Schneier on Security

NOVEMBER 15, 2022

Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.

Spyware 269

Spyware Technology Encryption Government 269

Tech Republic Security

NOVEMBER 15, 2022

Windows 10 in S mode is an operating system option that prioritizes security and performance. Learn the pros and cons of Windows 10 in S mode here. The post Windows 10 in S mode: Pros and cons appeared first on TechRepublic.

Software 184

Software 184

Graham Cluley

NOVEMBER 15, 2022

Twitter is in chaos. I'd rather delete my Direct Messages one-by-one than one day find that they are in the hands of a hacker or a disgruntled Twitter employee who goes rogue.

Data breaches 138

Data breaches 138

CyberSecurity Insiders

NOVEMBER 15, 2022

By Kathy Quashie, Chief Growth Officer at Capita . It’s well known that cracks are beginning to show in the workforce of today. Demand for digital skills, permeating each and every industry, is not being met with supply. This digital skills gap is harming UK productivity – and will continue to do so until it is addressed by employers up and down the country.

Cybersecurity 137

Cybersecurity Cyber threats Technology 137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

SecureList

NOVEMBER 15, 2022

Introduction. DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019 , the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, we’ve seen it being used in financial environments where ATMs were breached, in attacks on a nuclear power plant and also in targeted ransomware attacks.

Malware 134

Malware Telecommunications Encryption Manufacturing 134

CyberSecurity Insiders

NOVEMBER 15, 2022

FIFA World Cup 2022 is all set to start in a couple of days and authorities managing the event are busy taking many measures to keep the venues, players, viewers, audiences, fans and broadcasting free from cyber threats of all kinds. All football fans who are visiting Qatar for the sporting event are being urged to download two apps: Ehteraz and Hayya.

Cyber threats 134

Cyber threats Mobile Media Malware 134

Security Boulevard

NOVEMBER 15, 2022

A Hungarian researcher found a nasty Android security bug: Malicious people can unlock your phone. The post Google Pixel Can be Unlocked via SIM Swap (Other Android Phones, Too) appeared first on Security Boulevard.

Social Engineering 128

Social Engineering Security Awareness Engineering Risk 128

CyberSecurity Insiders

NOVEMBER 15, 2022

Google has been assigned paying a $392m penalty as it harvested location tracking details of its users without their consent, respectively. The landmark legal pronouncement came at the end of last week when a team of US attorneys confirmed that the tech giant was keeping a track of moments of its users through ‘ Location History’ even after they explicitly said NO to such practices.

Marketing 127

Marketing Internet Internet Cybersecurity 127

Bleeping Computer

NOVEMBER 15, 2022

North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. [.].

Malware 141

Malware 141

Naked Security

NOVEMBER 15, 2022

Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular cloud development toolkit Backstage. Their report includes an explanation of how the bug works, plus proof-of-concept (PoC) code showing how to exploit it. Backstage is what’s known as a cloud developer portal – a sort […].

105

105

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

NOVEMBER 15, 2022

The Chinese espionage APT (advanced persistent threat), tracked as 'Billbug' (aka Thrip, or Lotus Blossom), is currently running a 2022 campaign targeting government agencies and defense organizations in multiple Asian countries. [.].

Government 114

Government 114

Security Affairs

NOVEMBER 15, 2022

Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify’s Backstage (CVSS Score of 9.8). Backstage is Spotify’s open-source platform for building developer portals, it’s used by a several organizations , including American Airlines, Netflix, Splunk, Fidelity Investments and Epic Games.

Authentication 103

Authentication Engineering Risk Software 103

Trend Micro

NOVEMBER 15, 2022

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry's challenges and present Trend Micro's recommendations.

Cybersecurity 97

Cybersecurity IoT Phishing Ransomware 97

Security Boulevard

NOVEMBER 15, 2022

While the majority of enterprise IT security managers rely on threat intelligence to reduce cybersecurity risk, many still lack the necessary skills and resources to carry out these initiatives fully, according to a Vulcan Cyber report on threat intelligence adoption trends and challenges. The survey of 100 information security, vulnerability management, and threat intelligence executives.

Information Security 98

Information Security Risk Cybersecurity CISO 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

NOVEMBER 15, 2022

Older versions of the Spotify Backstage development portal builder are vulnerable to a critical (CVSS score: 9.8) unauthenticated remote code execution flaw allowing attackers to run commands on publicly exposed systems. [.].

97

97

Security Boulevard

NOVEMBER 15, 2022

via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic. Permalink. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 407’ appeared first on Security Boulevard.

98

98

Heimadal Security

NOVEMBER 15, 2022

17 web domains used for recruiting money mules for work-from-home and reshipping scams were seized by the FBI and USPS (US Postal Inspection Service) last week, as a result of an investigation that has been taking place since February 2021. How Did the Scam Happen? The websites advertised positions such as ”quality control inspectors” for […].

Scams 97

Scams Advertising Cybersecurity 97

Security Boulevard

NOVEMBER 15, 2022

Unsupervised learning actually draws inferences from datasets without labels. It is best used if you want to find patterns but don’t know exactly what you’re looking for. The post Unsupervised Machine Learning: Benefits for the Financial Services Industry appeared first on Security Boulevard.

Financial Services 98

Financial Services 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

NOVEMBER 15, 2022

Cybersecurity teams continue to face ongoing challenges in safeguarding their networks. With increased susceptibility to cyberattacks, organizations are taking a more proactive approach to realize “zero trust,” including the U.S. Cyber Defense team. The Pentagon recently announced the planning of a new zero-trust strategy that will be revealed in the next coming days.

Cybersecurity 97

Cybersecurity Architecture Energy and Utilities Encryption 97

Security Boulevard

NOVEMBER 15, 2022

China-Linked Cybercrime Group Attacks Asian Certificate Authority, Breaches Government Agencies. brooke.crothers. Tue, 11/15/2022 - 15:14. 8 views. Billbug is longstanding threat. All the targets of the attacks are in Asia but Symantec wasn’t more specific about the location or identities of the targets. Symantec calls the group responsible Billbug, an Advanced Persistent Threat (APT) group they believe to be active at least since 2009.

Cybercrime 98

Cybercrime Government Software Hacking 98

Digital Guardian

NOVEMBER 15, 2022

Having a vulnerability management program in place - one that identifies and prioritizes fixing bugs in software - is a critical part of every organization's IT team.

Software 98

Software 98

Security Boulevard

NOVEMBER 15, 2022

The cover of Verizon’s Data Breach Investigation Report 2022 depicts an empty, and unguarded, server room, an image eerily similar to the cover of the inaugural edition. This is the stark reality of the state of cybersecurity: despite all the advances in technology over the past 15 years, assets and data remain vulnerable to cyber …. Read More. The post Announcing Cybersecurity Posture Automation for GCP and Multi-Cloud Environments appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Data breaches Technology Network Security 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CSO Magazine

NOVEMBER 15, 2022

In April 2014, Lockheed Martin revolutionized the cyber defense business by publishing a seminal white paper Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. This document sparked a new wave of thinking about digital adversaries, specifically, nation-state advanced persistent threat groups (APTs).

94

94

Security Boulevard

NOVEMBER 15, 2022

Also known as a 'man-in-the-email' attack, a BEC scam is intended to defraud companies, their customers, partners, and employees by duping them into sending money or sensitive information to fake accounts, sites, or users. The post Best Strategies For Stopping Business Email Compromise (BEC) Scams appeared first on Security Boulevard.

Scams 98

Scams Accountability Social Engineering Engineering 98

Bleeping Computer

NOVEMBER 15, 2022

A common threat targeting businesses is MFA fatigue attacks—a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts. This article includes some measures you can implement to prevent these types of attacks. [.].

Risk 93

Risk 93

Security Boulevard

NOVEMBER 15, 2022

Check out the 3 cyber warfare books every API hacker should read to learn about offensive security, past, present, and future. The post 3 Cyber Warfare Books Every API Hacker Should Read Over The Holidays appeared first on Dana Epp's Blog. The post 3 Cyber Warfare Books Every API Hacker Should Read Over The Holidays appeared first on Security Boulevard.

Hacking 98

Hacking 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

NOVEMBER 15, 2022

The scooter-sharing service has confirmed suffering a data breach soon after hackers launched the sale of a database containing the details of 7.2 million customers. Whoosh operates in 40 cities across Russia, with over 75,000 scooters which makes it the leading urban mobility service platform in the country. Upon a Closer Look Last week, threat actors […].

Data breaches 93

Data breaches Mobile Cybersecurity 93

Security Boulevard

NOVEMBER 15, 2022

Within the world of cloud security, zero-trust has become a critical concept organizations need to understand. This approach to security challenges traditional assumptions about trust within networks and instead assumes that every network participant is untrustworthy until proven otherwise. It involves assessing risks as they emerge in your environment and only allowing access after establishing.

Risk 97

Risk Cybersecurity Network Security 97

Security Affairs

NOVEMBER 15, 2022

Researchers disclosed technical details of critical SQLi and access vulnerabilities in the Zendesk Explore Service. Cybersecurity researchers at Varonis disclosed technical details of critical SQLi and access vulnerabilities impacting the Zendesk Explore service. Zendesk Explore allows organizations to view and analyze key information about their customers, and their support resources.

Accountability 93

Accountability Advertising Hacking Cybersecurity 93

Security Boulevard

NOVEMBER 15, 2022

In the third quarter of 2022, the four universal cyberattack drivers were accounted for: war, religion, politics and money. The post This was 3rd Quarter 2022 — A Cybersecurity Look Back appeared first on Radware Blog. The post This was 3rd Quarter 2022 — A Cybersecurity Look Back appeared first on Security Boulevard.

Cybersecurity 95

Cybersecurity Accountability 95

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.