Thu.Feb 11, 2021

article thumbnail

Do Not Post Your COVID-19 Vaccination Card On Social Media

Joseph Steinberg

It seems like every day that I see social media posts in which people share photos of the official COVID-19 vaccine card that they have received after being vaccinated against the novel coronavirus that has inflicted tremendous suffering worldwide over the past year. While it is easy to understand why people are eager to celebrate their vaccinations, sharing photos of your physical vaccination card (in the USA, The CDC “COVID-19 Vaccination Record Card”) opens the door for multiple potential pro

Media 344
article thumbnail

I’ve made it!

Javvad Malik

First off, happy new year! (Well if the tax man can start the new year in April, I can start it on Feb 11th!). Secondly, Infosecurity Magazine was ever so kind as to feature an interview with me in the Q1, 2021, Voume 18, Issue 1 edition. (the link should take you to the digital version if you’re so inclined). Of course, I won’t miss any opportunity to brag and blow my own trumpet.

245
245
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Working at a safe distance, safely: Remote work at industrial sites brings extra cyber risk

Tech Republic Security

When workers need to get things done in a dangerous locale, sometimes they have to be distant. This opens up plenty of cybersecurity hazards. We spoke with one expert about how to achieve that security.

article thumbnail

Eight men arrested following celebrity SIM-swapping attacks

Graham Cluley

British police have arrested eight men in connection with a series of SIM-swapping attacks which saw criminals hijack the social media accounts of well-known figures and their families. Read more in my article on the Tripwire State of Security blog.

Media 144
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How to use the Vault command line tool to store your code secrets

Tech Republic Security

Developers must stop saving secrets in code. One way to avoid that is to use HashiCorp's Vault. Jack Wallen shows you how to install this tool and take your first steps in its usage.

160
160
article thumbnail

Is it Time to Update Your Cyber Insurance Strategy?

Security Boulevard

If anything, 2020 was about preparing for – well, everything. This includes cyberthreats, which have risen sharply in the pandemic era. In 2021, rethinking your cyber insurance strategy should be a top priority for CISOs and executive leadership. The elevated risk landscape is driving growing demand for cyber insurance: Nearly four out of five organizations.

More Trending

article thumbnail

12-year-old Windows Defender bug gives hackers admin rights

Bleeping Computer

Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. [.].

Antivirus 144
article thumbnail

Avaddon ransomware decryptor released, but operators quickly reacted

Security Affairs

An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at the Rey Juan Carlos University in Madrid, he developed the AvaddonDecrypter utility that could be used by victims of the ransomware when their computers should not have

article thumbnail

How MDR Fills SASE and ZTNA Cybersecurity Gaps

Security Boulevard

The COVID-19 pandemic has forced most enterprises to change how IT operates. However, the rush to adopt new modes of work, such as remote users, work from home users and cloud services, has created numerous cybersecurity concerns. Faulty VPN configurations and sloppy policy design have left many organizations exposed and vulnerable to attack. Simply put, The post How MDR Fills SASE and ZTNA Cybersecurity Gaps appeared first on Security Boulevard.

article thumbnail

Protecting the water supply – hacker edition

We Live Security

What can municipalities do to better protect their water supply systems? The post Protecting the water supply – hacker edition appeared first on WeLiveSecurity.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Researcher’s audacious hack demonstrates new type of supply-chain attack

Malwarebytes

Often the most brilliant ideas are the most simple. The hard part is being the first one to come up with the idea and put it to use. One such brilliant yet simple idea belongs to Alex Birsan, a researcher who came up with a method to breach 35 big tech companies including Microsoft, Apple, Yelp, Paypal, Shopify, Netflix, Tesla, and Uber, that’s earned him $130,000 in bug bounties.

Hacking 129
article thumbnail

TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus

Bleeping Computer

TrickBot's stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software. [.].

Antivirus 143
article thumbnail

Growing the Next Generation of Cybersecurity Talent

Cisco Security

With the industry cyber skills gap widening , it is the role of organizations like Cisco to help foster education and grow the next generation of talent in the communities that we live, work, and serve. The persistent and everchanging landscape of cybersecurity challenges will require a new set of diverse talent. It will literally take a village and require the action of many.

article thumbnail

Buggy WordPress plugin exposes 100K sites to takeover attacks

Bleeping Computer

Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence. [.].

131
131
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Military, Nuclear Entities Under Target By Novel Android Malware

Threatpost

The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.

Malware 142
article thumbnail

Ransomware attack suspected in ECU Worldwide

CyberSecurity Insiders

ECU Worldwide, a leader that is into the business of logistics, is reported to have been targeted by a cyber attack and some suspects say that the attack could be of ransomware genre. Tim Tudor, the CEO of ECU Worldwide, stated that the company has been hit by a cyber attack and so is facing disruptions from the past 48 hours. The website of the Belgium company remains inaccessible from the past four days and the IT staff is working 24×7 to restore the systems.

article thumbnail

Various Malware Lurks in Discord App to Target Gamers

Threatpost

Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers.

Malware 114
article thumbnail

Microsoft warns of an increasing number of web shell attacks

Bleeping Computer

Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month. [.].

126
126
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Accellion to retire product at the heart of recent hacks

Zero Day

The Accellion FTA file transfer service has been at the heart of recent hacks at banks, telcos, and government organizations across the world.

Hacking 126
article thumbnail

Eight People Accused of SIM-Swapping Attacks on US Celebs Arrested Following Joint UK- US Operation

Hot for Security

An investigation led by NCA Cyber Crime with the help of the US Secret Service, Homeland Security Investigations, the FBI and the Santa Clara California District Attorney’s Office concluded with the arrest of eight people charged with illegally gaining access to the phones of high-profile victims in the US through a technique called “SIM swapping.”.

article thumbnail

The Weakest Link in Your Security Posture: Misconfigured SaaS Settings

The Hacker News

In the era of hacking and malicious actors, a company's cloud security posture is a concern that preoccupies most, if not all, organizations. Yet even more than that, it is the SaaS Security Posture Management (SSPM) that is critical to today's company security. Recently Malwarebytes released a statement on how they were targeted by Nation-State Actors implicated in SolarWinds breach.

Hacking 119
article thumbnail

Buffalo Soldiers: America’s First Park Rangers

Security Boulevard

Recently I found out blacks invented mountain biking in America. In that history I found multiple references to Buffalo Soldiers being the first park rangers in America. In 1869, Congress established four all-black regiments within the Army – the 9th and 10th Cavalry and the 24th and 25th Infantry. These soldiers, known for their fierce … Continue reading Buffalo Soldiers: America’s First Park Rangers ?.

111
111
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Hacker Personas Explained: Know Your Enemy and Protect Your Business

Webroot

In today’s rapidly evolving cybersecurity landscape, the battle for privacy and security is relentless. Cybercriminals are masters at using technology and psychology to exploit basic human trust and compromise businesses of all sizes. What’s more, they often hide in plain sight, using both covert and overt tactics to cause disruption, steal money and data, and wreak havoc with MSPs and SMBs.

Scams 109
article thumbnail

Poor Password Security Led to Recent Water Treatment Facility Hack

The Hacker News

New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments.

Passwords 110
article thumbnail

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since 2013, it mainly focused on Pakistani and other South Asian targets.

Spyware 111
article thumbnail

Inside cybersecurity’s shelfware problem

CSO Magazine

Security tools can find their way into the enterprise arsenal in interesting ways: a CIO who insisted on buying a particular technology after seeing an ad, executives who buy a specific option required to meet a business partner’s prerequisite standards for doing business, teams that carry over all existing product licenses during a merger rather than purging superfluous software.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores

Threatpost

Emails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware.

Malware 117
article thumbnail

New organization helps blind workers find their dream jobs in cybersecurity

SC Magazine

Pictured: A braille display device for computer use. (Sebastien.delorme/ CC BY-SA 3.0 , via Wikimedia Commons). Despite a sterling academic record, magna cum laude honors, and hearty recommendations from his professors, Naveen James was unable to land a job after graduating from California State Polytechnic University Pomona in 2015. Interview after interview, James would come up empty.

article thumbnail

How Email Attacks are Evolving in 2021

Threatpost

The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

article thumbnail

Researchers Uncover Android Spying Campaign Targeting Pakistan Officials

The Hacker News

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.