Schneier on Security
MARCH 9, 2021
How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 20132017, which indicates a lack of recent software updates,” the reported stated. 26%!?
Krebs on Security
MARCH 9, 2021
On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft’s “critical” rating, meaning they can be exploited by malware or miscreants with little or no help from users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 9, 2021
The SolarWinds incident was a wake-up call for most of the security professionals surveyed by DomainTools.
Hot for Security
MARCH 9, 2021
What’s going on? In case you’ve missed the news – hundreds of thousands of Microsoft Exchange Server systems worldwide are thought to have been compromised by hackers, who exploited zero-day vulnerabilities to steal emails. Victims have included the European Banking Authority. The attacks began seemingly specifically targeting organisations, but has now broadened and escalated dramatically.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 9, 2021
WhatsApp, Messenger and Telegram are just a few messaging app options to consider. Tom Merritt lists five things you need to know about messaging apps.
The Hacker News
MARCH 9, 2021
A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Digital Shadows
MARCH 9, 2021
Note: This blog is a part of our MITRE ATT&CK Mapping series in which we map the latest major threat. The post Mapping MITRE ATT&CK to the DPRK Financial Crime Indictment first appeared on Digital Shadows.
Bleeping Computer
MARCH 9, 2021
Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party. [.].
CyberSecurity Insiders
MARCH 9, 2021
We all know that Apple offers devices that are extremely reliable when it comes to the function of keeping the user data safe from snooping eyes and governments. But on contrary to what is being assumed, a French startup has sued Apple Inc for sharing user data with its affiliate companies with no permission or knowledge of its respective consumers.
Bleeping Computer
MARCH 9, 2021
Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Google Security
MARCH 9, 2021
Posted by Kim Lewandowski & Dan Lorenc, Google Open Source Security Team One of the fundamental security issues with open source is that it’s difficult to know where the software comes from or how it was built, making it susceptible to supply chain attacks. A few recent examples of this include dependency confusion attack and malicious RubyGems package to steal cryptocurrency.
Bleeping Computer
MARCH 9, 2021
Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today. [.].
Security Boulevard
MARCH 9, 2021
Countless organizations using Microsoft Exchange are scrambling to undo the damage caused by hackers. And it’s all Microsoft’s fault. The post Huge Fallout from Microsoft Incompetence: Let’s Exchange Exchange appeared first on Security Boulevard.
Bleeping Computer
MARCH 9, 2021
An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
MARCH 9, 2021
Zero-trust network access, or ZTNA, is a technology that has come into sharper focus thanks to the COVID-19 pandemic. ZTNA has proved critical for securing remote workers that were forced out of the office due to quarantines and the other realities presented by COVID-19 worldwide. However, there are still a lot of misconceptions about what. The post What Most Enterprises Get Wrong About ZTNA appeared first on Security Boulevard.
Bleeping Computer
MARCH 9, 2021
Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. [.].
Security Affairs
MARCH 9, 2021
Microsoft released ProxyLogon security updates for Microsoft Exchange servers running vulnerable unsupported Cumulative Update versions. On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild.
Bleeping Computer
MARCH 9, 2021
The most well-known and popular blogging platform, WordPress, is considering dropping support for Internet Explorer 11 as the browser's usage dips below 1%. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
MARCH 9, 2021
In 2019, when Malwarebytes helped found the Coalition Against Stalkerware , which brings together cybersecurity vendors and nonprofits to detect and raise awareness about stalkerware , we encountered a significant roadblock in our fight: For some users, the very detection of these potentially privacy-invasive tools could put their lives at greater risk.
Hot for Security
MARCH 9, 2021
Cybercriminals are targeting Coinbase platform users with phishing campaings in an attempt to steal their account credentials and drain their cryptocurrency wallets, Bitdefender Antispam Lab has learned. According to our latest telemetry, the phishing campaign was noticed since mid-February, targeting over 25,000 users. Sixty-nine percent of the fraudulent correspondence originated from India, 13.73 percent from Brazil and 2.33 percent from Japan.
CSO Magazine
MARCH 9, 2021
Administrators who run on-premises Microsoft Exchange Server woke up on March 2 to a rude awakening: Some of them now have incidents to investigate. Starting on February 28 and possibly earlier, Exchange Servers were targeted in a widespread attack that relied on leveraging a zero-day server-side request forgery (SSRF) vulnerability. Microsoft has attributed the attack to Hafnium, a Chinese APT group.
We Live Security
MARCH 9, 2021
While chats are end-to-end encrypted, their backups are not – this may change soon. The post WhatsApp may soon roll out encrypted chat backups appeared first on WeLiveSecurity.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Webroot
MARCH 9, 2021
One of the reasons why there’s so much cybercrime is because there are so many ways for cybercriminals to exploit vulnerabilities and circumvent even the best defenses. You may be surprised to find that one of the biggest vulnerabilities is users. Many successful attacks could actually be prevented if users just knew what to look for. In that spirit, we put together this blog post to explain the different hacker types and methods they use against us.
Malwarebytes
MARCH 9, 2021
Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update quickly and others would dally until it bubbled up to the top of their to-do list.
Bleeping Computer
MARCH 9, 2021
The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. [.].
CSO Magazine
MARCH 9, 2021
The Linux Foundation has launched a free service that software developers can use to digitally sign their releases and other software artifacts. The project aims to strengthen the security and auditability of the open-source software supply chain, which has faced an unprecedented number of attacks in recent years. [ Learn how to track and secure open source in your enterprise. | Get the latest from CSO by signing up for our newsletters. ].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MARCH 9, 2021
Azure LoLBins can be used by attackers to bypass network defenses, deploy cryptominers, elevate privileges, and disable real-time protection on a targeted device. [.].
Security Affairs
MARCH 9, 2021
A ransomware attack hit the Oloron-Sainte-Marie hospital in southwest France, it is the third such attack in the last month. A ransomware attack paralyzed the systems at the Oloron-Sainte-Marie hospital in southwest France. The incident took place on Monday, the ransomware gang is demanding the payment of a ransom of $50,000 worth of Bitcoin. The infection was first discovered by Rémi Rivière, an engineer in charge of all the installations, on March 8 afternoon.
Bleeping Computer
MARCH 9, 2021
A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency. [.].
The Hacker News
MARCH 9, 2021
Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
332 
Let's personalize your content