Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Banking 352

Banking Phishing Scams Accountability 352

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Hacking 293

Hacking Firmware Engineering Software 293

Tech Republic Security

NOVEMBER 10, 2021

After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top.

Ransomware 202

Ransomware 202

Security Boulevard

NOVEMBER 10, 2021

The specter of ransomware is currently looming large. Barely a day goes by without headlines announcing the latest big name whose data’s been ‘kidnapped’ by cybercriminals—and imagine the number of victims that we don’t hear about! Recently, the well-known camera maker Olympus was allegedly hit by a ransomware attack which is still under investigation; other.

Ransomware 144

Ransomware Mobile Malware Cybersecurity 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

NOVEMBER 10, 2021

A survey conducted by Cloud Security service provider NordLocker has stated that the year 2020 witnessed ransomware spreading gangs targeting over 35 industries of which Construction Industry was hit the most. Revealing some names from their research, NordLocker stated that the Construction, manufacturing, Finance, healthcare, Education, IT and technology, Transportation and logistics, Automotive, Municipal Services and legal were hit the most.

Ransomware 136

Ransomware Healthcare Manufacturing Education 136

Security Boulevard

NOVEMBER 10, 2021

New EMA Research Highlights the Rise of Active Directory Exploits Active Directory is getting a lot of buzz in business and tech news outlets lately—but not in a good way. AD continues to be a prime target for cybercriminals: Just a few recent examples include AD-related attacks on Sinclair Broadcast Group, camera manufacturer Olympus, The post Why 86% of Organizations Are Increasing Their Investment in Active Directory Security appeared first on Semperis.

Manufacturing 143

Manufacturing Ransomware 143

Security Affairs

NOVEMBER 10, 2021

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South Korean victims.

Spyware 135

Spyware Mobile Social Engineering Surveillance 135

Tech Republic Security

NOVEMBER 10, 2021

A majority of IT pros working at hospitals who were surveyed by Armis said they've seen a rise in cyber risk over the past 12 months.

Cyber threats 141

Cyber threats Risk Healthcare Cyber Risk 141

CSO Magazine

NOVEMBER 10, 2021

Secrets stored in Git repositories have been a thorn in the side of developers and a go-to source for attackers for a long time. Ensuring that sensitive information is stored appropriately and scrubbed from repositories has become a necessity to reduce the likelihood of software being compromised, often in very public ways. While this seems obvious, it’s easy to overlook hardcoded connection strings, passwords, and even plaintext credentials stored by the development tool itself.

Passwords 130

Passwords Software 130

CyberSecurity Insiders

NOVEMBER 10, 2021

Tesla CEO Elon Musk has once again termed the usage of Artificial Intelligence (AI) threatening to the existence of Human Kind and added that the use of robots in various industries will kill jobs and will make education related degrees valueless. Speaking at the World Artificial Intelligence Conference in Shanghai, Mr. Musk felt that although AI is one of the brilliant technological marvels, it has its own cons that can prove fatal to the entire humankind.

Artificial Intelligence 129

Artificial Intelligence Education Manufacturing Technology 129

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

NOVEMBER 10, 2021

The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.

DDOS 138

DDOS 138

CyberSecurity Insiders

NOVEMBER 10, 2021

Canada Province’s Privacy Commissioner has issued a statement that the healthcare sector in the region was facing immense threats related to identity theft. So, John Haggie, serving as the Province’s Health Minister, expressed his solicitude that there is a high potential that data related to 1000s of patients and healthcare staff could have been compromised by now.

Identity Theft 128

Identity Theft Healthcare Banking Insurance 128

The Hacker News

NOVEMBER 10, 2021

Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.

Cybersecurity 128

Cybersecurity 128

CSO Magazine

NOVEMBER 10, 2021

A friend recently traveled to Iceland and came back with the knowledge that the country is a key hub for Bitcoin mining due to its cheap thermal energy source. Your computer or your network’s computers could also be an ideal spot for cryptomining. I know of individuals who were found to be running cryptomining software on customers’ machines in violation of firm’s practices.

Software 125

Software 125

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Malwarebytes

NOVEMBER 10, 2021

Over the weekend, hackers revealed that the Playstation 5 (PS5), Sony’s latest darling, has been broken into—not just once but twice. Fa i l0verflow , the hacking group notorious for breaking Playstation consoles, and Andy “TheFlow” Nguyen , a security engineer at Google and widely known in the Playstation Vita scene, both tweeted samplings of their successful PS5 hacks.

Hacking 123

Hacking Firmware Retail Engineering 123

Bleeping Computer

NOVEMBER 10, 2021

The Federal Bureau of Investigation (FBI) warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations. [.].

122

122

Security Boulevard

NOVEMBER 10, 2021

A newly discovered initial access broker (IAB), dubbed Zebra2104, has been enabling threat actors to share the resources of powerful ransomware groups StrongPity, Phobos and MountLocker and pose even greater danger to vulnerable companies. “While it might seem implausible for criminal groups to be sharing resources, we found these groups had a connection that is.

Ransomware 120

Ransomware Social Engineering Security Awareness Engineering 120

eSecurity Planet

NOVEMBER 10, 2021

For a security technology that’s only a few years old, microsegmentation is catching on quickly. According to a new report from edge security vendor Byos, 88 percent of cybersecurity leaders believe microsegmentation is essential to achieving zero trust security, and 83 percent are currently leveraging microsegmentation in some form. Despite such strong uptake, the market still has plenty of room to grow, the report found: only 17 percent have fully invested in microsegmentation to the poi

Healthcare 120

Healthcare IoT Network Security Telecommunications 120

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

NOVEMBER 10, 2021

Episode 23: Securing Family Devices with SANS Institute School districts are more digitally connected than ever before in today’s learning environment, thanks to cloud applications such as Google Workspace and Microsoft 365. Further, hybrid and remote learning is here to stay in schools. This means districts are seeing more devices and access from students and […].

Education 120

Education Cybersecurity 120

Dark Reading

NOVEMBER 10, 2021

AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.

Risk 132

Risk 132

Threatpost

NOVEMBER 10, 2021

Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.

VPN 127

VPN Firewall 127

The Hacker News

NOVEMBER 10, 2021

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.

VPN 120

VPN Firewall Cybersecurity 120

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

NOVEMBER 10, 2021

Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks. Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new critical vulnerabilities in BusyBox. The software is used by many network appliances and embedded devices with limited memory and storage resources.

Risk 117

Risk Firmware Software Hacking 117

We Live Security

NOVEMBER 10, 2021

The tech giant wins an appeal against a claim that it unlawfully collected personal data of millions of iPhone users. The post Google scores big win as court blocks iPhone tracking lawsuit appeared first on WeLiveSecurity.

138

138

Dark Reading

NOVEMBER 10, 2021

OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late.

Engineering 113

Engineering Cybersecurity Risk 113

Bleeping Computer

NOVEMBER 10, 2021

A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application. [.].

Engineering 112

Engineering Hacking 112

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

NOVEMBER 10, 2021

Significant cyberattacks against critical targets in Europe have doubled in the past year, according to EU figures obtained by CNN. And with the announced pressure from the US against major ransomware gangs we can expect these figures to go up even more. It’s also clear from recent attacks that the holiday season and the associated spending sprees make online retailers an attractive target for cybercriminals.

Retail 111

Retail Computers and Electronics Ransomware Accountability 111

Security Boulevard

NOVEMBER 10, 2021

246th Birthday Message From General Berger, CMC. On 10 November 1970, Commandant Chapman challenged all Marines, active and inactive, young and old, deployed or recently returned from combat, “not to look back, but instead, to look to the future.” He insisted that we celebrate our anniversary, “not as an end of almost two centuries of dedicated service, but as. preparation for new service, new dedication, and new achievement.

104

104

Bleeping Computer

NOVEMBER 10, 2021

A team of researchers at the Imperial College in London have presented a simple method to evade detection by image content scanning mechanisms, such as Apple's CSAM. [.].

Technology 104

Technology 104

Security Boulevard

NOVEMBER 10, 2021

Half of respondents to the recent ActualTech Media MegaCast: Ensuring Trust and Security in Enterprise IT and the Cloud survey were not confident that their data is as secure in the cloud as it is on-premises. Businesses are concerned they’ll lose control of their environment, become unable to define and manage their attack surface and. The post Security Basics in a Hybrid Environment appeared first on Security Boulevard.

Media 104

Media Security Awareness Mobile Cybersecurity 104

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.