Anton on Security

FEBRUARY 8, 2022

This post is a somewhat random exploration of the cloud shared responsibility model relationship to cloud threat detection. Funny enough, some popular shared responsibility model visuals don’t even include detection, response or security operations. Mildly embarrassing, that. Anyhow, let’s start here: a naïve view of shared responsibility model and detection is simply the following: the cloud provider (CSP) is responsible for detecting threats to their backend systems while the customer is respo

Threat Detection 189

Threat Detection Cloud Migration Technology Engineering 189

Krebs on Security

FEBRUARY 8, 2022

Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.

Authentication 179

Authentication Internet Internet System Administration 179

Schneier on Security

FEBRUARY 8, 2022

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt : In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ — and not in a good way. Intelligence collectors are everywhere, and government spy agencies are drowning in data.

Internet 174

Internet Internet Technology Government 174

Tech Republic Security

FEBRUARY 8, 2022

Proofpoint researchers have found that “phish kits” available for purchase online are beginning to adapt to MFA by adding transparent reverse proxies to their list of tools. The post Hackers have begun adapting to wider use of multi-factor authentication appeared first on TechRepublic.

Authentication 156

Authentication Phishing 156

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

FEBRUARY 8, 2022

Microsoft has made it official that it has disabled macros across its office products to block malware cyber attacks. The tech giant announced officially that from now on the macros feature in the Visual Basic for Applications (VBA) running across Word, PowerPoint, Excel, Access and Visio will be in disabled form and will have to be activated on a manual note by the admin or the device owner.

Cyber Attacks 137

Cyber Attacks Malware Identity Theft Cyber Risk 137

Tech Republic Security

FEBRUARY 8, 2022

Remote password changes on company-issued workstations can sometimes yield chaotic results. Follow these best practices to help ensure you keep working. The post 10 best practices for Windows workstation password changes over a VPN appeared first on TechRepublic.

VPN 136

VPN Passwords Network Security 136

Tech Republic Security

FEBRUARY 8, 2022

Stay safe online while simplifying your life with a password manager. Here are some to try at great prices. The post 5 password manager deals you don’t want to miss appeared first on TechRepublic.

Password Management 124

Password Management Passwords Software 124

Heimadal Security

FEBRUARY 8, 2022

Medusa malware was noticed to target multiple geographic regions. Its goal? Financial fraud and online credentials theft. More Details on Medusa Malware A new report from the ThreatFabric researchers came out revealing insights into the latest methods employed by this banking Trojan. Medusa malware, also known as TangleBot, has been leveraged in North America and […].

Phishing 114

Phishing Malware Banking Cybersecurity 114

Tech Republic Security

FEBRUARY 8, 2022

Tom Merritt offers five great options if you’re ready to dump Google Chrome for good. The post Top 5 alternatives to Chrome appeared first on TechRepublic.

Software 126

Software 126

Heimadal Security

FEBRUARY 8, 2022

Workforce management solutions provider Kronos was hit by a ransomware attack back in December 2021 that disrupted many of their cloud-based solutions for weeks. Kronos is a human resources and workforce management company that provides cloud-based solutions for timekeeping, salaries and benefits, analytics, and other tasks. In 2020, Kronos and Ultimate Software merged to form UKG, a […].

Data breaches 111

Data breaches Ransomware Software Cybersecurity 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The State of Security

FEBRUARY 8, 2022

When was the last time you purchased a product that was in a container? If you are a typical consumer, you probably have done so in the last few days. There is an entire industry that focuses on these containers. Consumer Packaged Goods (CPG) is an industry term for merchandise that is used and replaced on a […]… Read More. The post Understanding the Cybersecurity Risks Confronting Consumer Packaged Goods (CPG) Organisations appeared first on The State of Security.

Risk 105

Risk Cybersecurity 105

Heimadal Security

FEBRUARY 8, 2022

DPDgroup is a package delivery business that operates on a global scale. DPD is an abbreviation for Dynamic Parcel Distribution, which comprises trademarks such as DPD, Colissimo, Chronopost, Seur, and BRT, among others. The company is established in France and is primarily involved in the expedited road-based transportation sector. What Happened? Customers are required to […].

Cybersecurity 103

Cybersecurity 103

Bleeping Computer

FEBRUARY 8, 2022

ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems. [.].

Hacking 98

Hacking 98

Security Boulevard

FEBRUARY 8, 2022

Meta, Facebook’s parent, warned investors that it might need to pull out of Europe. Here’s why …. The post Facebook’s Threat to Exit Europe—EU Waves Buh-Bye appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Engineering Risk Mobile 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

FEBRUARY 8, 2022

After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication (2FA), Google announced that an additional 150 million users now have 2FA enabled. [.].

Authentication 98

Authentication Accountability 98

Security Boulevard

FEBRUARY 8, 2022

Earlier today we published our 2022 Insider Risk Report, our fifth consecutive since 2017. The purpose of our reports is simple: Help business leaders, cyber security executives and practitioners, advisory and research organizations, as well as MSSP providers understand the activities, behaviors, and communications among employees, consultants, and partners that create unnecessary risk and threaten … Continued.

Risk 98

Risk 98

Bleeping Computer

FEBRUARY 8, 2022

The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. [.].

Malware 98

Malware 98

Security Boulevard

FEBRUARY 8, 2022

Will the rapidly rising tide of firmware vulnerabilities swamp your cybersecurity teams? Not if you lean into automation. . The post Melting Glaciers, Rising Seas, and Rowboats appeared first on Security Boulevard.

Firmware 98

Firmware Cybersecurity 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

FEBRUARY 8, 2022

Google has released the February 2022 Android security updates, addressing two critical vulnerabilities, one being a remote escalation of privilege that requires no user interaction. [.].

98

98

Security Boulevard

FEBRUARY 8, 2022

A contact form for customer inquiries is one of the most common features present on the websites of most companies. It provides an easy way for prospective customers to get in touch with the company. WordPress’ plugins are available that […]. The post How contact forms can be exploited to conduct large scale phishing activity? appeared first on WeSecureApp :: Simplifying Enterprise Security!

Phishing 98

Phishing 98

Bleeping Computer

FEBRUARY 8, 2022

South Korean researchers have spotted a new wave of activity from the Kimsuky hacking group, involving commodity open-source remote access tools dropped with their custom backdoor, Gold Dragon. [.].

Malware 98

Malware Hacking 98

Security Boulevard

FEBRUARY 8, 2022

An Azure Blob Data Breach Just a few days ago, the British Council experienced a high-magnitude Microsoft Azure blob data […]. The post Azure Blob Data Breach Reveals Student Information appeared first on Sonrai Security. The post Azure Blob Data Breach Reveals Student Information appeared first on Security Boulevard.

Data breaches 98

Data breaches Government 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

FEBRUARY 8, 2022

The new update is now available for Windows 10 21H2, version 21H1, and version 20H2 As per the official release notes, Microsoft has published two main cumulative updates for Windows 10 - KB5010342 and KB5010345. [.].

Software 98

Software 98

Security Boulevard

FEBRUARY 8, 2022

Facebook, Instagram and other social media platforms can help you keep in touch with friends and family, but there may come a time when you just want to take a break. Perhaps you intend to focus more time on wellness and in-person interactions. Maybe you need to lower your stress. Or perhaps you have mounting […]. The post Safer Internet Day 2022: How to Deactivate or Delete Your Facebook and Instagram Accounts appeared first on BlackCloak | Protect Your Digital Life™.

Internet 98

Internet Internet Accountability Media 98

Bleeping Computer

FEBRUARY 8, 2022

Sebastien Vachon-Desjardins, a Canadian man charged by the US for his involvement in NetWalker ransomware attacks, was sentenced to 6 years and 8 months in prison after pleading guilty before an Ontario judge to multiple offenses linked to attacks on 17 Canadian victims. [.].

Ransomware 98

Ransomware 98

Security Boulevard

FEBRUARY 8, 2022

BlackFog recognized with gold and bronze awards in four categories in the 2022 Cybersecurity Excellence Awards. The post BlackFog Scoops 4 Cybersecurity Excellence Awards appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

FEBRUARY 8, 2022

A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time.

Malware 97

Malware Mobile Phishing 97

Security Boulevard

FEBRUARY 8, 2022

Learn what you can do to protect your web applications and web pages from attacks exploiting vulnerable third-party code. The post How to Protect the Supply Chain from Vulnerable Third-party Code appeared first on Feroot. The post How to Protect the Supply Chain from Vulnerable Third-party Code appeared first on Security Boulevard.

98

98

Graham Cluley

FEBRUARY 8, 2022

Last month, as North Korea's supreme leader Kim Jong-un oversaw a series of sabre-rattling hypersonic missile tests, cyber attacks disrupted the country's internet infrastructure. But who was responsible? Read more in my article on the Hot for Security blog.

Internet 97

Internet Internet Cyber Attacks DDOS 97

Security Boulevard

FEBRUARY 8, 2022

Storage is an integral part of every organization’s infrastructure. Cybersecurity is a vital element of every organization’s strategy. Yet somehow the two are rarely connected—and the lack of storage security is a gap that’s putting organizations at risk. When it comes to preventing hackers from getting at their data, most organizations focus their security posture.

Cybersecurity 98

Cybersecurity Risk Backups Security Awareness 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.