Tue.Sep 14, 2021

article thumbnail

Why you should avoid those fun social media "tell us about yourself" questions

Tech Republic Security

Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity.

Media 216
article thumbnail

Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus

Trend Micro

Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction.

Mobile 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Apple releases emergency patch to protect all devices against Pegasus spyware

Tech Republic Security

Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.

Spyware 218
article thumbnail

What is a cyberattack surface and how can you reduce it?

We Live Security

Discover the best ways to mitigate your organization's attack surface, in order to maximize cybersecurity. The post What is a cyberattack surface and how can you reduce it? appeared first on WeLiveSecurity.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Securing the Edge in a Hybrid Environment

Security Boulevard

A year ago, the buzz in cybersecurity was around how to best secure a remote workforce. Today, organizations have to consider how to secure a hybrid environment, with not just a mix of on-premises and cloud-based infrastructure but also with a workforce that is splitting time between the office and a remote site. “The shift. The post Securing the Edge in a Hybrid Environment appeared first on Security Boulevard.

article thumbnail

Serious probe on T-Mobile Cyber Attack 2021

CyberSecurity Insiders

We all known that a few weeks ago, American Telecom Giant T-Mobile experienced a cyber attack in which data related to over 54.6m individuals was exposed to hackers and that includes information such as addresses, names, DoBs, phone numbers, social security numbers, driving license details, IMEI numbers, IMSI numbers and some credit card info related to customers paying their T-Mobile bill online.

More Trending

article thumbnail

8 top cloud security certifications

CSO Magazine

As companies move more and more of their infrastructure to the cloud, they're forced to shift their approach to security. The security controls you need to put in place for a cloud-based infrastructure are different from those for a traditional datacenter. There are also threats specific to a cloud environment. A mistake could put your data at risk.

Risk 139
article thumbnail

Sextortion Scam: Blackmail scam emails that demand Bitcoin

Quick Heal Antivirus

What is Sextortion? Sextortion is a scam via email or any other medium to blackmail the victim and. The post Sextortion Scam: Blackmail scam emails that demand Bitcoin appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Scams 137
article thumbnail

Russia is fully capable of shutting down cybercrime

CSO Magazine

It is no secret the locus for a great deal of the world’s cybercriminal activity lays within the boundaries of The Russian Federation. The onslaught of ransomware attacks directed at non-Russian entities is evidence of that. Last week, Recorded Future’s Insikt Group published a report shedding more light on the connection between the Russian state and criminal actors, a connection that Insikt Group posits is “well established yet highly diffused.”. [ Learn the The 5 types of cyberattack you're

article thumbnail

Parts of the Dark Web “awash” with school children’s personal data

Malwarebytes

NBC News has collected and analyzed a trove of children’s personal information it discovered on the Dark Web. Even though this information may not be as useful to cybercriminals as credit card details or login credentials, the information is still out there, where we don’t want it. So what is it, and how did it get there? Ransomware. Modern ransomware gangs don’t just encrypt data, they frequently steal it too.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft fixes remaining Windows PrintNightmare vulnerabilities

Bleeping Computer

Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly. [.].

144
144
article thumbnail

Update now! Google Chrome fixes two in-the-wild zero-days

Malwarebytes

Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 (93.0.4577.82), will be released for Windows, Mac, and Linux (if it hasn’t already). Chrome users are expected to see the roll out in the coming days and weeks.

article thumbnail

Aligning Cloud Security to the Cybersecurity Exec Order

Security Boulevard

It’s encouraging to see alignment between the Biden administration and industry around the critical nature of cybersecurity and see pragmatic steps forward. The White House’s issuance of an executive order (EO) on improving the nation’s cybersecurity and last month’s follow-up meeting with industry leaders are encouraging milestones. As technology touches every aspect of our lives.

article thumbnail

Apple releases emergency update: Patch, but don’t panic

Malwarebytes

Spyware developed by the company NSO Group is back in the news today after Apple released an emergency fix for iPhones, iPads, Macs, and Apple Watches. The update fixes a vulnerability silently exploited by software called Pegasus, which is often used in high-level surveillance campaigns by governments. Zero-day. Pegasus spyware is typically installed on victims’ phones using a software exploit that requires little or no user interaction—perhaps no more than a click.

Spyware 125
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Why IOT in the Commercial Facilities Sector Opens As Many Opportunities As It Does Vulnerabilities

Security Boulevard

Every month there seems to be a new device that changes the way we travel, communicate, conduct business, and live our personal lives. The transformation promises efficiency and ease for the user, it promises better outcomes. These devices are IoT devices, or Internet of Things, which are physical devices with sensors that collect, analyze, and transmit data in real-time without human intervention. .

IoT 132
article thumbnail

Millions of HP OMEN gaming PCs impacted by driver vulnerability

Bleeping Computer

Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions. [.].

143
143
article thumbnail

WhatsApp announces end?to?end encrypted backups

We Live Security

The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks. The post WhatsApp announces end‑to‑end encrypted backups appeared first on WeLiveSecurity.

Backups 123
article thumbnail

Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw

Security Affairs

A high severity vulnerability, tracked as CVE-2021-3437 , in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS and privilege escalation attacks. Millions of HP OMEN laptop and desktop gaming computers are exposed to multiple attacks by a high severity vulnerability tracked as CVE-2021-3437 that was discovered by SentinelLabs researchers. “Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of pri

Software 118
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Cisco Wins 2021 Frost and Sullivan Market Leadership Award

Cisco Security

Cisco is proud to be the only vendor recognized by Frost & Sullivan with the Best Practices Market Leadership Award for excellence in the network firewall market. This award recognizes that Cisco achieved the greatest market share in the global firewall market due to outstanding performance, products, and service. We’re honored to receive industry recognition for making security less complex, more agile, and better able to defend against today’s and tomorrow’s threats.

Marketing 112
article thumbnail

BrandPost: Work from Anywhere Doesn't Work Without Endpoint Security

CSO Magazine

After the pandemic sent many employees home, the concept of work from anywhere was top of mind for many organizations transitioning their infrastructure to support this new model. However, even before the pandemic, there was a need for secure remote access regardless if a user was on their home network, office network or coffee shop network. People checked their work email while sitting at a soccer game or restaurant.

article thumbnail

Phishing Attacks Getting Sneakier with Open Redirects

Security Boulevard

Using open redirects takes phishing email deceptiveness – and therefore effectiveness -- up a notch by displaying a legit-seeming URL to users who are prudent enough to hover over a link. The post Phishing Attacks Getting Sneakier with Open Redirects appeared first on Ericom Blog. The post Phishing Attacks Getting Sneakier with Open Redirects appeared first on Security Boulevard.

Phishing 110
article thumbnail

BrandPost: Improve Your Organization’s Cyber Hygiene With CIS CSAT Pro

CSO Magazine

Basic cyber hygiene is the foundation for any good cybersecurity program. Tony Sager, CIS VP and Chief Evangelist, recently defined basic cyber hygiene as Implementation Group 1 (IG1) of the CIS Critical Security Controls, or CIS Controls for short. The Safeguards (formerly known as Sub-Controls) covered in IG1 can help protect organizations from all five of the top attack vectors.

Internet 109
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Apple Patches Vulnerabilities in iOS Exploited by Spyware

eSecurity Planet

Apple continues to be haunted by spyware developed by an Israeli security firm that hostile governments used to hack into Apple devices to spy on journalists, activists and world leaders (see Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal ). News of the nefarious uses of NSO Group’s Pegasus software first surfaced in July.

Spyware 107
article thumbnail

T-Mobile was breached: Here's how to protect your account

Tech Republic Security

T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.

Mobile 122
article thumbnail

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

The Hacker News

A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week.

Software 107
article thumbnail

Dark Web sees spike in fake COVID vaccine card sales

Tech Republic Security

Some people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.

112
112
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads

The Hacker News

Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems while simultaneously embracing a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions.

article thumbnail

Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug

Bleeping Computer

Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers. [.].

135
135
article thumbnail

Microsoft Patches Actively Exploited Windows Zero-Day Bug

Threatpost

On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.

106
106
article thumbnail

Reported Rates of Major Security Incidents by Market

Dark Reading

In the "Proven Success Factors for Endpoint Security" report, Cisco Security shares a global perspective on reported cyber events in the past two years.

Marketing 111
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.