Schneier on Security

JUNE 2, 2022

Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device. The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject

Passwords 244

Passwords Software Malware 244

The Last Watchdog

JUNE 2, 2022

Third-Party Risk Management ( TPRM ) has been around since the mid-1990s – and has become something of an auditing nightmare. Related: A call to share risk assessments. Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk.

Cyber Risk 248

Cyber Risk Risk Digital transformation Insurance 248

Tech Republic Security

JUNE 2, 2022

The vulnerability was discovered by Check Point Research. UNISOC processes 11% of the world's smartphones. The post Critical flaw found inside the UNISOC smartphone chip appeared first on TechRepublic.

Mobile 152

Mobile 152

The Last Watchdog

JUNE 2, 2022

Companies have come to depend on Software as a Service – SaaS — like never before. Related: Managed security services catch on. From Office 365 to Zoom to Salesforce.com, cloud-hosted software applications have come to make up the nerve center of daily business activity. Companies now reach for SaaS apps for clerical chores, conferencing, customer relationship management, human resources, salesforce automation, supply chain management, web content creation and much more, even security.

Cloud Migration 201

Cloud Migration CISO Technology Security Awareness 201

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 2, 2022

Get a deal on a top-rated VPN and self-paced IT certification courses that cover ethical hacking, CISSP and more. The post With this VPN and 90+ training courses, take cybersecurity to the next level appeared first on TechRepublic.

VPN 144

VPN Cybersecurity Hacking Network Security 144

CSO Magazine

JUNE 2, 2022

The 32 nd edition of the annual security event RSA Conference (RSAC 2022) kicks off on June 6, allowing a fresh breed of security vendors to showcase their capabilities. Back to being an in-person event after going virtual last year because of the pandemic, RSAC 2022 has booked a formidable mix of security startup debuts, featuring technology and approaches to security that include devsecops , identity and access management (IAM), threat management, and cloud security.

Cybersecurity 135

Cybersecurity Technology 135

Bleeping Computer

JUNE 2, 2022

Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. [.].

127

127

Tech Republic Security

JUNE 2, 2022

When taking steps to ensure your business’s network security, the pfSense firewall solution and Netgear routers are top choices. The post pfSense vs Netgear router: What are the main differences? appeared first on TechRepublic.

Firewall 143

Firewall Network Security 143

CyberSecurity Insiders

JUNE 2, 2022

All those who are using an Android phone running on a UNISOC chipset are being warned that their devices are vulnerable to remote attacks where the cyber crooks can block or intercept communications to manipulate thereafter. UNISOC is one of china’s mobile processor manufacturers and the component is used on millions of smartphones that are sold all over Asia, Africa, and Pakistan.

Manufacturing 125

Manufacturing Mobile Marketing Technology 125

Tech Republic Security

JUNE 2, 2022

Could code signing be the answer to limiting software supply chain attacks? The post Majority of CIOs say their software supply chains are vulnerable, execs demand action appeared first on TechRepublic.

Software 127

Software 127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

JUNE 2, 2022

The malware targets Windows users via Trojanized downloads of cracked or pirated software and then starts in on cryptocurrency mining and clipboard hijacking.

Malware 130

Malware Cryptocurrency Software 130

CyberSecurity Insiders

JUNE 2, 2022

Sometimes because of bad luck or you can call it whatever, we lose our smartphone because of misplacement or when someone steals it. The very first thought that strikes our mind thereafter is what to do next? The first thing to do is to dial it and see if someone picks it up. And if someone does, request them to hand it over to you. This usually happens while taking a cab, in a restaurant, at a theatre, or shopping.

Mobile 122

Mobile Government Cybersecurity 122

eSecurity Planet

JUNE 2, 2022

More than 3.6 million MySQL servers are publicly exposed on the internet, security researchers noted this week. Shadow Server Foundation researchers reported that they simply issued a MySQL connection request on default port 3306 to see if a server responded with a MySQL Server Greeting, rather than intrusive requests that pentesters use to break into databases.

Internet 120

Internet Internet Architecture Data breaches 120

Bleeping Computer

JUNE 2, 2022

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [.].

Firmware 119

Firmware Ransomware Cybercrime Hacking 119

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

We Live Security

JUNE 2, 2022

A view of the T 1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. The post ESET Threat Report T?1 2022 appeared first on WeLiveSecurity.

Threat Reports 116

Threat Reports Threat Detection 116

SecureList

JUNE 2, 2022

Introduction. LuoYu is a lesser-known threat actor that has been active since 2008. It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. In their initial disclosures on this threat actor, TeamT5 identified three malware families: SpyDealer, Demsty and WinDealer.

Malware 115

Malware Encryption Social Engineering Telecommunications 115

Security Boulevard

JUNE 2, 2022

Canadian coffee-and-doughnuts joint, Timmies, has been politely rebuked by The Office of the Privacy Commissioner: Tim’s app kept tabs on your location—even when it wasn’t open. The post Tim Hortons ‘Misled’ Customers on Location Privacy — ‘Poorly Designed’ App Tracked Users 24×7 appeared first on Security Boulevard.

Security Awareness 113

Security Awareness Risk Mobile Government 113

Hacker Combat

JUNE 2, 2022

Malicious hackers claim to have hacked into the network system of the Foxconn Baja factory in Mexico on June 11. using the LockBit 2.0 ransomware to conduct the cyber-attack, the hackers threaten to expose stolen files unless the company pays a ransom. The factory specializes in manufacturing, consumer electronics, medical devices, and industrial operations.

Ransomware 108

Ransomware Manufacturing Antivirus Cyber Risk 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Heimadal Security

JUNE 2, 2022

On Monday, Microsoft’s Security Response Center issued an advisory on CVE-2022-30190, a newly-discovered zero-day vulnerability that may enable threat actors to run arbitrary code with user-type rights. According to the note, the vulnerability is related to the in-app calling of MSDT (Microsoft Support Diagnostic Tool) via an URL protocol. Microsoft is currently working on a […].

108

108

CyberSecurity Insiders

JUNE 2, 2022

We all know that half of the ransomware gangs that are operating in the wild are from Russia or are being financially backed by Kremlin. So, after analyzing the current situation in the cyber landscape, the FBI has concluded that the Putin-led government is all set to the cyber-attack United States pretty soon! It is going to be a destructive attack and will primarily focus on the critical infrastructure like power and water utilities and that too is going to happen soon, says the FBI in a state

Cyber Attacks 106

Cyber Attacks Ransomware Government Cybersecurity 106

Bleeping Computer

JUNE 2, 2022

A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. [.].

Malware 106

Malware Hacking 106

Security Boulevard

JUNE 2, 2022

Corporate IT security teams are often accused of being too reactive in their approach to threat defense. Yet it’s unfortunately all too easy to fall into a vicious cycle of firefighting incident after incident, given the scale and sophistication of modern threats. In the US, 2021 was a record year for reported data breaches , while in the UK, a recent government report revealed that two-fifths of businesses had suffered a cyber-attack over the previous 12 months.

Data breaches 104

Data breaches Cyber Risk Cyber Attacks Internet 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Webroot

JUNE 2, 2022

The cyber threat landscape keeps evolving at lightning-speed. According to the latest 2022 BrightCloud® Threat Report , small to medium-sized businesses (SMBs) are particularly vulnerable to becoming a victim of a ransomware attack. Cybercriminals also are becoming more selective of the organizations they target. Without human security experts and solutions at their disposable, these businesses remain susceptible to attacks.

Threat Detection 101

Threat Detection Cyber Insurance Small Business Insurance 101

Security Boulevard

JUNE 2, 2022

Ransomware attacks increased by yet another 80% between February 2021 and March 2022, based on an analysis of ransomware payloads seen across the Zscaler cloud. Double-extortion attacks, which include data exfiltration in addition to encryption, are rising even faster at 117% year-over-year. The 2022 ThreatLabz State of Ransomware report breaks down a year’s worth of intelligence from a variety of sources, including over 200B daily transactions and 150M daily blocked threats across the Zscaler Z

Ransomware 104

Ransomware Architecture Manufacturing Encryption 104

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. An attack against firmware could give threat actors significant powers, they are hard to detect and could be very destructive, and attackers can use them to achieve long-term strategic goals.

Firmware 101

Firmware Engineering Ransomware Malware 101

CSO Magazine

JUNE 2, 2022

Leaked internal chats from the Conti ransomware gang suggests the group has been researching and developing code to compromise the Intel Management Engine (Intel ME), the out-of-band management functionality built into Intel chipsets. The goal of this technique is to install malicious code deep inside computer firmware where it cannot be blocked by operating systems and third-party endpoint security products.

Firmware 100

Firmware Ransomware Engineering 100

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

JUNE 2, 2022

As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns.

IoT 99

IoT Ransomware Encryption Technology 99

Bleeping Computer

JUNE 2, 2022

Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations. [.].

Hacking 99

Hacking 99

Webroot

JUNE 2, 2022

The popularity of online gaming surged during the COVID-19 pandemic—and so did cyberattacks against gamers. If you’re the parent of a gamer, or if you’re a gamer yourself, it’s important to learn about the risks. Why are cyber threats to gamers on the rise? It might seem strange that cybercriminals are targeting gamers. But there are some good reasons for this trend: The global gaming market is booming—and is expected to reach $219 billion by 2024.

Cyber threats 99

Cyber threats Social Engineering Accountability Malware 99

The Hacker News

JUNE 2, 2022

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being tracked as CVE-2022-26134.

Software 99

Software Cybersecurity 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.