The Last Watchdog

APRIL 19, 2022

While global commerce is an important aspect of the world economy, individuals who hold national security clearances need to be aware that some of the activities they engage in could pose a security risk and may negatively impact their security clearances. Related: Russia takes steps to radicalize U.S. youth. Individuals who possess security clearances are not prohibited from traveling to foreign countries; however, there are certain acts and behaviors that may raise foreign influence and/or for

Risk 210

Risk Government 210

Tech Republic Security

APRIL 19, 2022

Phishing attacks aimed at stealing LinkedIn account credentials surged during the first quarter of 2022, says Check Point Research. The post LinkedIn was the most exploited brand in phishing attacks last quarter appeared first on TechRepublic.

Phishing 149

Phishing Accountability 149

We Live Security

APRIL 19, 2022

ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware. The post When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops appeared first on WeLiveSecurity.

Firmware 145

Firmware Malware 145

Dark Reading

APRIL 19, 2022

Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.

Firmware 145

Firmware Malware 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

APRIL 19, 2022

The threat of litigation is enough to keep any business leader up at night, and the increasing prevalence of data protection, privacy, and cybersecurity legislation and regulation is piling on the pressure for CISOs. According to Norton Rose Fulbright’s latest Annual Litigation Trends Survey of more than 250 general counsel and in-house litigation practitioners, cybersecurity and data protection will be among the top drivers of new legal disputes for the next several years.

CISO 131

CISO Cybersecurity Risk 131

IT Security Guru

APRIL 19, 2022

Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management ( SSPM ) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility and remediation for SaaS security settings is only getting more critical.

Surveillance 131

Surveillance Risk Government Threat Detection 131

Security Boulevard

APRIL 19, 2022

Experts have warned that the Russia-Ukraine conflict poses an unprecedented cyber risk for U.S. organizations as well as State and local governments and municipalities. The post Local U.S. Governments and Municipalities at Risk of Foreign Nation Cyber Attacks appeared first on Security Boulevard.

Cyber Attacks 129

Cyber Attacks Government Risk Cyber Risk 129

Malwarebytes

APRIL 19, 2022

A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. The Lazarus Group.

Social Engineering 122

Social Engineering Cryptocurrency Computers and Electronics Engineering 122

Security Boulevard

APRIL 19, 2022

Without proper identity and access management (IAM) policies in place, organizations run the risk of deploying a wide range of security tools without achieving a comprehensive security stance. This was among the chief findings of a report from Palo Alto’s Unit 42, which revealed that misconfigured IAM is opening the door to malicious actors targeting.

Data breaches 124

Data breaches Risk Security Awareness Cybersecurity 124

CyberSecurity Insiders

APRIL 19, 2022

Reynolds Porter Chamberlain (RPC), an international law firm based in Britain, published some interesting facts on its survey conducted on Financial Frauds that took place last year. And as per the published material, financial data of nearly 42 million Britons was hacked last year. RPC researchers state the figures might vary as the recorded 42m figure might include individual details that were stolen multiple times on a separate note.

Hacking 123

Hacking Banking Authentication Government 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

APRIL 19, 2022

Chinese researchers have achieved yet another security advance: They managed to communicate across a distance of more than 60 miles. The aptly named Prof. Long (pictured) and his team at Tsinghua University published their achievement last week. The post China Conquers Confidential Comms – U.S. Utterly Undone appeared first on Security Boulevard.

Mobile 123

Mobile Cybersecurity Network Security 123

Bleeping Computer

APRIL 19, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler. [.].

Cybersecurity 125

Cybersecurity 125

CyberSecurity Insiders

APRIL 19, 2022

A study conducted by Cybersecurity Firm Mandiant confirms that ransomware actors are increasingly targeting virtualization platforms to extort ransom in large amounts. A report released on this note confirmed that most of the targeted environments are the one operating on Vmware. M-Trends 2022 report not only disclosed what threat actors are doing, but has also offered ways to mitigate risks.

Ransomware 120

Ransomware Cyber Insurance Insurance Cryptocurrency 120

CSO Magazine

APRIL 19, 2022

Endpoint and secure access solutions vendor Absolute Software has released a new offering to enable customers to prepare and accelerate their endpoint recovery in the face of ransomware attacks. The firm said Absolute Ransomware Response features several capabilities and benefits that will help organizations assess their ransomware preparedness and cyber resilience across endpoints.

Software 116

Software Ransomware Cybersecurity 116

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Malwarebytes

APRIL 19, 2022

The invasion of Ukraine has been a money making opportunity for scammers since the moment it began: Fake donation sites, bogus Red Cross portals, phishing pages, the works. These scams can also be found on social media. Faking donations on Twitter. Some users of social media have become very well-known for their tweets inside affected regions. Others who were already well-known have become even more so.

Scams 111

Scams Accountability Media Phishing 111

CSO Magazine

APRIL 19, 2022

While significant progress is being made by global organizations in relation to threat detection and response, adversaries continue to surface, innovate, and adapt to target environments with diverse cyberattacks including new extortion and ransomware tactics, techniques, and procedures (TTPs). The data comes from Mandiant’s M-Trends 2022 report based on investigations of targeted attack activity conducted between October 1, 2020 and December 31, 2021.

Ransomware 115

Ransomware Threat Detection 115

Heimadal Security

APRIL 19, 2022

Citizen Lab researchers have discovered two independent Pegasus malware campaigns, that targeted the prime minister’s office and other official UK government networks as well as the Catalan presidents and members of civil society organizations. What Happened? Citizen Lab’s digital threat experts have identified a new zero-click iMessage attack that may be used to install NSO […].

Spyware 116

Spyware Government Malware Cybersecurity 116

Cisco Security

APRIL 19, 2022

Recently MITRE Engenuity released the results from its fourth round of the ATT&CK Evaluations. This round focused on threat actors Wizard Spider and Sandworm. It’s no surprise that both hacking groups have made their presence felt. For example, between 2019 and 2020, Wizard Spider, a Russian-speaking cybercriminal group, extorted $61 million from ransomware attacks, including notable attacks that included Universal Healthcare System Hospitals, and state government administrative office

Software 111

Software CISO Architecture Healthcare 111

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Heimadal Security

APRIL 19, 2022

CISA, the FBI, and the US Treasury Department have recently issued a warning that firms in the cryptocurrency and blockchain industries are being targeted by the North Korean Lazarus hacking gang. It seems that the threat actors are using trojanized cryptocurrency applications in this wave of cyberattacks. The hackers utilize social engineering to persuade employees […].

Social Engineering 115

Social Engineering Cryptocurrency Engineering Hacking 115

Bleeping Computer

APRIL 19, 2022

Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all such incidents at a global level. [.].

Phishing 111

Phishing Accountability 111

The Hacker News

APRIL 19, 2022

Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices.

Firmware 109

Firmware 109

Tech Republic Security

APRIL 19, 2022

A Techstrong Research study of 531 IT professionals found that teams worry about losing IP to hyperscale cloud providers. The post DevOps teams worry CSPs are becoming competitors appeared first on TechRepublic.

94

94

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

APRIL 19, 2022

Threat analysts have spotted a new variant of the BotenaGo botnet malware, and it's the stealthiest seen so far, running undetected by any anti-virus engine. [.].

Malware 116

Malware Engineering 116

Graham Cluley

APRIL 19, 2022

Online greeting cards business Funky Pigeon was forced to close its doors temporarily last week after a "cybersecurity incident." Visitors to the company's website were still being greeted as recently as Monday with a message saying that it could not accept new orders.

Cybersecurity 106

Cybersecurity Data breaches 106

Bleeping Computer

APRIL 19, 2022

Microsoft recommends a multi-tiered approach for securing your ADFS environment from password attacks. Learn how Specops can fill in the gaps to add further protection against password sprays and other password attacks. [.].

Passwords 102

Passwords 102

Security Affairs

APRIL 19, 2022

QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to secure their NAS devices. Taiwanese vendor QNAP urges customers to disable Universal Plug and Play ( UPnP ) port forwarding on their routers to protect their network-attached storage (NAS) devices from attacks. UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication.

VPN 101

VPN Internet Internet Firewall 101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

APRIL 19, 2022

Columbia University researchers have developed a novel algorithm that can block rogue audio eavesdropping via microphones in smartphones, voice assistants, and IoTs in general. [.].

IoT 98

IoT 98

Security Boulevard

APRIL 19, 2022

In the hustle of day-to-day work, everyone wants to complete their numerous jobs as fast as possible. And most of the business and personal operations are conducted using applications. Vite.js has made its debut in the market for making apps faster, which has gained a lot of popularity and endorsement from industry experts. Vite [.]. The post How to Install Vite.js on your Computer?

Marketing 98

Marketing Software 98

Bleeping Computer

APRIL 19, 2022

Microsoft announced today that the 30-year-old SMBv1 file-sharing protocol is now disabled by default on Windows systems running the latest Windows 11 Home Dev channel builds, the last editions of Windows or Windows Server that still came with SMBv1 enabled. [.].

98

98

Security Boulevard

APRIL 19, 2022

Threat environment On April 17, ISIS’s official spokesperson, Abu Omar al-Muhajir, released his second audio message since assuming his new role. The audio message, which is over 33 minutes long, began with a congratulatory note on the holy month of Ramadan then quickly became bellicose. Given the context in which the newest message was released, […].

98

98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.