Schneier on Security

AUGUST 22, 2022

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […].

Encryption 314

Encryption Firmware Manufacturing Software 314

The Last Watchdog

AUGUST 22, 2022

Short-handed cybersecurity teams face a daunting challenge. Related: ‘ASM’ is cybersecurity’s new centerpiece. In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives. In short, attack surface management has become the main tent pole of cybersecurity.

Artificial Intelligence 223

Artificial Intelligence Cybersecurity Risk Internet 223

Tech Republic Security

AUGUST 22, 2022

RaaS kits are easy to find on the Dark Web, lowering the barrier of entry so that virtually any cybercriminal can launch successful ransomware attacks, says Microsoft. The post How to protect your organization from ransomware-as-a-service attacks appeared first on TechRepublic.

Ransomware 159

Ransomware 159

Javvad Malik

AUGUST 22, 2022

Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a nation state or just little Timmy trying to impress his friends on the Discord channel?

Insurance 145

Insurance Cyber Attacks Social Engineering Cyber Insurance 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Jane Frankland

AUGUST 22, 2022

At The Source, my brand new collaborative and co-creational platform for women in cyber, we’re known for saying, “Be you in the workplace.” But in order to do that, you need to understand and leverage off the power of you. That means getting clear on what you stand for, crafting a message, telling stories, and becoming known. In other words, actively building your personal brand.

CISO 130

CISO Marketing Media Cybersecurity 130

Tech Republic Security

AUGUST 22, 2022

A lot of companies have deployed multi-factor authentication, yet attackers have some ways to bypass it—the most used one being cookie theft. The post Cookie theft threat: When Multi-Factor authentication is not enough appeared first on TechRepublic.

Authentication 148

Authentication Malware Cybersecurity 148

PCI perspectives

AUGUST 22, 2022

Although Viviana Wesley always knew that she wanted a career in computers and technology, when she first started pursuing it, she realized her strengths were not in coding. But, through the guidance of a friend, she was redirected into IT Support and a new world opened for her; a dynamic world where she could use her technical expertise to help people, which is what she truly wanted to do.

Technology 121

Technology 121

CyberSecurity Insiders

AUGUST 22, 2022

USB Pen Drives also called as Removable pen drives are posing as a great cyber threat to IT Infrastructure says research carried out by IBM X-Force and another research carried out by Honeywell Cybersecurity claims that 52% of cyber attacks are targeted at the removable media. In both cases, removable media or USB drives is seen acting as a common threat vector and the issue seems grave as it is posing as a big trouble to industrial control systems.

Cyber threats 118

Cyber threats Media Threat Reports Cyber Attacks 118

Heimadal Security

AUGUST 22, 2022

The need to optimize performance, leverage consistency, and reduce administrative costs has caused a significant percentage of the cybersecurity market to move toward consolidated platforms. Let’s explore what are consolidated platforms in cybersecurity and how they can help businesses have the upper hand in the fight against cybercrime! What Is a Consolidated Platform in Cybersecurity?

Cybersecurity 108

Cybersecurity Cybercrime Marketing 108

eSecurity Planet

AUGUST 22, 2022

Twenty years ago, Saturday Night Live nailed a tendency in IT to be overly absorbed in tech-speak and to do a poor job of educating users. The Nick Burns: Your Company Computer Guy skits showed rude IT guys belittling users as they fixed their “stupid” problems. A recent experience highlighted that security awareness training and most alerts to users about unsafe practices may be making the error of being too general.

Security Awareness 107

Security Awareness Education Social Engineering Malware 107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

AUGUST 22, 2022

A noted ransomware spreading gang has put forward a $10m proposal before the management of a Paris hospital and is interested in freeing up the data from encryption only when they get the demanded ransom. The CHSF Hospital Centre in Corbeil-Essonne’s, Paris, is the victim that is in discussion and the computer attack is said to have taken place on Saturday night last week.

Ransomware 106

Ransomware Healthcare Cryptocurrency Cyber Attacks 106

Security Boulevard

AUGUST 22, 2022

2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report. Additional research from Sophos showed that ransom payments increased to an average of $812,360 in 2021, while the average cost to remediate an attack was $1.4 million. For nearly all (90%) organizations affected by.

Ransomware 102

Ransomware Cyber threats Threat Reports Security Awareness 102

Heimadal Security

AUGUST 22, 2022

The revitalization of the tourism and travel industry in 2022 prompted hackers to target hotel businesses, travel websites, and even tourists. The threat actor dubbed TA558 increased its activity this year, conducting phishing operations against numerous hotels and businesses in the hospitality and travel industry. How Did the Attack Happen? A collection of 15 distinct […].

Phishing 100

Phishing Cybersecurity 100

Bleeping Computer

AUGUST 22, 2022

The Federal Bureau of Investigation (FBI) warns of a rising trend of cybercriminals using residential proxies to conduct large-scale credential stuffing attacks without being tracked, flagged, or blocked. [.].

99

99

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

AUGUST 22, 2022

Evidence suggests that cybercriminals can infiltrate 93% of all networks, even though organizations plow billions of dollars on cybersecurity each year. This is because most organizational approaches to cybersecurity are still overly centered around beefing up technological controls instead of focusing on the weakest link—human beings. Per Verizon’s 2022 Data Breach Investigation Report, stolen credentials, The post 4 Tips to Develop a Human-Layered Cybersecurity Defense appeared first on Securi

Cybersecurity 98

Cybersecurity Data breaches Technology Security Awareness 98

Bleeping Computer

AUGUST 22, 2022

Residents of Northwestern parts of the U.S. and Canada were baffled at seeing a bright trail of lights—almost like a train flying through the skies over the weekend. The mystery seems to have now been resolved. And, it's not the aliens. This moving cluster comprises SpaceX's 53 Starlink satellites launched from Florida this Friday. [.].

Technology 98

Technology 98

Security Boulevard

AUGUST 22, 2022

Has ESG Become aWake-Up Call for Cybersecurity? Even with ransomware costing billions of dollars in losses and cyber insurance claims, organizations are still impacted beyond the checkbook. Brand imaging, lawsuits, loss of respect in the industry, and mass departures of crucial personnel all stem from people’s perceptions of the organization’s actions during a crisis.

Cybersecurity 98

Cybersecurity Cyber Insurance Insurance CISO 98

The Hacker News

AUGUST 22, 2022

Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen?

Cyber Risk 98

Cyber Risk Malware Risk 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

AUGUST 22, 2022

Looking for new tools and partners to enhance user experience, collect visitor analytics, engage prospects and customers through chatbots or advertising, automate information request forms, and process credit cards, among many other functions? Consider the security side of things or it might cost you millions. The post Ecommerce, Digital and Marketing Teams in the Security and Privacy Crosshairs appeared first on Source Defense.

eCommerce 98

eCommerce Marketing Advertising 98

Bleeping Computer

AUGUST 22, 2022

U.S. healthcare provider Novant Health has disclosed a data breach impacting 1,362,296 individuals who have had their sensitive information mistakenly collected by the Meta Pixel ad tracking script. [.].

Healthcare 96

Healthcare Data breaches 96

Security Boulevard

AUGUST 22, 2022

NSO, notorious producer of the Pegasus nation-state spyware, is struggling. So it’s dumped its CEO, Shalev Hulio, and around 100 employees. The post NSO Group Fires CEO — and 100 Staff — in Spyware ‘Streamlining’ appeared first on Security Boulevard.

Spyware 98

Spyware Social Engineering Security Awareness Engineering 98

Security Affairs

AUGUST 22, 2022

Researchers spotted a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to weaponize Microsoft Office and Adobe PDF documents to deliver malicious code.

Malware 96

Malware Banking Mobile Advertising 96

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

AUGUST 22, 2022

Between a global pandemic, rapid shifts in consumer spending and even inclement weather, there are a wide range of factors that have contributed to the semiconductor chip shortage. These semiconductors, which are essential to the production of many everyday electronics, have become increasingly scarce. In response, the U.S. has passed new legislation that will incentivize.

Manufacturing 98

Manufacturing Cybersecurity Network Security 98

Dark Reading

AUGUST 22, 2022

Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language.

Ransomware 98

Ransomware Malware 98

Security Boulevard

AUGUST 22, 2022

SiliconANGLE published a list of the Top 7 cybersecurity innovators from the myriad of companies that exhibited at BlackHat 2022 in Las Vegas, August 6-11, 2022. As part of the vetting process, BluBracket conducted a briefing with Jason Bloomberg, founder and president of analyst firm Intellyx, which advises business leaders and technology vendors on their […].

Cybersecurity 98

Cybersecurity Technology 98

The Hacker News

AUGUST 22, 2022

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves.

98

98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

AUGUST 22, 2022

A recent vulnerability found in Palo Alto Networks' PAN-OS has been added to the catalog of Known Exploitable Vulnerabilities from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). [.].

DDOS 95

DDOS Cybersecurity 95

Security Boulevard

AUGUST 22, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless Cryptominer to […]… Read More.

Cybersecurity 97

Cybersecurity InfoSec 97

Heimadal Security

AUGUST 22, 2022

Malicious actors have taken advantage of a zero-day flaw in General Bytes Bitcoin ATM servers to steal cryptocurrency from clients. The way it works is that once a person deposits or buys bitcoin through the ATM, the money will instead be diverted to the threat actors. The hardware and software company General Bytes produces Bitcoin […]. The post Zero-day Vulnerability Abused by Cybercriminals to Steal Crypto from Bitcoin ATMs appeared first on Heimdal Security Blog.

Cryptocurrency 96

Cryptocurrency Software Cybersecurity 96

Security Boulevard

AUGUST 22, 2022

Open-source software brings many benefits to the modern business environment. And, in terms of security, the more developers involved in open-source software, the better — arguably, there’s a better overall security foundation if there are more eyes to spot flaws. As such, software supply chain issues and vulnerabilities around popular open-source packages continue to be.

Software 96

Software 96

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.