Krebs on Security

OCTOBER 14, 2021

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication

Education 307

Education Computers and Electronics Hacking Media 307

Schneier on Security

OCTOBER 14, 2021

This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page.

244

244

Tech Republic Security

OCTOBER 14, 2021

The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it's dangerous.

Ransomware 203

Ransomware Software 203

Schneier on Security

OCTOBER 14, 2021

New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek website [link] taunts users with GAN generated images that seem too real to believe. On the other hand, GANs do leak information about their training data, as evidenced by membership attacks recently demonstrated in the literature.

250

250

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 14, 2021

A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer.

Phishing 183

Phishing 183

Security Boulevard

OCTOBER 14, 2021

In early October 2021, director of the NSA and U.S. Cyber Command General Paul Nakasone spoke at the 2021 Mandiant Cyber Defense Summit. In his speech, Nakasone detailed numerous ongoing influence operations and outlined how the entities he commands are tackling nation-state threats. He noted that the main challenge his organizations face can be summed.

Social Engineering 145

Social Engineering Artificial Intelligence Engineering Risk 145

We Live Security

OCTOBER 14, 2021

There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe? The post Employee offboarding: Why companies must close a crucial gap in their security strategy appeared first on WeLiveSecurity.

Data breaches 142

Data breaches Risk Cybersecurity 142

CyberSecurity Insiders

OCTOBER 14, 2021

From now on, all WhatsApp backups will be protected by a password enabled encryption method offering an extra layer of security protection to users from spying eyes. The Facebook giant’s subsidiary has notified to all its global iOS and Android users that it will provide a 64 digit key to secure the messages stored on the user cloud accounts, respectively.

Backups 137

Backups Encryption Passwords Accountability 137

The State of Security

OCTOBER 14, 2021

VirusTotal's first Ransomware Activity Report reveals that it received ransomware submissions from 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020. Read more in my article on the Tripwire State of Security blog.

Ransomware 135

Ransomware Malware 135

CSO Magazine

OCTOBER 14, 2021

REvil is a ransomware-as-a-service (RaaS) operation that has extorted large amounts of money from organizations worldwide over the past year. Its name stands for Ransomware Evil and was inspired by the Resident Evil movie series. According to recent reports from security firms, it is the most widespread ransomware threat and the group behind it doubles down on its extortion efforts by also stealing business data and threatening to release it. [ Read our blue team's guide for ransomware preventio

Ransomware 133

Ransomware CSO 133

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

OCTOBER 14, 2021

This blog was written by an independent guest blogger. The FBI recently published a warning stating that ransomware gang OnePercent Group has been attacking companies in the US since November 2020. This gang of cybercriminals targets individuals within an organization with social engineering tactics designed to fool them into opening a document from a ZIP file attached to an email.

Social Engineering 133

Social Engineering Ransomware Engineering Phishing 133

Malwarebytes

OCTOBER 14, 2021

Researchers at Imperva uncovered a new ad injection campaign based on an adblocker named AllBlock. The AllBlock extension was available at the time of writing for Chrome and Opera in the respective web stores. While disguising your adware as an adblocker may seem counterintuitive, it is actually a smart thing to do. But let’s have a look at what they did and how, first.

Advertising 125

Advertising Adware Engineering Malware 125

CyberSecurity Insiders

OCTOBER 14, 2021

A discovery of seven zero day vulnerabilities in Microsoft Windows Operating System has reportedly put billions of PC users to risk. And reports are in that the bug/s have existed in the wild since 2007, the time when the Satya Nadella led company released the Vista version of its Windows OS. Field Effect is the Cybersecurity firm that discovered the details and collectedly named its find as Blackswan, a susceptibility that could affect individuals, government organizations and even private comp

Risk 120

Risk Threat Detection Engineering Government 120

The Hacker News

OCTOBER 14, 2021

Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.

Phishing 118

Phishing Internet Internet Government 118

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

OCTOBER 14, 2021

. Photo by GitHub. GitHub announced GitHub Actions in late 2018 as a new CI/CD platform where users can automate workflows and build development cycles. The post Top 10 GitHub Actions You Should Use to set up your CI/CD Pipeline appeared first on Security Boulevard.

Network Security 119

Network Security 119

Bleeping Computer

OCTOBER 14, 2021

Microsoft has released a Linux version of the very popular Sysmon system monitoring utility for Windows, allowing Linux administrators to monitor devices for malicious activity. [.].

Software 122

Software 122

Cisco Security

OCTOBER 14, 2021

During a ransomware attack, it is critical to detect and respond early and quickly. By decreasing your mean time to detection in identifying the attacker’s behavior, your security team can quickly investigate and respond timely to prevent a ransomware incident. And, if you can interrupt the attacker’s tools, tactics, or techniques early in the process that will force most attackers to abandon the campaign as they cannot progress further along in the “kill chain”.

Ransomware 117

Ransomware Encryption Threat Detection Technology 117

CSO Magazine

OCTOBER 14, 2021

The already difficult task of attributing a cybersecurity attack to a particular threat actor is made harder by the shape-shifting nature of threat groups. Despite the best efforts of researchers, some attackers may never be identified. At last week's VB2021 conference, cybersecurity analysts and researchers walked through the breadcrumbs they followed to identify the malicious actors behind the Colonial Pipeline , Sony Pictures, and Iran railway system attacks.

Cybersecurity 112

Cybersecurity 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

OCTOBER 14, 2021

Last week saw the fourth occurrence of the Objective by the Sea (OBTS) security conference, which is the only security conference to focus exclusively on Apple’s ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security conference for so long, were primed and ready to share all kinds of good information.

Spyware 109

Spyware Backups Passwords Authentication 109

TrustArc

OCTOBER 14, 2021

Below are snapshots of recent global updates courtesy of Nymity Research. Law Enforcement: South Korea PIPC Requirements for Emergency Disclosures Personal information handlers may be required to disclose personal data to law enforcement to protect an individual’s life or if required by law (i.e., disaster prevention, locate missing children, emergency rescue requests); personal data disclosed […].

105

105

Digital Guardian

OCTOBER 14, 2021

We're poised to break records this year when it comes to statistics on breaches, ransomware, and phishing, according to a new report.

Data breaches 122

Data breaches Phishing Ransomware 122

The Hacker News

OCTOBER 14, 2021

Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call.

Hacking 102

Hacking Passwords Software 102

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

OCTOBER 14, 2021

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.

Wireless 101

Wireless Passwords Accountability Mobile 101

Bleeping Computer

OCTOBER 14, 2021

Microsoft has confirmed new Windows 11 known issues which cause printers installation fails on systems commonly found in enterprise environments. [.].

115

115

The State of Security

OCTOBER 14, 2021

Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this. Although I would normally […]… Read More.

Software 101

Software 101

The Hacker News

OCTOBER 14, 2021

Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture.

Risk 99

Risk 99

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

OCTOBER 14, 2021

Apple wants lawmakers to know that sideloading apps is dangerous, and that its droolingly dim customers can’t be trusted. The post Apple Says iPhone Users are Stupid appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Security Awareness Engineering Risk 98

The Hacker News

OCTOBER 14, 2021

A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research.

Encryption 98

Encryption Authentication 98

Bleeping Computer

OCTOBER 14, 2021

A new and still under development ransomware strain is being used in highly targeted attacks against enterprise entities as Broadcom's Symantec Threat Hunter Team discovered. [.].

Ransomware 99

Ransomware 99

Acunetix

OCTOBER 14, 2021

A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.5.211008143. This Acunetix release introduces support for the Brotli encoding and URL optional fields. The Node.js IAST AcuSensor has been updated to support numerous frameworks and the JAVA IAST AcuSensor can now. Read more. The post Acunetix introduces support for Brotli encoding, IAST support for new Node.js frameworks, and many new vulnerability checks appeared first on Acunetix.

97

97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.