Mon.Jul 19, 2021

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups.

Candiru: Another Cyberweapons Arms Manufacturer

Schneier on Security

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report : Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Second Wave of a Ransomware Pandemic

Security Boulevard

In January, we published the Ransomware Pandemic, a report discussing the ever-evolving threat of ransomware and the growing devastation disseminated by these malicious malware strains.

Apple iPhones to get protection against Pegasus Mobile Spyware

CyberSecurity Insiders

As the media around the world is busy speculating about the targets related to Pegasus Mobile Spying malware, Apple Inc, the American company that is into the production of iPhones has issued a press statement that its engineers are working on a fix to protect the users from becoming victims to the said spying Israeli malware.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Ransomware and the C-I-A Triad

Security Boulevard

In earlier, more innocent (?) times, cyberattacks seemed to be fairly straightforward. You have the data exfiltration attacks, where copies of sensitive personal information and intellectual property are stolen, often without the victims’ knowledge since the original data are left intact.

CSO 113

Threat Hunting Frameworks and Methodologies: An Introductory Guide

CyberSecurity Insiders

Author: Dave Armlin, VP Customer Success, ChaosSearch. Creating an effective threat hunting program is among the top priorities of security leaders looking to become more proactive and build active defenses.

More Trending

The Pipeline Attack – Is Log Analysis Enough for Cybersecurity?

CyberSecurity Insiders

Many MSSP’s use SIEMs and other log management/aggregation/analysis solutions for cybersecurity visibility, but is log analysis enough?

Security for Startups in a DevOps World: Infrastructure, IAM, and Remote Environments

Security Boulevard

Explore some of the basics of startup infrastructure and security from a DevOps mindset to enable agility, execution, and quality. The post Security for Startups in a DevOps World: Infrastructure, IAM, and Remote Environments appeared first on JumpCloud.

105
105

Cybersecurity salaries: What 8 top security jobs pay

CSO Magazine

As organizations emerge from the COVID-19 pandemic, hiring is on the rebound—and that is especially true in the information security ranks where demand has outstripped supply for years.

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack

Dark Reading

Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals

The new ransomware threat: triple extortion

IT Security Guru

By the time you have finished reading this sentence, an organisation somewhere in the world will have fallen victim to a ransomware attack and had at least some of its corporate data encrypted.

Five Critical Password Security Rules Your Employees Are Ignoring

The Hacker News

According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic?

Rising Threats Target Cloud Providers, Virtual Infrastructure

Security Boulevard

A growing number of cybercriminals are developing malware to conduct attacks on virtualized environments, and some are aggressively trying to exploit vulnerabilities already found in software for deploying virtual infrastructure, according to a report from Positive Technologies.

It’s time to get ahead of weaponised vulnerabilities

IT Security Guru

It comes as no surprise that the Covid-19 pandemic has resulted in an increase in security gaps. The global crisis revealed a multitude of nascent cyber-security shortcomings, including a lack of agility to support homeworking and an overreliance on on-premise security.

Risk 90

7 Ways AI and ML Are Helping and Hurting Cybersecurity

Dark Reading

In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm

Netflix password crackdown: why users should be arguing for stronger measures

IT Security Guru

It was long overdue, but Netflix has finally started to explore ways to address its password problem.

Consumer Data And Privacy | Avast

Security Boulevard

In this post, we will explain exactly why customer data is valuable and why it is so important for businesses to protect. Specifically, we'll take a look at the kinds of data businesses collect, various vulnerabilities in systems, and what businesses can do to ensure that they put customers first.

87

Are your processing activities subject to the GDPR?

TrustArc

When the European Union’s (EU) General Data Protection Regulation (GDPR) was initially effective in 2018, many companies were confused at whether they were directly subject to the GDPR or not. Back then, companies tended to be more focused on not being subject to the extraterritoriality of the GDPR.

86

CISO Interview Series: How Aiming for the Sky Can Help Keep Your Organization Secure

Security Boulevard

Organizations need the right internal personnel like a CISO to keep their systems and data secure. But what kind of skills do these leaders need? And how should they guide their employers in a way that doesn’t overlook the evolving threat landscape?

CISO 87

Ransomware Attack on Northern Rail UK

CyberSecurity Insiders

A suspected ransomware attack on the servers of Northern Rail’s ticketing system has disrupted the digital services of the company from the past 12 hours and news is out that the operator might make a recovery only after 2 days.

Thousands of companies compromised by REvil Ransomware – the supply chain strikes again

Security Boulevard

On July 2, news emerged of a large-scale attack leveraging the Kaseya VSA network monitoring and management solution to deploy a variant of the REvil ransomware.

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

Security Affairs

A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant, Saudi Aramco.

How to Prevent Supply Chain Attacks by Securing DevOps

Security Boulevard

Best practices for securing the software supply chain. Photo by Andy Li on Unsplash. In the wake of several highly publicized supply chain attacks, regulatory and media focus is shifting to address third-party software risk.

How to activate virtualization-based security and core isolation in Windows 10

Tech Republic Security

Give your PC a little extra security. HVCI and VBS are available in 64-bit versions of Windows 10, but you must turn them on manually. We show you how

120
120

How long-term hybrid work is changing security strategies

CSO Magazine

Pam Nigro wants to know if workers at her company are working odd hours. She wants to know exactly where they are, too, because such surveillance is one of the strategies Nigro has to keep her company safe. To read this article in full, please click here (Insider Story

White House Accuses China of Microsoft Exchange Attack

Security Boulevard

Russia may have drawn the lion’s share of scorn for a recent string of cyberattacks against U.S. and global interests, but the Biden administration and a bevy of allies and partners blame China for the assault on Microsoft’s email system.

US and allies finger China in Microsoft Exchange hack

Tech Republic Security

The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes

Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

Security Boulevard

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S.

Experts show how to bypass Windows Hello feature to login on Windows 10 PCs

Security Affairs

Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism.

BSides Vancouver 2021 – Vivek Ponnada’s ‘Is The Power Grid A Huge Cybersecurity Risk?’

Security Boulevard

Our thanks to BSides Vancouver for publishing their outstanding BSides Vancouver 2021 Conference videos on the groups' YouTube channel. Permalink. The post BSides Vancouver 2021 – Vivek Ponnada’s ‘Is The Power Grid A Huge Cybersecurity Risk?’

Risk 83

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

The Hacker News

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.

Risk 75

Simplify Security Conversations

Security Boulevard

The post Simplify Security Conversations appeared first on Digital Defense, Inc. The post Simplify Security Conversations appeared first on Security Boulevard. Security Bloggers Network Blog Comprehensive Vulnerability Management Cyber Threat Management Frontline Vulnerability Manager Videos

Combatting ransomware: a holistic approach

IT Security Guru

Although cybercrime as a whole has seen a rise during the pandemic, arguably ransomware has been one of the more successful and lucrative attack types. According to the World Economic Forum 2020 Global Risk Report , ransomware was the third most common, and second most damaging type of malware attack recorded last year, with payouts averaging a hefty $1.45M per incident.

Richtlinienkonforme Authentifizierung durch Verhaltensbiometrie

Security Boulevard

83

iPhones running latest iOS hacked to deploy NSO Group spyware

Bleeping Computer

Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's latest iOS release, hacked using zero-day zero-click iMessage exploits. [.]. Security

Nations come together to condemn China: APT31 and APT40

Security Boulevard

On Monday (19JUL2021) President Biden announced that the US and its allies were joining together to condemn and expose that China was behind a set of unprecedented attacks exploiting vulnerabilities in Microsoft Exchange servers conducted earlier this year.