.Dec 23, 2020

article thumbnail

Investigating the Navalny Poisoning

Schneier on Security

Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian GRU back in August. The details display some impressive traffic analysis. Navalny got a confession out of one of the poisoners, displaying some masterful social engineering. Lots of interesting opsec details in all of this.

article thumbnail

US, European Law Enforcement Shut Down Cybercrime-Friendly VPN Services

Adam Levin

Law enforcement agencies from the United States and Europe seized domain names and servers belonging to a virtual private network (VPN) provider long linked to online cybercrime. In a press release issued December 22, U.S. Attorney Matthew Schneider announced the action, called “Operation Nova,” which disrupted the activities of a so-called “bulletproof hosting service” in coordination with Europol and law enforcement agencies from Germany, France, Switzerland, and the Netherlands.

VPN 260
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Android security: The last piece of advice you'll need for 2020

Tech Republic Security

Jack Wallen takes one more opportunity to remind Android device owners to use those phones with a great deal of caution; otherwise, they could become victims of malware.

Malware 214
article thumbnail

Hey Alexa, Who Am I Messaging?

Threatpost

Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.

IoT 145
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

6 persuasion tactics used in social engineering attacks

Tech Republic Security

IT security teams need to educate employees about the psychological techniques cybercriminals often use in social engineering attacks.

article thumbnail

Cellebrite claims to be able to access Signal messages

Security Affairs

Israeli cyber security firm Cellebrite claims that it can decrypt messages from the popular Signal’s messaging app. Israeli security firm Cellebrite has claimed that it can decrypt messages from the Signal highly secure messaging app. The BBC reported the link to a blog on the company website that details the procedure to decrypt the Signal messages.

Mobile 124

More Trending

article thumbnail

Don’t let your kids’ online classes be disrupted by cyberattacks!

Quick Heal Antivirus

2020 will be remembered for a lot of sweeping changes and online classes are definitely on top of. The post Don’t let your kids’ online classes be disrupted by cyberattacks! appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

98
article thumbnail

7 ways malware can get into your device

We Live Security

You know that malware is bad, but are you also aware of the various common ways in which it can infiltrate your devices? The post 7 ways malware can get into your device appeared first on WeLiveSecurity.

Malware 98
article thumbnail

A discount isn’t just for Christmas – why data can hold the key to relationships that go beyond the festive season

IT Security Guru

The COVID-19 pandemic has accelerated years of change in just eight months, particularly in the way companies across the globe conduct business. Specifically, it has driven an unprecedented number of people online, to shop and perform numerous transactions which they can no longer do in person – and companies and industries, including retail, have responded in turn.

article thumbnail

Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack

Threatpost

The nation-state actor is looking to speed up vaccine development efforts in North Korea.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How to bring zero-trust security to microservices

InfoWorld on Security

Transitioning to microservices has many advantages for teams building large applications, particularly those that must accelerate the pace of innovation, deployments, and time to market. Microservices also provide technology teams the opportunity to secure their applications and services better than they did with monolithic code bases. Zero-trust security provides these teams with a scalable way to make security fool-proof while managing a growing number of microservices and greater complexity.

article thumbnail

Emotet Returns to Hit 100K Mailboxes Per Day

Threatpost

Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.

Malware 130
article thumbnail

Best Practices to Make Sure VPN Access Remains Seamless

eSecurity Planet

The COVID-19 pandemic of 2020 has forced enterprises of all sizes and industries to adopt new work approaches that keep employees safe at home while ensuring productivity and security. Not only have videoconferencing applications such as Zoom, Skype, and Cisco Webex gone through the roof in usage, but new and more sophisticated networking and security products are also in high demand.

VPN 86
article thumbnail

White Ops Announces Its Acquisition

Dark Reading

A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.

Banking 121
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

6 Questions You Should Ask Security Vendor Before Opting for Mobile Security Assessment

Appknox

Companies across industries are moving to the cloud and adopting cybersecurity measures to protect themselves from the onslaught of cyberattacks. But before you opt for a security vendor for mobile security assessment, it’s essential to keep a few things in mind.

Mobile 81
article thumbnail

Enterprise IoT Security Is a Supply Chain Problem

Dark Reading

Organizations that wish to take advantage of the potential benefits of IoT systems in enterprise environments should start evaluating third-party risk during the acquisition process.

IoT 109
article thumbnail

Lazarus covets COVID-19-related intelligence

SecureList

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research. While tracking the Lazarus group’s continuous campaigns targeting various industries, we discovered that they recently went after COVID-19-related entities.

Malware 76
article thumbnail

Lazarus Group Seeks Intelligence Related to COVID-19

Dark Reading

Researchers attribute attacks targeting a pharmaceutical company and a government ministry related to COVID-19 response.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Managing 2021: Preparing for the Hybrid Future of Work

IT Security Central

Tips and considerations for productively managing a distributed workforce in the new era of remote work As we come to the close of the year, we can say that 2020 has been a very long decade. Along with the personal difficulties and uncertainties, businesses faced a real struggle as they navigated how to keep the […].

article thumbnail

Microsoft, McAfee, Rapid7, and Others Form New Ransomware Task Force

Dark Reading

Industry group wants to get a framework in the hands of the new administration's cybersecurity officials by early spring 2021.

article thumbnail

Third-Party APIs: How to Prevent Enumeration Attacks

Threatpost

Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it.

Retail 89
article thumbnail

The IT skills gap: flexible resourcing is the solution

IT Security Guru

The pandemic’s effect on our relationship with technology is a profound one. Lockdown ushered in a sudden and wide-spread adoption of remote working, and the uncertainty brought with it a slew of opportunist cybercriminals. The result of this rapid rate of change highlighted that the UK’s already glaring tech skills gap has been stretched to the extreme.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

How we protect our users against the Sunburst backdoor

SecureList

What happened. SolarWinds, a well-known IT managed services provider, has recently become a victim of a cyberattack. Their product Orion Platform, a solution for monitoring and managing their customers’ IT infrastructure, was compromised by threat actors. This resulted in the deployment of a custom Sunburst backdoor on the networks of more than 18,000 SolarWinds customers, with many large corporations and government entities among the victims.

Malware 59
article thumbnail

The Zero Click, Zero Day iMessage Attack Against Journalists

SecureWorld News

Earlier this year, 36 journalists, producers, anchors, and executives at Al Jazeera had their personal phones hacked. Their phones were hacked through the use of an exploit chain known as KISMET, an invisible zero-click exploit in iMessage. In July of this year, KISMET was a successful zero-day attack against at least iOS 13.5.1 and could hack the Apple iPhone 11.

Spyware 52
article thumbnail

The Top 10 in 2020: Most Popular Articles of the Year

CompTIA on Cybersecurity

The most read articles of 2020 showcase how the IT community has come together in unprecedented times.

52
article thumbnail

Appknox Year in Review 2020

Appknox

The year 2020 began with so many promises for team Appknox. We had just ended 2020 on a high note with substantial growth in revenue, customer acquisition and regional expansion. As we looked forward charged up to blaze past 2020, the world was shocked and humbled with the sudden COVID-19 pandemic. Just like all other companies globally, Appknox was faced with tremendous pressure to act, think and evolve quickly.

75
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Cybersecurity Outlook 2021: Trends and Predictions

eSecurity Planet

Just when it seemed that 2020 couldn’t get any weirder, news broke that Russian state-sponsored hackers had spent much of the year exploiting vulnerabilities in SolarWinds ‘ widely used Orion IT management software to hack into major federal agencies and corporations. Suddenly the year wasn’t about the massive shift toward remote work caused by the COVID-19 pandemic, so in a way the incident had a feeling of normalcy by returning the focus to timeless IT security issues – with

article thumbnail

2020 Shows the Danger of a Decapitated Cyber Regime

WIRED Threat Level

Trump's White House has long been AWOL on cybersecurity. That lack of oversight almost seemed to be working—until the SolarWinds hack.

Hacking 100