Schneier on Security

AUGUST 15, 2022

Scammers were able to convince YouTube that other peoples’ music was their own. They successfully stole $23 million before they were caught. No one knows how common this scam is, and how much money total is being stolen in this way. Presumably this is not an uncommon fraud. While the size of the heist and the breadth of the scheme may be very unique, it’s certainly a situation that many YouTube content creators have faced before.

Scams 206

Scams 206

The Last Watchdog

AUGUST 15, 2022

The top ransomware gangs have become so relentless that it’s not unusual for two or more of them to attack the same company within a few days – or even a few hours. Related: How ‘IABs’ foster ransomware. And if an enterprise is under an active ransomware attack, or a series of attacks, that’s a pretty good indication several other gangs of hacking specialists came through earlier and paved the way.

Ransomware 195

Ransomware System Administration Cyber Attacks Hacking 195

Tech Republic Security

AUGUST 15, 2022

Doron Hendler, CEO and co-founder of RevealSecurity, explains the right way and the wrong way to detect malicious behavior. The post In security, there is no average behavior appeared first on TechRepublic.

155

155

eSecurity Planet

AUGUST 15, 2022

Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain , according to NCC researchers. The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC researchers have done on compromised CI/CD pipelines.

Software 134

Software Risk Marketing Encryption 134

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 15, 2022

Dropbox Transfers encrypts the files you share to protect them from unwanted access. The post How to use Dropbox Transfer to securely share files with other people appeared first on TechRepublic.

Encryption 147

Encryption Software 147

CyberSecurity Insiders

AUGUST 15, 2022

Julian Assange, founder of WikiLeaks, has asked his lawyers to sue CIA and the ex-director Mike Pompeo for siphoning data from the phones and computers of him and his employees. Assange, who is seeking asylum in London, is facing an extradition case from the government of the United States and was asked to appear before a court in 2019. But he escaped the extradition hearing because of some loopholes in the law.

Data privacy 123

Data privacy Government Cybersecurity 123

Security Boulevard

AUGUST 15, 2022

Politicians convinced the Federal Election Commission (FEC) that Google must give them a free pass through Gmail’s spam filters. The post Gmail Lets Candidates Spam You — FEC FAIL appeared first on Security Boulevard.

Social Engineering 120

Social Engineering Engineering Risk Government 120

CSO Magazine

AUGUST 15, 2022

The short-video platform TikTok has come under fire in recent months. Both lawmakers and citizens in the U.S. have questioned its data collection practices and potential ties to the Chinese state. The concerns have deepened after Buzzfeed published a report saying that data of some American users had been repeatedly accessed from China. TikTok's parent company, Beijing-based ByteDance, denied that it shared information with the Chinese government and announced that it had migrated its U.S. user

Data collection 112

Data collection Risk Government 112

CyberSecurity Insiders

AUGUST 15, 2022

A ransomware named Play hit an entire judiciary system, therefore forcing the officials to shut down the IT systems since August 13th 2022. Argentina Judiciary of Cordoba is a government-based service that was hit by the malware last week, forcing the officials to use pen and paper for submitting official documents and to purview other administrative tasks.

Ransomware 111

Ransomware Encryption Government Malware 111

CSO Magazine

AUGUST 15, 2022

When a cell phone or other mobile device connects to the nearest cell tower, the communication takes place over something called a RAN -- a radio access network. From the cell tower, the signal is then routed to a fiber or wireless backhaul connection to the core network. RANs RANs are proprietary to each equipment manufacturer. Open RAN, on the other hand, allows for interoperability that allows service providers to use non-proprietary subcomponents from a choice of vendors.

Risk 106

Risk Wireless Manufacturing Mobile 106

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

AUGUST 15, 2022

Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars. The post Black Hat – Windows isn’t the only mass casualty platform anymore appeared first on WeLiveSecurity.

Cybersecurity 105

Cybersecurity 105

Bleeping Computer

AUGUST 15, 2022

Users may see a 0x800f0922 error when trying to install security update KB5012170 on the currently supported Windows operating system for consumers and the enterprise-class Server version. [.].

99

99

The Security Ledger

AUGUST 15, 2022

A researcher presented the results of a year-long effort to reverse engineer John Deere hardware to run a version of the DOOM first person shooter. He also discovered a number of security flaws along the way. The post UPDATE DEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, Competition appeared first on The Security Ledger with. Read the whole entry. » Related Stories Feel Good Ukraine Tractor Story Highlights Ag Cyber Risk DEF CON: Security Holes in Deere, Case IH Shine Sp

Cyber Risk 98

Cyber Risk Cyber Attacks Engineering Risk 98

Bleeping Computer

AUGUST 15, 2022

Phishing is constantly evolving to bypass user training and email protections, and as threat actors adopt new tactics with better success ratios, quarterly stats reflect interesting threat trends on multiple fronts. [.].

Phishing 98

Phishing 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Security Ledger

AUGUST 15, 2022

A researcher presented the results of a year-long effort to reverse engineer John Deere hardware to run a version of the DOOM first person shooter. He also discovered a number of security flaws along the way. The post DEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, Competition appeared first on The Security Ledger with Paul F. Read the whole entry. » Related Stories Feel Good Ukraine Tractor Story Highlights Ag Cyber Risk DEF CON: Security Holes in Deere, Case IH Shine Sp

Cyber Risk 98

Cyber Risk Cyber Attacks Engineering Risk 98

Security Boulevard

AUGUST 15, 2022

The top ransomware gangs have become so relentless that it’s not unusual for two or more of them to attack the same company within a few days – or even a few hours. Related: How ‘IABs’ foster ransomware. And if … (more…). The post Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace appeared first on Security Boulevard.

Ransomware 98

Ransomware Security Awareness 98

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time. The latest version of the SOVA Trojan, 5.0, targets over 200 banking and cryptocurrency exchange apps.

Encryption 98

Encryption Malware Banking Ransomware 98

Security Boulevard

AUGUST 15, 2022

While next-gen firewalls (NGFW), extended detection and response (XDR) and other security solutions do a great job of detecting and thwarting cyberattacks, it’s just too common for a sneaky or camouflaged threat to slip through into the network. Heroic efforts by the security team are then required to mitigate the damage and remediate the vulnerabilities.

Cybersecurity 98

Cybersecurity Firewall Security Awareness Malware 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

AUGUST 15, 2022

The digital skills gap, especially in cybersecurity, is not a new phenomenon. This problematic is now exacerbate by the prevalence of burnout, which was presented at Black Hat USA 2022. The post Black Hat USA 2022: Burnout, a significant issue appeared first on WeLiveSecurity.

Cybersecurity 98

Cybersecurity 98

Security Boulevard

AUGUST 15, 2022

Contrast Security today has been included as a select product for Interactive Application Security Testing in the IDC TechBrief, Interactive Application Security Testing , (doc #US49376522, July 2022). According to the IDC Tech Brief, “Contrast Security is a pioneer in the IAST space. Assess is an organically developed IAST solution with a wide collection of supported programming languages and the ability to set up security gates and controls.” .

98

98

The Hacker News

AUGUST 15, 2022

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said.

Accountability 98

Accountability Hacking Encryption 98

Bleeping Computer

AUGUST 15, 2022

A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server. [.].

DDOS 98

DDOS 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

AUGUST 15, 2022

The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out.

Banking 97

Banking Mobile Malware Cybersecurity 97

Bleeping Computer

AUGUST 15, 2022

The Microsoft Threat Intelligence Center (MSTIC) has disrupted a hacking and social engineering operation linked to a Russian threat actor tracked as SEABORGIUM that targets propland organizations in NATO countries. [.].

Social Engineering 97

Social Engineering Engineering Hacking 97

Security Boulevard

AUGUST 15, 2022

Lacework has added time series modeling to the existing anomaly detection capabilities in its Polygraph Data Platform to make it easier for cybersecurity teams to investigate cyberthreats in cloud computing environments. In addition, Lacework has revamped its alerting capabilities to provide more context across associated events, timelines and other details.

Cybersecurity 97

Cybersecurity 97

Security Affairs

AUGUST 15, 2022

Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control another machine remotely. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network.

Internet 95

Internet Internet Risk Cybercrime 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

AUGUST 15, 2022

Few need to be reminded of the fears that the Colonial Pipeline hack caused in May of 2021, in which airlines scrambled to keep their planes fueled for long-haul flights and Americans across the eastern seaboard panic-bought gas in expectation of supply disruptions. The post Black Hat: We Should Have Seen The Colonial Ransomware Attack Coming appeared first on Security Boulevard.

Ransomware 96

Ransomware Hacking 96

SecureList

AUGUST 15, 2022

IT threat evolution in Q2 2022. IT threat evolution in Q2 2022. Non-mobile statistics. IT threat evolution in Q2 2022. Mobile statistics. These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures. According to Kaspersky Security Network, in Q2 2022: 5,520,908 mobile malware, adware and riskware attacks were blocked.

Mobile 95

Mobile Adware Banking Malware 95

Security Boulevard

AUGUST 15, 2022

SaaS risk goes far beyond just the vendor’s risk, and it is now driven by enterprise specific factors that most companies still do not factor into their risk calculations because risk is still assessed as if vendor risk was the most important factor. The post SaaS Security Risk Management Checklist for CISOs appeared first on Security Boulevard.

CISO 95

CISO Risk 95

Bleeping Computer

AUGUST 15, 2022

Monero, the privacy-oriented decentralized cryptocurrency project, underwent a planned hard fork event on Saturday, introducing new features to boost its privacy and security. [.].

Cryptocurrency 90

Cryptocurrency 90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.