Mon.Mar 29, 2021

article thumbnail

GUEST ESSAY: ‘Cybersecurity specialist’ tops list of work-from-home IT jobs that need filling

The Last Watchdog

Even before the COVID-19 pandemic turned many office workers into work-from-home (WFH) experts, the trend toward working without having to commute was clear. Related: Mock attacks help SMBs harden defenses. As internet bandwidth has become more available, with homes having access to gigabit download speeds, a whole new world of career paths has opened for those who want to control their work hours and conditions.

article thumbnail

Linux 101: How to give users sudo privileges on Ubuntu and Red Hat-based Linux distributions

Tech Republic Security

New Linux admins need to know how to give and take sudo privileges from users. Jack Wallen shows you how on both Ubuntu- and Red Hat-based Linux distributions.

187
187
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Steam users: Don’t fall for the “I accidentally reported you” scam

Malwarebytes

Suppose that, out of the blue, a Steam user tells you they’ve accidentally reported you for something you didn’t do, like making an illegal purchase, and that your Steam account is going to be suspended. They ask you to message a Steam admin, whose profile they kindly provide, to help you sort out this dilemma. What do you do? There are some scams on Steam which have stood the test of time.

Scams 145
article thumbnail

Corporate doxing is on the rise: Here's how hackers are doing it and how to stop them

Tech Republic Security

Doxing an individual can be a time-consuming and ultimately fruitless process, but the potential payout for doxing corporate employees can be huge, making them a much more tempting target.

147
147
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

PHP's Git server hacked to add backdoors to PHP source code

Bleeping Computer

In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if they were made by known PHP developers. [.].

Hacking 145
article thumbnail

Remote work and increased cybersecurity threats presented both challenges and opportunities for MSPs

Tech Republic Security

Sixty-five percent of MSPs increased their revenue from delivering cybersecurity services even during the recession brought on by the pandemic, according to Kaseya.

More Trending

article thumbnail

Beware of scams this tax season

Tech Republic Security

Cybercriminals are using phishing emails on tax filers to scam them out of money. Be careful which emails you click on.

Scams 156
article thumbnail

ABCs of UEBA: U is for User

Security Boulevard

If you ask penetration testers what the easiest path into a target is, the chances. The post ABCs of UEBA: U is for User appeared first on Gurucul. The post ABCs of UEBA: U is for User appeared first on Security Boulevard.

137
137
article thumbnail

DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic

CSO Magazine

Being the backbone of the internet, the Domain Name System (DNS) protocol has undergone a series of improvements and enhancements over the past few years. The lack of stringent protections in the original DNS specification and discovery of security weaknesses over time, such as the decade-old Kaminsky bug , gave birth to the Domain Name System Security Extensions (DNSSEC) in 2010.

DNS 135
article thumbnail

Apple rushes to patch zero?day flaw in iOS, iPadOS

We Live Security

The bug is under active exploitation by unknown attackers and affects a wide range of devices, including iPhones, iPads and Apple Watches. The post Apple rushes to patch zero‑day flaw in iOS, iPadOS appeared first on WeLiveSecurity.

135
135
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Weak passwords are dangerous to your organization

Tech Republic Security

People are still using "Password" and "123456" to secure their accounts, NordPass says. Ensure strong security for your business.

Passwords 145
article thumbnail

Ziggy ransomware admin announced it will refund victims who paid the ransom

Security Affairs

Administrator of Ziggy ransomware recently announced the end of the operation, and now is promising that its victims will have back their money. In an unusual move, the administrator of Ziggy ransomware after the announcement of the end of the operation now is promising that they will give back their money. Ziggy ransomware ceased the operation in early February, when announced the decision “to publish all decryption keys.”.

article thumbnail

Top 20 Most Common Hacker Behaviors

Security Boulevard

The top MITRE ATT&CK™ behaviors to monitor for on your endpoints and servers When the OWASP Top 20 Vulnerabilities was first published it revolutionized our industry’s approach to vulnerability management. Instead of playing wack-a-mole with thousands of individual vulnerabilities every time a new one was discovered, we approached vulnerability management by primarily addressing these Top….

article thumbnail

Anton’s Security Blog Quarterly Q1 2021

Anton on Security

Sometimes great old blog posts are hard to find (especially on Medium …), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is my second. The posts below are ranked by lifetime views and topic. It covers both Anton on Security and my posts from Google Cloud blog [and now our Cloud Security Podcast too!] Top 3 most popular posts of all times (same posts as last time , all happen to be on security operations): “Security Correlation Then and Now: A Sad

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

3 Foundations of a Data Security Strategy

Security Boulevard

Data is one of the most important assets your organization has, and protecting it is no longer optional. Cyberattacks can come in multiple forms, including outsider attacks such as phishing or malware, as well as insider threats via social engineering attacks, unauthorized file sharing or physical theft of company devices. A robust data security strategy.

article thumbnail

Ziggy Ransomware Operators Refund Victims Who Paid Ransom

Hot for Security

More than a month after shutting down operations, Ziggy ransomware administrators have announced they will refund their victims. The news follows the threat actor’s earlier statement that it will publish all decryption keys in early February. “Hi. I am the Ziggy ransomware administrator. We decided to publish all decryption keys. We are very sad about what we did.

article thumbnail

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Webroot

Last year’s SolarWinds attack and its aftermath have provided numerous lessons concerning the dangers of IT supply chain attacks. Not all apply to every small and medium-sized business—most are unlikely to be targeted by highly trained state-backed hackers with virtually limitless funding—but some will be. We learned, for instance, that even IT pros could use a refresher on basic password hygiene through security awareness training.

DNS 113
article thumbnail

Email Verifiers and Data Breaches. What You Need to Know.

Hot for Security

Have you ever wondered why your email address and other information appeared in a data breach impacting a platform you never signed up for? You probably don’t recall creating an account on the Verifications.io platform or River City Media. That’s because you didn’t. It’s time you find out everything about your invisible connection to email verifiers.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Docker Hub images downloaded 20M times come with cryptominers

Bleeping Computer

Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years. [.].

127
127
article thumbnail

Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code

Security Affairs

Threat actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. Unknown attackers hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. On March 28, the attackers pushed two commits to the “php-src” repository hosted on the git.php.net server, they used the accounts of Rasmus Lerdorf, the PHP’s author, and Je

Hacking 112
article thumbnail

PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code

The Hacker News

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src" repository hosted on the git.php.

Hacking 112
article thumbnail

Ransomware Cyber Attack news headlines trending on Google

CyberSecurity Insiders

Honeywell, a firm that specializes in serving aerospace, energy and security with related equipment is in news for malware disruption and recovery. A spokesperson released a press statement yesterday and confirmed that the attack was a ransomware variant and the incident was contained finally with an in-house disaster recovery procedure. A vulnerability on the Microsoft email exchange server is said to have led to the ransomware attack.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Have You Backed Up Your Data Lately? Don’t Be an April’s Fool — Back Up Your Data on World Backup Day

Hot for Security

As individuals become more digitally active than ever due to lockdown restrictions, the probability of data loss has increased. March 31 is World Backup Day , the day every netizen is reminded of the importance of backing up data. Why should you consider backing up data? The main purpose of a backup is to help you quickly recover files in case of device compromise, data loss or theft.

Backups 105
article thumbnail

Exchange Server Post-Compromise Attack Activity Shared by Microsoft

Heimadal Security

In the context of ongoing Exchange Server attacks, Microsoft has shared information detailing post-compromise activity which has infected vulnerable targets with ransomware and a botnet. When Microsoft released a fix for Exchange Server zero-days on March 2nd, organizations around the world were urged to patch their systems as soon as possible. While the Microsoft Security […].

article thumbnail

Time suck: Security awareness pros are getting sidetracked from core functions

SC Magazine

“Awareness programs are great for a number of reasons, but they do not take priority over the daily fire drills that most security teams face,” said Brian Johnson, chief security officer at Armorblox. Distractions and diversions are all too frequently stealing time away from security awareness professionals, forcing them to tend to non-critical tasks while setting aside their core responsibilities of developing a strong internal infosec culture.

article thumbnail

Sierra Wireless Restarts Production After Being Hit by a Ransomware Attack

Heimadal Security

As announced on March 23th and updated on March 26th, Canada-based IoT company Sierra Wireless became a victim of a ransomware attack on its internal IT systems and corporate website, and temporarily closed down production at its manufacturing sites. Sierra Wireless is the leading IoT solutions provider that combines devices, network services, and software to […].

Wireless 102
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems

The Hacker News

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.

article thumbnail

China-linked RedEcho APT took down part of its C2 domains

Security Affairs

China-linked APT group RedEcho has taken down its attack infrastructure after it was exposed at the end of February by security researchers. China-linked APT group RedEcho has taken down its attack infrastructure after security experts have exposed it. At the end of February, experts at Recorded Future have uncovered a suspected Chinese APT actor targeting critical infrastructure operators in India.

Hacking 103
article thumbnail

Windows 10 KB5000842 cumulative update fixes freezing issues

Bleeping Computer

Microsoft has released the KB5000842 non-security preview update for all editions of Windows 10, version 20H2, and Windows 10, version 2004, with fixes for system freezing and activation issues. [.].

104
104
article thumbnail

Manufacturing Firms Learn Cybersecurity the Hard Way

Dark Reading

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.