CSO Magazine

NOVEMBER 23, 2021

President Biden’s wide-ranging cybersecurity executive order (EO) issued in May aims to improve software security through a series of guidelines. As the EO directed, the National Institute of Standards and Technology (NIST) has produced a definition of what constitutes “critical software,” published guidance on security measures for EO-critical software use, and released guidelines on vendors’ source-code testing.

Software 125

Software Technology Cybersecurity 125

Tech Republic Security

NOVEMBER 23, 2021

Third-party app trackers have become a real problem on Android, and DuckDuckGo is doing something about it. Find out why Jack Wallen believes this is the browser you need to use.

218

218

Security Boulevard

NOVEMBER 23, 2021

Although the vast majority of businesses are making multi-cloud a strategic priority in 2022 and keeping security top-of-mind, many feel they lack the tools and skills needed to execute on these plans. In fact, additional security complexities have prevented IT leaders from moving to multiple cloud platforms, even though the majority of organizations know that.

Cybersecurity 145

Cybersecurity Network Security 145

Tech Republic Security

NOVEMBER 23, 2021

Though the feds haven't identified any specific known threats, criminals are prone to strike when key employees are traveling or spending time with family and friends.

Government 217

Government Ransomware 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

NOVEMBER 23, 2021

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission (SEC) that it had suffered a security breach. In the notice, it explained it had been compromised via an “unauthorized third-party access to our Managed WordPress hosting environment.” The unknown culprit behind the attack stole up to 1.2 million active and inactive customer data, including email addresses, original WordPress admin passwords, Secure File Transfer Pro

Passwords 145

Passwords Accountability CISO Banking 145

Tech Republic Security

NOVEMBER 23, 2021

Proofpoint finds that bad actors are using SMS messages about package deliveries as the bait in new scams.

Scams 216

Scams 216

Tech Republic Security

NOVEMBER 23, 2021

Social media has become an integral part of modern communications, providing valuable information to businesses and individuals. Unfortunately, some of that information is just plain wrong or misleading.

Media 160

Media 160

Bleeping Computer

NOVEMBER 23, 2021

A large-scale malware campaign on Huawei's AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps [.].

Malware 145

Malware Mobile 145

CSO Magazine

NOVEMBER 23, 2021

Storage systems have a significantly weaker security posture than the other two layers of IT infrastructure — compute and network equipment — according to a report from cybersecurity company Continuity Software. By analyzing data from more than 400 enterprise storage devices, the research revealed 6,300 discrete security issues related to 15 vulnerabilities that, on average, every enterprise security device is exposed to.

Software 133

Software Cybersecurity 133

Bleeping Computer

NOVEMBER 23, 2021

Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours. [.].

140

140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

NOVEMBER 23, 2021

The legal entanglement of the entrepreneurial U.S. Navy engineer, Jonathan Toebbe, who hoped to parley sensitive nuclear submarine secrets into a cool $5 million is now in hiatus as he sits in a West Virginia jail cell awaiting his December trial. We can only imagine the discussions within the Navy’s information security teams upon learning some of the most sensitive of secrets were hand carried out of classified environments, back to the residence of the employee, and then passed on to an unaut

CISO 131

CISO Engineering Information Security 131

Bleeping Computer

NOVEMBER 23, 2021

Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day publicly disclosed by security researcher Abdelhamid Naceri over the weekend. [.].

Malware 135

Malware 135

The Hacker News

NOVEMBER 23, 2021

Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals.If we choose to go with this fun analogy, is there anything useful we can learn from those movies?

Cybersecurity 132

Cybersecurity 132

We Live Security

NOVEMBER 23, 2021

Threat actors have previously timed ransomware and other attacks to coincide with holidays and weekends. The post FBI, CISA urge organizations to be on guard for attacks during holidays appeared first on WeLiveSecurity.

Ransomware 138

Ransomware Cybersecurity 138

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

NOVEMBER 23, 2021

At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.

Malware 129

Malware Mobile 129

Webroot

NOVEMBER 23, 2021

As the holiday season draws near, shoppers are eagerly searching for gifts online. Unfortunately, this time of year brings as much cybercrime as it does holiday cheer. Especially during the holidays, cybercriminals are eager to exploit and compromise your personal data. Even businesses large and small are not immune to the dark forces at work. Whether you purchase a new device or receive one as a gift, now is the time to consider the importance of protecting it with an antivirus program.

Antivirus 126

Antivirus Identity Theft Adware Internet 126

Security Boulevard

NOVEMBER 23, 2021

Definition of Internet of Things (IoT ) The Internet of Things stands for IoT. Things refer to the items we use in our daily lives (e.g., domestic appliances and electronics). These items, termed the Internet of Things, are accessible or connected through the Internet. A network of physical items incorporated in the software, electrical devices and [.].

IoT 124

IoT Internet Internet Software 124

Javvad Malik

NOVEMBER 23, 2021

I saw an article on The Register today entitled, Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees. TL;DR the argument is whether or not crypto should mean cryptography or cryptocurrency. Now, I get it, it can be an emotional topic for some – but really? The majority of the population don’t even understand what cryptography actually is.

InfoSec 100

InfoSec Encryption Cryptocurrency Banking 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

NOVEMBER 23, 2021

Since my career began about fifteen years ago, the challenges faced by businesses to recruit the best cybersecurity talent remain—how to find the right talent, and the realization of just how valuable and rare real cybersecurity skills are. Companies are still struggling to close the cybersecurity skills gap of over three million vacancies, and recruiters.

Cybersecurity 122

Cybersecurity Security Awareness 122

CyberSecurity Insiders

NOVEMBER 23, 2021

As most of the IT employees have either applied or planning to take a long leave for this weekend. Those spreading ransomware felt that this is the best time to enter a corporate network and compromise it with ransomware as most of the employees will be less vigilant as they will be busy shopping for the best deals during this Thanksgiving 2021(November 25th,2021) and Black Friday 2021(November 26th,2021).

Cyber threats 120

Cyber threats Ransomware Passwords Accountability 120

Security Boulevard

NOVEMBER 23, 2021

A new malicious package, noblox.js-rpc was spotted on the npm registry this month that leverages the same techniques we saw before to steal all sorts of sensitive data like credentials, files, and even the windows registration key and finally install ransomware. The package is being tracked under the identifier, sonatype-2021-1526 in Sonatype’s security data. .

Malware 122

Malware Ransomware 122

Bleeping Computer

NOVEMBER 23, 2021

?An advanced hacking group known as 'Tardigrade' is targeting biomanufacturing facilities and research centers working on vaccines and critical medicines. [.].

Malware 126

Malware Hacking Healthcare 126

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

NOVEMBER 23, 2021

Double extortion is one of the most prevalent ransomware tactics today. The attackers first exfiltrate sensitive information from their target before launching the ransomware encryption routine. The threat actor then demands a ransom payment in order to regain access to the encrypted assets along with an additional threat to publicly expose or otherwise release the data if the ransom demand is not met promptly.

Ransomware 120

Ransomware Encryption Antivirus Backups 120

Security Affairs

NOVEMBER 23, 2021

Researchers spotted dozens of games on Huawei’s AppGallery catalog containing the Android.Cynos.7.origin trojan. Researchers from Dr. Web AV discovered 190 games on Huawei’s AppGallery catalog (i.e. simulators, platformers, arcades, strategies, and shooters) that were containing the Android.Cynos.7.origin trojan. They estimated that the malicious apps were installed on at least 9.300.00 Android devices.

Mobile 119

Mobile Malware Hacking Cybercrime 119

TrustArc

NOVEMBER 23, 2021

With a growing number of disparate privacy regulations worldwide, more companies are turning to privacy management software solutions built for this purpose. Currently, those that have done so have been most effective in managing privacy, as evidenced by their scores on TrustArc’s Global Privacy Index. With capabilities to manage the many elements of privacy required, […].

Software 119

Software 119

SecureList

NOVEMBER 23, 2021

For a second consecutive year, the time for Kaspersky to make its predictions for the healthcare sector comes amid the global COVID-19 pandemic. Unfortunately, the virus still dominates most aspects of our lives, and, of course, the pandemic remained the biggest and most-discussed topic in medicine. Part of our predictions last year were based on the assumption that in 2021, the pandemic will continue for at least a few months and, because this assumption turned out to be accurate, so did many o

Healthcare 118

Healthcare Ransomware Cybercrime Scams 118

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

NOVEMBER 23, 2021

Ten years ago, ransomware attacks were inconvenient. But today, they present an apocalyptic national security threat capable of crippling infrastructure that the population depends on. “No one country, no one group, can solve this problem,” National Security Advisor Jake Sullivan told reporters ahead of the White House’s 30-nation virtual conference on ransomware in October 2021.

Technology 117

Technology Ransomware Government Risk 117

Malwarebytes

NOVEMBER 23, 2021

With the holiday season around the corner, and Black Friday at the end of the week, we thought it was a good time to look at the dangers that come with gift cards. Gift cards can be a an easy win in cases where you don’t know the receiver well enough to decide on a fitting gift, or when their wishes are out of your price range. But there are a few things to consider before you hand over your cash. 1.

Scams 116

Scams Social Engineering Malware Cryptocurrency 116

IT Security Central

NOVEMBER 23, 2021

Few concerns keep business leaders up at night like the threat of a cybersecurity incident. With the average cost of a data breach exceeding $4 million for the first time and public sentiment, regulatory requirements and practical functionality firmly against companies that can’t protect their digital landscape, many leaders are reprioritizing cybersecurity in response to this increasingly […].

Risk 116

Risk Data breaches Cybersecurity Threat Detection 116

Bleeping Computer

NOVEMBER 23, 2021

Apple has filed a lawsuit against Pegasus spyware-maker NSO Group and its parent company for the targeting and spying of Apple users with surveillance tech. [.].

Spyware 120

Spyware Surveillance 120

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.