Fri.Jul 16, 2021

article thumbnail

The number of false positive security alerts is staggering. Here's what you can do to reduce yours

Tech Republic Security

Nearly half of all cybersecurity alerts are false positives, and 75% of companies spend an equal amount of time, or more, on them than on actual attacks, a Fastly/ESG report reveals.

article thumbnail

Enabling Zero Trust on the Endpoint

Cisco Security

Things are changing in the world of endpoint security. Part of this change has to do with how organizations are digitally transforming themselves to accommodate the abrupt shift to remote work in 2020. In March of that year, for instance, Gartner revealed that 88% of business organizations around the world had encouraged their employees to work from home due to the pandemic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Kaseya ransomware attack should be a wake-up call to all of us, expert says

Tech Republic Security

Thousands of small- and medium-sized businesses were affected, just because they trusted their suppliers. How can companies protect against this sort of breach?

article thumbnail

The 15 biggest data breaches of the 21st century

CSO Magazine

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21 st Century indicates, they have already reached enormous magnitudes. [ Learn the The 5 types of

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Kaseya attack: "Yes, we can do something about this, and we should do something about this"

Tech Republic Security

The Kaseya attack is especially unique because it didn't begin with a password breach, and the companies were following cybersecurity best practices. So, how can we protect against this threat?

Passwords 206
article thumbnail

The Matt Hancock CCTV footage leak – why it’s right for the ICO to investigate

Graham Cluley

The ICO, the UK's data watchdog, has raided two properties while investigating the leak of CCTV footage from inside the Department of Health and Social Care.

LifeWorks

More Trending

article thumbnail

Ransomware threat to SonicWall Customers

CyberSecurity Insiders

SonicWall that offers next generation firewalls and various Cybersecurity solutions has announced that its customers using certain products are at a risk of being cyber attacked with ransomware. Therefore, customers using Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products are being urged to disconnect those devices from internet as they are on the verge of getting cyber attacked and injected with file encrypting malware as its 8.x firmware is going to reach its EOL aka

article thumbnail

Irish hospital sued by cancer patient after ransomware attack

Graham Cluley

A cancer patient is taking legal proceedings against Mercy University Hospital in Cork, Ireland. Not because of negligent treatment, but because some of his personal medical files were published on the dark web after the hospital suffered a ransomware attack earlier this year.

article thumbnail

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile trojan. The Joker malware is a malicious code camouflaged as a system app and allows attackers to perform a broad range of malicious operations, including disable the Google Play Protect service , install malicious apps, generate fake reviews, and sh

Malware 145
article thumbnail

Toddler mobile banking malware surges across Europe

Zero Day

The Android malware is a new and persistent threat to European citizens and banks alike.

Banking 145
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Stalkers: ‘Ugly Truth’ of Facebook Staff Abusing Private Data

Security Boulevard

A new book exposes yet another Facebook failure for the social media firm to say sorry about. But nothing’s going to change. The post Stalkers: ‘Ugly Truth’ of Facebook Staff Abusing Private Data appeared first on Security Boulevard.

Media 143
article thumbnail

Chinese APT LuminousMoth abuses Zoom brand to target gov't agencies

Zero Day

Fake Zoom apps are being spread to conduct cyber surveillance.

article thumbnail

Google patches Chrome zero?day vulnerability exploited in the wild

We Live Security

The newest update fixes a total of eight vulnerabilities affecting the desktop versions of the popular browser. The post Google patches Chrome zero‑day vulnerability exploited in the wild appeared first on WeLiveSecurity.

142
142
article thumbnail

Ransomware is the New-age Atomic Bomb

Security Boulevard

Ransomware can start cyber warfare! This is why. What if you can’t drive to your office because the traffic lights are red everywhere? You were to travel somewhere but you can’t take a train because the train control systems are not working. You can’t even take a flight because the systems of air traffic control […]. The post Ransomware is the New-age Atomic Bomb appeared first on Kratikal Blogs.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Does using a VPN slow down your Internet?

Malwarebytes

A Virtual Private Network (VPN) can stop others from snooping on or tampering with your Internet traffic. It does this by concealing your traffic inside an encrypted tunnel between you and your VPN provider. And because your traffic appears to join the the Internet from your VPN provider’s computer and not your own, a VPN can also conceal your IP address, which disrupts tracking and helps you circumvent geo-blocks.

VPN 140
article thumbnail

Google Chrome 91.0.4472.164 fixes a new zero-day exploited in the wild

Security Affairs

Google Chrome 91.0.4472.164 addresses seven security vulnerabilities, including a high severity zero-day flaw exploited in the wild. Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including a high severity zero-day vulnerability, tracked as CVE-2021-30563, that has been exploited in the wild.

article thumbnail

Microsoft: New Unpatched Bug in Windows Print Spooler           

Threatpost

Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover.

139
139
article thumbnail

Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach

Hacker Combat

World-renowned fashion retailer; Guess confirmed over the course of the past week that some of its clients had their confidential data compromised in a brutal ransomware attack that the fashion giant first noted in February of this year. The company filed a case with the attorney general’s office in the US state of Maine over the course of the last week, where it indicated that it was affected by a ransomware attack in February 2021.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware

The Hacker News

Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally.

Spyware 139
article thumbnail

Want to earn $10 million? Snitch on a cybercrook!

Naked Security

Will going after the big guns help to discourage and disrupt the rest of the cybercrime ecosystem? Have your say.

article thumbnail

Microsoft points the finger at Israeli spyware seller for DevilsTongue attacks

Zero Day

Updates released this week protect against two key zero-day vulnerabilities weaponized by customers.

Spyware 137
article thumbnail

D-Link issues hotfix for hard-coded password router vulnerabilities

Bleeping Computer

D-Link has issued a hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router that can allow attackers to execute arbitrary code on unpatched routers, gain access to sensitive information, or crash the routers after triggering a denial of service state. [.].

Wireless 137
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers

Threatpost

HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs.

article thumbnail

Critical Cloudflare CDN flaw allowed compromise of 12% of all sites

Bleeping Computer

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. [.].

Internet 136
article thumbnail

Vacationing? How to avoid the cybersecurity blues

We Live Security

From securing your devices to avoiding public Wi-Fi hotspots for logging into apps we look at measures you can take to remain safe while this holiday season. The post Vacationing? How to avoid the cybersecurity blues appeared first on WeLiveSecurity.

article thumbnail

BrandPost: ExtraHop Contributes Network Security Expertise to MITRE ATT&CK Framework

CSO Magazine

The MITRE ATT&CK framework has become a valuable tool for security teams to identify gaps in their threat detection capabilities. When ExtraHop added MITRE ATT&CK mapping into our Reveal(x) product interface, our customers were delighted. Many immediately wanted to learn more about how network data is used for threat detection and response. In the latest update, version 9, MITRE has updated ATT&CK to include new attack techniques and offer a greater understanding of the network as a

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cloudflare fixes CDN code execution bug affecting 12.7% of all sites

Bleeping Computer

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. [.].

Internet 133
article thumbnail

Move over XDR, it's time for security observability, prioritization, and validation (SOPV)

CSO Magazine

All the ‘formulas’ used to calculate risk management tend to have 5 components to them: 1) The likelihood of an incident, 2) The impact of an incident, 3) The value of an entity/asset, 4) The vulnerability of an entity/asset, and 4) Threats to that entity/asset. Information about these 5 inputs is used to decide where (and how) organizations approach risk mitigation.

Risk 130
article thumbnail

What is a PCI Audit? And How to Get Your Business Ready

Security Boulevard

Today, payment card fraud is a booming business with no signs of slowing—out of every hundred dollars spent. Read More. The post What is a PCI Audit? And How to Get Your Business Ready appeared first on Hyperproof. The post What is a PCI Audit? And How to Get Your Business Ready appeared first on Security Boulevard.

article thumbnail

The Week in Ransomware - July 16th 2021 - REvil disappears

Bleeping Computer

Ransomware operations have been quieter this week as the White House engages in talks with the Russian government about cracking down on cybercriminals believed to be operating in Russia. [.].

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!