The Last Watchdog

AUGUST 4, 2021

A cornucopia of cybersecurity solutions went on public display today as Black Hat USA 2021 convened once more as a live event in Las Vegas. Related: Kaseya hack raises more supply chain worries. For small- and mid-sized businesses (SMBs) cutting through the marketing hype can be daunting. That said, there is one venerable technology – web application firewalls ( WAFs) – that is emerging as a perfect fit for SMBs in today’s environment, as all companies shift to a deeper reliance on cloud service

Mobile 214

Mobile Marketing Digital transformation Risk 214

Tech Republic Security

AUGUST 4, 2021

Companies are pulling out all of the stops to attract top talent in a tight labor market. These tips could help companies attract and retain cybersecurity pros in the months ahead.

Cybersecurity 205

Cybersecurity Marketing 205

Adam Shostack

AUGUST 4, 2021

There’s a really interesting article in MIT Tech Review, Hundreds of AI tools have been built to catch covid. None of them helped. Oops, I think I gave away the ending. But there’s a lot of fascinating details: Many unwittingly used a data set that contained chest scans of children who did not have covid as their examples of what non-covid cases looked like.

Risk 162

Risk 162

Tech Republic Security

AUGUST 4, 2021

Companies in the U.S. were targeted more than those in any other country, according to Accenture's Cyber Incident Response Update.

218

218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

AUGUST 4, 2021

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. [.].

Ransomware 145

Ransomware Encryption 145

Malwarebytes

AUGUST 4, 2021

By releasing an information sheet that provides guidance on securing wireless devices while in public (pdf) —for National Security System, Department of Defense, and Defense Industrial Base teleworkers—the NSA has provided useful information on malicious techniques used by cyber actors, and ways to protect against them. And anyone that does not belong to that group of teleworkers can still take advantage of the knowledge it has shared!

Wireless 143

Wireless Encryption VPN Computers and Electronics 143

CSO Magazine

AUGUST 4, 2021

Recently I spoke with Ryan Chapman of the SANS Institute, author of the upcoming SANS course FOR528: Ransomware for Incident Responders, on how to better prepare for ransomware. That preparation comes in two forms: planning how you would respond to a successful ransomware attack and overcoming barriers to hardening your network against them. [ Learn how to harden Windows 10 for maximum security. | Get the latest from CSO by signing up for our newsletters.

Ransomware 143

Ransomware CSO 143

Bleeping Computer

AUGUST 4, 2021

Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices. [.].

VPN 144

VPN Small Business 144

CSO Magazine

AUGUST 4, 2021

Physical security definition. Physical security is the protection of people, property, and physical assets from actions and events that could cause damage or loss. Though often overlooked in favor of cybersecurity, physical security is equally important. And, indeed, it has grown into a $30 billion industry. All the firewalls in the world can’t help you if an attacker removes your storage media from the storage room. [ Learn what you need to know about defending critical infrastructure. | Get th

Artificial Intelligence 143

Artificial Intelligence CSO IoT Firewall 143

CyberSecurity Insiders

AUGUST 4, 2021

A file encrypting malware attack has reportedly disrupted the servers of over six schools operating in the Isle of Wight, thus delaying the much awaited opening of the autumn term. As per the sources reporting to Cybersecurity Insiders, the attack took place on the computer network of Island Education Federation, locking down access to important documents that might take weeks or months to be restored.

Education 140

Education Ransomware Cybersecurity Encryption 140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

AUGUST 4, 2021

Italian energy company ERG reports "only a few minor disruptions" affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems. [.].

Ransomware 136

Ransomware Technology 136

Security Affairs

AUGUST 4, 2021

The American venture capital firm Advanced Technology Ventures (ATV) disclosed a ransomware attack, crooks also stole data of some private investors. Advanced Technology Ventures (ATV) is an American venture capital firm with more than $1.8 billion in capital under management. The venture capital firm this week disclosed a ransomware attack, threat actors have also stolen the personal information of some of its private investors.

Data breaches 139

Data breaches Technology Ransomware Encryption 139

CSO Magazine

AUGUST 4, 2021

There is considerable interest in going passwordless and adopting biometric authentication for application access. According to a recent survey by Cisco: 52% of IT decision makers are actively considering passwordless solutions. 79% plan to implement such a solution within the next two years. However, it’s not a straightforward strategy. IT decision makers expressed concerns around the security of passwordless methods, especially in comparison with multifactor authentication (MFA).

Authentication 136

Authentication Accountability 136

Bleeping Computer

AUGUST 4, 2021

Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organization's network." [.].

135

135

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

AUGUST 4, 2021

A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan (RAT) on infected systems, according to new research.

Spyware 135

Spyware 135

CSO Magazine

AUGUST 4, 2021

Reading a list of cybersecurity compliance frameworks is like looking at alphabet soup: NIST CSF, PCI DSS, HIPAA, FISMA, GDPR…the list goes on. It’s easy to be overwhelmed, and not only because of the acronyms. Many frameworks do not tell you where to start or exactly how to become compliant. Cybersecurity best practices from the Center for Internet Security (CIS) provide prioritized and prescriptive guidance for a strong cybersecurity foundation.

Cybersecurity 134

Cybersecurity Internet Internet 134

Security Affairs

AUGUST 4, 2021

China-linked APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia. Researchers from Positive Technologies reported that China-linked APT31 group has been using a new piece of malware in a recent wave of attacks targeting Mongolia, Belarus, Canada, the United States, and Russia. Experts found many similarities between the malware and the DropboxAES RAT that was first spotted by researchers at Secureworks and that was previously

Malware 131

Malware Technology Hacking Information Security 131

CyberSecurity Insiders

AUGUST 4, 2021

A Ransomware Attack on the Silicon Valley based Venture Capital firm is said to have led to the data leak of the company’s private investors and limited partners. And highly placed sources say that the hackers accessed and stole critical financial information and are threatening them to publish details online if they do not receive the demanded ransom.

Ransomware 131

Ransomware Technology Healthcare Encryption 131

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Heimadal Security

AUGUST 4, 2021

Starting with April 2021, BazaCall has been brought to the public’s attention: the malicious campaign uses a malware named BazaLoader or BazarLoader. In short, the methods hackers use to trick victims is through a phishing mail that urges them to call a specific phone number because some subscription will expire and determines them to access […].

Phishing 130

Phishing Malware Cybersecurity 130

Bleeping Computer

AUGUST 4, 2021

High-severity and critical vulnerabilities collectively referred to as INFRA:HALT are affecting all versions of NicheStack below 4.3, a proprietary TCP/IP stack used by at least 200 industrial automation vendors, many in the leading segment of the market. [.].

Marketing 120

Marketing 120

Heimadal Security

AUGUST 4, 2021

Raccoon malware, a commonly-used information stealing virus that’s being sold as a service, has received several upgrades from its creator to add tools in order to extract cryptocurrency from users’ devices. What Is Raccoon Malware? Raccoon (also known as Mohazo or Racealer) is a modern info stealer type malware sold as a Malware as a […].

Cryptocurrency 128

Cryptocurrency Malware Cybersecurity 128

Cisco Security

AUGUST 4, 2021

A Zero Trust Approach. With the increasing threat landscape and recent workplace shifts to support remote users, many companies are deploying a Zero Trust security model to mitigate, detect, and respond to cyber risks across their environment. Zero Trust principles help protect against identity and access-based security risks by requiring all users, whether inside or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and pos

Authentication 121

Authentication Architecture Passwords Cyber Risk 121

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

AUGUST 4, 2021

Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. An attacker could exploit the issues to trigger a denial of service condition or execute commands and arbitrary code on impacted multiple Small Business VPN routers.

VPN 120

VPN Small Business Hacking Internet 120

CSO Magazine

AUGUST 4, 2021

Hybrid IT environments — multiple clouds, edge, on-premises infrastructure, a distributed workforce — are putting the old approach to network security to the extreme test. The traditional centralized approach via MPLS and VPNs is becoming not only expensive, but also challenging to secure against ever-evolving cyber threats. These factors are driving strong enterprise interest in Secure Access Secure Edge (SASE).

CISO 120

CISO Cyber threats Network Security 120

We Live Security

AUGUST 4, 2021

How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year? The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity.

Cybersecurity 118

Cybersecurity 118

Security Boulevard

AUGUST 4, 2021

A report published today by application security testing tool provider GrammaTech in collaboration with Osterman Research suggests just about every software supply chain is rife with vulnerabilities. An analysis of commercial off-the-shelf (COTS) applications found that 100% of them have security vulnerabilities, with 85% of those applications having at least one critical vulnerability.

Software 117

Software Security Awareness Cybersecurity 117

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

AUGUST 4, 2021

IN FRA:HALT is a set of vulnerabilities affecting a popular TCP/IP library commonly OT devices manufactured by more than 200 vendors. Security researchers from security teams at Forescout and JFrog have disclosed today 14 vulnerabilities that impact a popular TCP/IP library named NicheStack commonly used in industrial equipment and Operational Technology (OT) devices manufactured by more than 200 vendors.

DNS 117

DNS Manufacturing Firmware Technology 117

The Hacker News

AUGUST 4, 2021

Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology (OT) devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors.

Manufacturing 114

Manufacturing Technology Cybersecurity 114

Threatpost

AUGUST 4, 2021

Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.

Accountability 121

Accountability 121

The Hacker News

AUGUST 4, 2021

A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years.

Malware 113

Malware Internet Internet Software 113

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.