Tue.Jun 07, 2022

article thumbnail

KrebsOnSecurity in New Netflix Series on Cybercrime

Krebs on Security

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of “ swatting ” — wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

article thumbnail

GUEST ESSAY – The role of automation in keeping software from malicious, unintended usage

The Last Watchdog

Writing a code can be compared to writing a letter. Related: Political apps promote division. When we write a letter, we write it in the language we speak — and the one that the recipient understands. When writing a code, the developer does it in a language that the computer understands, that is, a programing language. With this language, the developer describes a program scenario that determines what the program is required to do, and under what circumstances.

Software 218
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Humans and identity are constants in the ever-changing world of cybersecurity

Tech Republic Security

Businesses now compete as ecosystems and the veracity of information must be protected, officials tell the audience at the RSA Conference Monday. The post Humans and identity are constants in the ever-changing world of cybersecurity appeared first on TechRepublic.

article thumbnail

Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day

Security Boulevard

While malicious email attachments are nothing new, there’s reason to be particularly cautious when it comes to the new zero-day vulnerability, dubbed Follina, found in Microsoft Word, for which the tech giant almost immediately issued a workaround. The reason this vulnerability is so serious is that all a user needs to do is open the. The post Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day appeared first on Security Boulevard.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

A third of organizations hit by ransomware were forced to close temporarily or permanently

Tech Republic Security

A recent survey reveals many organizations close either temporarily or permanently after a ransomware attack. Learn more about how you can protect your business ransomware attacks. The post A third of organizations hit by ransomware were forced to close temporarily or permanently appeared first on TechRepublic.

article thumbnail

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

More Trending

article thumbnail

Online gun shops in the US hacked to steal credit cards

Bleeping Computer

Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites. [.].

article thumbnail

Humans still weakest link in cybersecurity

Tech Republic Security

When it comes to securing their organizations, CISOs need to focus on the human in the loop. The post Humans still weakest link in cybersecurity appeared first on TechRepublic.

article thumbnail

6 top vulnerability management tools and how they help prioritize threats

CSO Magazine

Not only has vulnerability management changed considerably over the years, but so have the systems on which enterprise security teams must identify and patch. Today there are systems on-premises, IoT devices, public and private clouds, and substantially more custom applications. No more do vulnerability management systems just focus on networks and private hosted applications.

IoT 137
article thumbnail

How to install Maltrail for malicious traffic detection on your network

Tech Republic Security

Malicious traffic might be running rampant on your network. Jack Wallen shows you how to deploy a simple monitoring system to keep tabs on this traffic. The post How to install Maltrail for malicious traffic detection on your network appeared first on TechRepublic.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

GitHub adds supply chain security tools for Rust language

InfoWorld on Security

Aiming to help Rust developers discover and prevent security vulnerabilities, GitHub has made its suite of supply chain security features available for the fast-growing Rust language. These features include the GitHub Advisory Database, which already has more than 400 Rust security advisories, as well Dependabot alerts and updates, and dependency graph support, providing alerts on vulnerable dependencies in Rust’s Cargo package files.

134
134
article thumbnail

How the Colonial Pipeline attack has changed cybersecurity

CSO Magazine

It's been just over a year since the American public got a taste of what a cyberattack could do to their way of life. A ransomware sortie on Colonial Pipeline forced its owners to shut down operations and leave half the country's East Coast in a lurch for refined oil. Since that time, efforts have aimed at making the nation's critical infrastructure more resilient and to counter the scourge of ransomware.

article thumbnail

NVIDIA offers Medical Computing Platform with Artificial Intelligence

CyberSecurity Insiders

NVIDIA has made it official that it is offering an AI computing medical platform that will help medical device hardware process information swiftly. Like image processing, genomics, and the development and deployment of smart sensors. NVIDIA Clara Holoscan MGX platform is the name and it will from now on provide medical grade reference architecture and long-term support to all AI powered medical devices.

article thumbnail

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Security Affairs

Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. The researchers also noticed that the group shares numerous overlaps with the cybercrime gang Evil Corp.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Harnessing AI to Proactively Thwart Threats

Dark Reading

By using artificial intelligence to predict how an attacker would carry out their attack, we can deploy defenses and preemptively shut down vulnerable entry points.

article thumbnail

Hacking Scenarios: How Hackers Choose Their Victims

The Hacker News

Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year. May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January.

Hacking 127
article thumbnail

IBM to Acquire Randori to Provide More Cybersecurity Visibility

Security Boulevard

At the RSAC 2022 event this week, IBM revealed that it plans to acquire Randori, a provider of an attack surface asset analysis tool. Chris Meenan, vice president of product management for IBM Security, said Randori employs graph software to visually identify the relationships it discovers using the same tactics and techniques a cyberattacker would.

article thumbnail

U.S. cybersecurity congressional outlook for the rest of 2022

CSO Magazine

As the 117 th Congress moves into summer, typically the time for legislative doldrums, it's helpful to look back at recently enacted cybersecurity-related legislation and peer ahead to see what bills could become law before the end of the year. Since the beginning of the current Congress on January 3, 2021, at least 498 pieces of legislation have been introduced that deal in whole or part with cybersecurity.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Cybersecurity awareness training: What is it and what works best?

We Live Security

Give employees the knowledge needed to spot the warning signs of a cyberattack and to understand when they may be putting sensitive data at risk. The post Cybersecurity awareness training: What is it and what works best? appeared first on WeLiveSecurity.

article thumbnail

Zero-day flaw in Atlassian Confluence exploited in the wild since May

CSO Magazine

Software firm Atlassian released emergency patches for its popular Confluence Server and Data Center products after reports came to light late last week that attackers were exploiting an unpatched vulnerability in the wild. According to data from Cloudflare's web application firewall (WAF) service, the attacks started almost two weeks ago. The vulnerability, now tracked as CVE-2022-26134 , is rated critical and allows unauthenticated attackers to gain remote code execution (RCE) on servers hosti

Firewall 120
article thumbnail

Qbot malware now uses Windows MSDT zero-day in phishing attacks

Bleeping Computer

A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. [.].

Phishing 121
article thumbnail

Multilevel Extortion: DeadBolt Ransomware Targets Internet-Facing NAS Devices

Dark Reading

The innovative ransomware targets NAS devices, has a multitiered payment and extortion scheme as well as a flexible configuration, and takes a heavily automated approach.

Internet 116
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Virtru launches open-source project OpenTDF

CSO Magazine

Data protection provider Virtru is expanding its portfolio of encryption and privacy applications with the launch of its OpenTDF project , an open-source initiative to enable a universal standard for data control. By leveraging OpenTDF, developers can encrypt and protect sensitive data, and incorporate zero trust data control into their applications.

IoT 112
article thumbnail

Linux version of Black Basta ransomware targets VMware ESXi servers

Bleeping Computer

Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. [.].

article thumbnail

An Emerging Threat: Attacking 5G Via Network Slices

Dark Reading

A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans.

125
125
article thumbnail

Shields Health Care Group data breach affects 2 million patients

Bleeping Computer

Shields Health Care Group (Shields) suffered a data breach that exposed the data of approximately 2,000,000 people in the United States after hackers breached their network and stole data. [.].

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Boosting your XDR Potential with Device Insights and Kenna Integrations

Cisco Security

It’s a busy month for cybersecurity, with the return of in-person RSAC in San Francisco, followed by Cisco Live in very lively Las Vegas! With so much happening, and so many announcements from every security vendor out there, it can be hard to keep track of everything going on. Let us help give you the highlights from a Cisco SecureX perspective! We have been busy this past year, with our acquisition of Kenna Security and our recent innovations around device insights – all helping to expand and

article thumbnail

US: Chinese govt hackers breached telcos to snoop on network traffic

Bleeping Computer

Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. [.].

article thumbnail

‘SSL for SEO’ the 2022 Google Ranking Mantra

Security Boulevard

Is your website ranking on Google SERPs? To rank better, you need to do a lot of SEO. Lots, we mean it. But, what if you could increase your SEO rankings with a simple trick? Not only this but also increase your website’s security? (which Google loves) Yes, it’s possible with an SSL Certificate! Don’t […]. The post ‘SSL for SEO’ the 2022 Google Ranking Mantra appeared first on https.in Blog.

111
111
article thumbnail

QBot Now Attacks Using Black Basta Ransomware

Heimadal Security

QBot is a banking virus active since 2007 that steals user data and banking credentials. The malware contains novel distribution methods, C2 tactics, and anti-analysis characteristics. Some campaigns distribute Qbot directly, but it’s also a supplementary payload for Emotet. QBot (QuakBot) is a Windows malware that steals bank credentials, and Windows domain credentials, and delivers further […].

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.