Schneier on Security

MARCH 2, 2022

TechCrunch is reporting — but not describing in detail — a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isn’t in the apps installed on the victims’ phones, but in the website the stalker goes to view the information the app collects. The article is worth reading, less for the description of the vulnerability and more for the shadowy string of companies behind these stalkerware apps.

Surveillance 214

Surveillance 214

Tech Republic Security

MARCH 2, 2022

Eighty-four percent of organizations were phishing victims last year, 59% of whom were hit with ransomware. Why, then, do less than a quarter of boards think ransomware is a top priority? The post Ransomware infections top list of the most common results of phishing attacks appeared first on TechRepublic.

Phishing 172

Phishing Ransomware 172

Security Boulevard

MARCH 2, 2022

A survey of more than 250 security, application and DevOps executives and professionals published today by Salt Security found 95% of respondents experienced a security incident involving application programming interfaces (APIs) in the last 12 months, with 62% reporting they slowed down the rollout of an application because of API security concerns.

Firewall 134

Firewall Cybersecurity 134

Tech Republic Security

MARCH 2, 2022

Symantec said that the newly-discovered Daxin exhibits a previously unseen level of complexity, and it’s been targeting governments around the world for some time. The post Daxin: A Chinese-linked malware that is dangerous and nearly impossible to detect appeared first on TechRepublic.

Malware 134

Malware Government 134

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

MARCH 2, 2022

Since Russia launched a full-scale military invasion into Ukraine on February 23, a series of cyberattacks have been detected targeting Ukrainian businesses, websites and government agencies amid the ongoing conflict. Meanwhile, organizations in the cybersecurity sector have begun taking action to provide help and support to those directly and subsequently impacted by cyber incidents relating to the Ukraine-Russia crisis.

Threat Detection 134

Threat Detection Surveillance Technology Cybersecurity 134

Tech Republic Security

MARCH 2, 2022

ICS vulnerability disclosures have grown by 110% since 2018, which Claroty said suggests more types of operational technologies are coming online and presenting soft targets. The post Get ready for security in the age of the Extended Internet of Things, says Claroty appeared first on TechRepublic.

Internet 127

Internet Internet Technology Network Security 127

Tech Republic Security

MARCH 2, 2022

The company released its thoughts on the state of edge computing as part of its 2022 Cybersecurity Insights report. The post AT&T details edge computing and the security risks that you should be concerned about appeared first on TechRepublic.

Risk 123

Risk Cybersecurity 123

Security Boulevard

MARCH 2, 2022

Why we need to clarify the ideal and acceptable outcomes If you want to deliver value faster, you need to know more than the problem you’re trying to solve. You also need to know what success looks like. Start by asking people to define and explain the ideal outcome. The ideal outcome is without restriction, […]. The post How to define outcomes to deliver value faster appeared first on Security Boulevard.

130

130

CSO Magazine

MARCH 2, 2022

The Russian invasion of Ukraine has a very visible aspect as we see Ukrainians stand and fight the Russian military might. The geopolitical landscape is changing by the hour, as more governments take action to restrict Russia’s ability to wage war. Two aspects of the conflict have percolated to the top. These are the “information war” and the “war on information.

CISO 126

CISO Government Technology Cybersecurity 126

The Hacker News

MARCH 2, 2022

Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region.

Social Engineering 127

Social Engineering Engineering Phishing 127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

MARCH 2, 2022

Toyota suspended the operation of 28 lines at 14 plants in Japan on Tuesday, March 1, after a cyberattack on supplier Kojima Industries Corp. Some plants operated by Toyota’s affiliates Hino Motors and Daihatsu are included in the shutdown. Hino suspended all operations at its Koga facility, which manufactures large and midsize trucks for export and domestic sale, and its Hamura plant, which makes small trucks and handles production for Toyota.

Manufacturing 124

Manufacturing Government Ransomware Malware 124

Security Boulevard

MARCH 2, 2022

Last November, more than 1 million GoDaddy-managed WordPress customers were part of a breach that could have exposed their email addresses, private SSL keys, and admin passwords. The attacker was apparently able to operate undetected inside their networks for two whole months. The post Secure Your WordPress Website | Avast appeared first on Security Boulevard.

Passwords 123

Passwords 123

CSO Magazine

MARCH 2, 2022

When Colonial Pipeline was hit by ransomware on May 7, 2021, it paid 75 bitcoins to restore its systems. But the money was not entirely lost. The FBI was able to trace it as it jumped from one digital wallet to another. At one point, on May 27, 63.7 of the bitcoins were transferred to an address and stopped moving. The FBI got the private key to unlock that bitcoin wallet and was able to retrieve the funds.

Ransomware 117

Ransomware 117

Malwarebytes

MARCH 2, 2022

Meta says it has detected and removed two disinformation campaigns regarding the current Russia-Ukraine war. These campaigns, it says, were run by groups in Russia and Ukraine to target Ukraine users. In the post , Nathaniel Gleicher, Meta’s head of security policy, and David Agranovich, Meta’s director of threat disruption said: “We took down this operation, blocked their domains from being shared on our platform, and shared information with other tech platforms, researchers a

Government 115

Government Phishing Authentication Internet 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Heimadal Security

MARCH 2, 2022

Once more, the banking trojan dubbed TeaBot was discovered in the Google Play Store, this time disguised as a QR code app that spread to over 10,000 devices. This is a gimmick that the malware operators used in January, and despite Google’s removal of these entries, TeaBot appears to have made it into the official […]. The post TeaBot Trojan Resurfaces into Google Play Store appeared first on Heimdal Security Blog.

Banking 118

Banking Malware Cybersecurity 118

CyberSecurity Insiders

MARCH 2, 2022

A recent online survey conducted for Hartford Steam Boiler Inspection and Insurance Company (HSB) suggests that over 74% of prospective owners of Electric Vehicles(EVs) are in a fear that their vehicles might fall prey to ransomware, state funded campaigns and other variants of cyber attack when connected to public charging stations. Zogby Analytics was the firm that conducted the survey for HSB and came to the above stated conclusion, after taking the opinion of over 1000 respondents working fo

Cyber threats 111

Cyber threats Cyber Attacks Retail Insurance 111

Identity IQ

MARCH 2, 2022

How to Spot Student Loan Scams. IdentityIQ. As Americans have been struggling through the COVID-19 pandemic, one effort to help is student loan forbearance. As you might know, President Biden’s administration decided to pause student loan payments for another three months in early January. As a result, repayments will begin after May 1. However, scammers are looking for ways to trick student loan borrowers once payments resume.

Scams 111

Scams Identity Theft Education Accountability 111

Security Boulevard

MARCH 2, 2022

2021 was a landmark year in the cybersecurity landscape. Organizations faced an uptick in cyberattacks amid the continuation of remote work—and CISOs everywhere were put to the test. If 2021 was any indication, 2022 will be another record-breaking year in the cybersecurity space. In 2022, CISOs will need to remain vigilant and innovative to maintain.

CISO 108

CISO Cybersecurity Cryptocurrency Security Awareness 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MARCH 2, 2022

A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees. [.].

Phishing 103

Phishing Government 103

Security Boulevard

MARCH 2, 2022

The post What is Cloud Security? Why is Cloud Security Mission-Critical? appeared first on PeoplActive. The post What is Cloud Security? Why is Cloud Security Mission-Critical? appeared first on Security Boulevard.

103

103

Heimadal Security

MARCH 2, 2022

A cyberattack impacted Nvidia’s network last week, the popular chipmaker confirmed, threat actors achieving access to confidential and employees’ login information. The extortion group that claimed this cyberattack is dubbed Lapsus$. The hackers began to reveal detail on the incident and its impact. Nvidia declared last week that an investigation regarding an incident with an […].

Data breaches 106

Data breaches Cybersecurity 106

The Hacker News

MARCH 2, 2022

Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory.

DDOS 100

DDOS Firewall 100

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Heimadal Security

MARCH 2, 2022

Following the invasion of Ukraine, a member of the Conti ransomware group believed to be of Ukrainian origin, leaked the gang’s internal communications after the group’s leaders posted an aggressive pro-Russian message on their official website on Friday, in the aftermath of the Russian invasion of the country. Internal records were disclosed via an email […].

Ransomware 104

Ransomware Cybersecurity 104

Bleeping Computer

MARCH 2, 2022

Microsoft reminded enterprise customers this week that App Assure engineers are ready to help resolve any app compatibility issues encountered after upgrading to Windows 11. [.].

Engineering 98

Engineering 98

Security Boulevard

MARCH 2, 2022

With the Russian invasion of Ukraine dominating news headlines, malicious actors are using the issue as an email phishing hook, targeting Microsoft users with warnings of “unusual sign-on activity” from Russia. The phishing campaign, first reported by an anti-malware software developer Malwarebytes, appeared with a subject line and short message supposedly from “The Microsoft account.

Phishing 98

Phishing Malware Accountability Software 98

Bleeping Computer

MARCH 2, 2022

US-based domain name registrar Namecheap announced today that it will provide sites protesting the current regime in Russia and Belarus with free domains and web hosting. [.].

Technology 98

Technology 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

MARCH 2, 2022

I had an ageing TP-Link AC750 (TL-WR902AC) pocket router that I used to carry around on my travels before the pandemic. It is a handy travel mate allowing me to share the hotel Wi-Fi with my laptop, tablet and Chromecast devices. Sadly, the router has its limitations, but OpenWrt gave the AC750 a second life. […]. The post Upgrading the TL-WR902AC Travel Router with OpenWrt appeared first on Rainbow and Unicorn.

Technology 98

Technology 98

CyberSecurity Insiders

MARCH 2, 2022

By Jon Lucas, Director, Hyve Managed Hosting. According to research from Cision, the cloud computing market will have grown a further £344 billion by the final quarter of 2025, taking the market past the £600 million mark. To put that into perspective, it represents a compound annual growth rate (CAGR) of around 17.5%, and it’s the sharpest incline we’ve seen when it comes to the adoption of cloud services.

Marketing 97

Marketing Technology Banking Software 97

Security Boulevard

MARCH 2, 2022

By Sam Alws During my winternship, I applied code analysis tools, such as GHC’s Haskell profiler, to improve the efficiency of the Echidna smart contract fuzzer. As a result, Echidna is now over six times faster! Echidna overview To use Echidna, users provide smart contracts and a list of conditions that should be satisfied no […]. The post Optimizing a smart contract fuzzer appeared first on Security Boulevard.

98

98

Security Affairs

MARCH 2, 2022

The massive operation launched by the Anonymous collective against Russia for its illegitimate invasion continues. The popular collective Anonymous, and its affiliates, relentlessly continue their offensive against Russian targets. In the last few hours, in addition to government sites, the sites of the country’s main banks have been brought to their knees.

Banking 97

Banking DNS Manufacturing Hacking 97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.