Troy Hunt

JUNE 9, 2021

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago , then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.

Malware 362

Malware 362

Joseph Steinberg

JUNE 9, 2021

According to the FBI, it has successfully seized most of the Bitcoin ransom paid by Colonial Pipeline to “Darkside” criminals after the highly publicized ransomware attack that led to recent gas shortages in multiple US States. Unlike reversing financial transactions performed by banks and/or classic funds-transfer networks, seizing Bitcoin typically entrails issuing a new transaction to move Bitcoin from the address at which it resides to a new address controlled by the seizer; to p

Cryptocurrency 342

Cryptocurrency Artificial Intelligence Government Banking 342

Tech Republic Security

JUNE 9, 2021

Dubbed RockYou2021, the list as revealed on a hacker forum contains 8.4 billion password entries, says CyberNews.

Passwords 218

Passwords Data breaches 218

Security Boulevard

JUNE 9, 2021

According to Ran Shahor, CEO and co-founder of HolistiCyber, a successful cybersecurity strategy should start with a detailed plan. This should place your business requirements, budget, and security posture at the forefront of any other decisions you make to keep your company assets and data secured. How do you build your strategy? Well, for starters, […].

Cybersecurity 145

Cybersecurity 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 9, 2021

Whether intentional or not, gig workers can cause security breaches. Here's how to set your company up for safety.

Risk 215

Risk Cybersecurity 215

Security Boulevard

JUNE 9, 2021

We’ve all heard how the global pandemic has accelerated workplace trends that were already well underway. Adoption of automation, e-commerce, and remote work has increased significantly, and many of the changes are here to stay. For example, many organizations that experienced positive outcomes after moving to remote work are planning to permanently reduce their on-premises.

VPN 140

VPN Cybersecurity 140

Bleeping Computer

JUNE 9, 2021

JBS, the world's largest beef producer, has confirmed that they paid an $11 million ransom after the REvil ransomware operation initially demanded $22.5 million. [.].

Ransomware 144

Ransomware 144

We Live Security

JUNE 9, 2021

ESET researchers shed light on new campaigns from the quiet Gelsemium group. The post Gelsemium: When threat actors go gardening appeared first on WeLiveSecurity.

Malware 144

Malware 144

The Hacker News

JUNE 9, 2021

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information.

134

134

NSTIC

JUNE 9, 2021

The impact of cybersecurity breaches on infrastructure control system owners/operators is more visible than ever before. Whether you work for an infrastructure owner/operator or are a consumer of an infrastructure service, the events of the past few months have made it clear that cybersecurity is an important factor in ensuring the safe and reliable delivery of goods and services.

Cybersecurity 132

Cybersecurity Risk 132

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

JUNE 9, 2021

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. Google on Wednesday rolled out an urgent update for Chrome browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.

133

133

Bleeping Computer

JUNE 9, 2021

Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning (ML) instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency. [.].

Cryptocurrency 128

Cryptocurrency 128

Security Affairs

JUNE 9, 2021

The Spanish Ministry of Labor and Social Economy (MITES) was hit by a cyberattack and is working to restore impacted services. Spain’s Ministry of Labor and Social Economy (MITES) was hit by a cyberattack on Wednesday and is working to restore impacted services. MITES is a ministerial department with an annual budget of almost €39 million, charged with coordinating and supervising Spain’s employment, social economy, and corporate social responsibility policies.

Computers and Electronics 125

Computers and Electronics Cyber Attacks Hacking Government 125

Bleeping Computer

JUNE 9, 2021

Microsoft may have mistakenly leaked that the upcoming next generation of Windows 10 will move away from its current naming scheme and switch to a macOS scheme using geographic locations or development names. [.].

127

127

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Adam Shostack

JUNE 9, 2021

There’s an infinite number of studies of ransomware lately, all breathlessly talking about how to fight this dangerous threat. They’re all dangerously wrong. Ransomware is not the problem. I’m being intentionally provocative in my latest Dark Reading Column.

Ransomware 100

Ransomware Engineering Software 100

Bleeping Computer

JUNE 9, 2021

GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python developers who may inadvertently be committing secrets and credentials to their public GitHub repos. [.].

Software 120

Software 120

CSO Magazine

JUNE 9, 2021

We all want to abide by security best practices, but who decides what is best? If something is best for one firm, it is best for all? Too often we do not take the time to analyze what we are protecting to ensure we are protecting it as well as we can. There are, however, some basic techniques that can be deployed in nearly all organizations. I’m calling these recommendations “minimum practices.

121

121

Security Boulevard

JUNE 9, 2021

Cloud-native applications that are based on new types of infrastructure such as containers and serverless platforms are being rapidly adopted by organizations worldwide. While cloud-native applications deliver compelling benefits such as elastic scalability, unmatched resilience and rapid development velocity, they also raise challenges. Cloud-native applications have a huge number of moving parts and are based […]… Read More.

120

120

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JUNE 9, 2021

The Spanish Ministry of Labor and Social Economy (MITES) is working on restoring services after being hit by a cyberattack on Wednesday. [.].

134

134

Threatpost

JUNE 9, 2021

Attackers accessed a VPN account that was no longer in use to freeze the company’s network in a ransomware attack whose repercussions are still vibrating.

VPN 128

VPN Passwords Accountability Ransomware 128

Bleeping Computer

JUNE 9, 2021

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551. [.].

Software 118

Software 118

Tech Republic Security

JUNE 9, 2021

One expert suggests ways to reach a happy medium between those who give up sensitive personal information and the organizations that use it.

125

125

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

JUNE 9, 2021

A nameless malware resulted in a huge data heist of files, credentials, cookies and more that researchers found collected into a cloud database.

Malware 129

Malware Hacking 129

Security Boulevard

JUNE 9, 2021

The cyberattack on Colonial Pipeline Co. and similar recent attacks such as the SolarWinds breach (which impacted several government agencies) revealed major vulnerabilities in government cybersecurity protocols and critical infrastructure systems, resulting in immediate action to be taken by the White House. If there’s one lesson to be learned from these breaches, it’s that organizations […].

Government 114

Government Cybersecurity 114

Malwarebytes

JUNE 9, 2021

Until the information age, cookies were only known as a tasty but unhealthy snack that some people enjoyed, and others avoided. HTTP cookies, also known as computer, browser, or Internet cookies, are similarly divisive. Although some people like the more personalized browsing experience created by cookies, others have privacy concerns. Cookies are small pieces of information that websites can store in your browser.

Mobile 113

Mobile Advertising Internet Internet 113

CyberSecurity Insiders

JUNE 9, 2021

This blog was written by an independent guest blogger. As our digital world turns toward advances in automated technology to increase efficiency and productivity, cybercriminals are also learning how to execute mass automated cyber-attacks. According to the 2021 AT&T Cybersecurity Insights Report, most people are concerned about the security of various applications and 52% believe that these threats challenge the integrity of networks.

Cyber Attacks 111

Cyber Attacks Scams Technology Cybersecurity 111

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The State of Security

JUNE 9, 2021

In a world that is constantly evaluating costs, it is little wonder that there is an increasing demand for cost-effective solutions to business problems. In the real world, this means ‘free,’ and in the digital marketplace, it means ‘open source.’ Open Source aka “Freeware” Since the early days of the internet, open source software (OSS) […]… Read More.

Risk 110

Risk Internet Internet Software 110

Security Boulevard

JUNE 9, 2021

When we talk about “surveillance culture” or the “surveillance economy” in the tech world, we’re usually talking about digital surveillance. Tracking on social media. Cookies across the web. Data brokers creating “shadow profiles.” But this week on What Does the Internet Know About Me? , I want to take a closer look at what happens when old school video surveillance crosses wires with new school digital surveillance.

Surveillance 109

Surveillance Internet Internet Media 109

Security Affairs

JUNE 9, 2021

Microsoft uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine cryptocurrency. Microsoft researchers uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for cryptocurrency. The campaign was first spotted at the end of May, experts noticed the deployment of TensorFlow pods at scale on multiple Kubernetes clusters.

Cryptocurrency 107

Cryptocurrency Hacking Information Security Cybersecurity 107

Security Boulevard

JUNE 9, 2021

After the inaugural SOCstock lit the SecOps world on fire in December, we decided to run the 2021 edition back. The post Your Groovy Guide to SOCstock 2021 appeared first on Siemplify. The post Your Groovy Guide to SOCstock 2021 appeared first on Security Boulevard.

109

109

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.