Schneier on Security

FEBRUARY 9, 2021

MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. “The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report sha

Software 356

Software 356

Krebs on Security

FEBRUARY 9, 2021

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws. Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems w

DNS 287

DNS Backups Software Phishing 287

Tech Republic Security

FEBRUARY 9, 2021

All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.

Media 217

Media DDOS Internet Internet 217

Joseph Steinberg

FEBRUARY 9, 2021

As I discussed last month, smaller businesses continue to suffer a disproportionate share of severe cyber-breaches , and a significant percentage of those organizations that are successfully penetrated go out-of-business within a year as a result. One significant contributing factor to the danger faced by smaller firms is that once they are large enough to operate their own infrastructure, their security teams and technologies often function primarily in a reactive mode, a problem caused, at lea

Firewall 151

Firewall Technology Artificial Intelligence Risk 151

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 9, 2021

Local officials said someone took over their TeamViewer system and dangerously increased the levels of lye in the town's water.

218

218

Bleeping Computer

FEBRUARY 9, 2021

A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [.].

Hacking 145

Hacking Software 145

CyberSecurity Insiders

FEBRUARY 9, 2021

Ensure the security of your organization’s sensitive data with this data loss prevention checklist, intended to help mitigate both internal and outsider threats. For companies worldwide, it has become essential to safeguard sensitive information such as Personally Identifiable Information (PII), Protected Health Information (PHI), and customer financial information.

Unstructured Data 145

Unstructured Data Risk Education Marketing 145

Bleeping Computer

FEBRUARY 9, 2021

A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [.].

Hacking 145

Hacking Software 145

Hot for Security

FEBRUARY 9, 2021

Ransomware gang Conti blamed for attack on Florida-based Leon Medical Center Malware delivered via a poisoned document mistakenly opened by staff member. The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.

Healthcare 145

Healthcare Ransomware Insurance Malware 145

Security Boulevard

FEBRUARY 9, 2021

Cyberattacks on transportation OT systems could disrupt port management, customs approval processes or facilitate the import of illegal goods. The post The Cyber Risks of Transportation’s Connected OT/IoT Systems appeared first on Nozomi Networks. The post The Cyber Risks of Transportation’s Connected OT/IoT Systems appeared first on Security Boulevard.

Cyber Risk 144

Cyber Risk IoT Risk Cybersecurity 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

FEBRUARY 9, 2021

Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible. [.].

143

143

Zero Day

FEBRUARY 9, 2021

New "dependency confusion" technique, also known as a "substitution attack," allows threat actors to sneak malicious code inside private code repositories by registering internal library names on public package indexes.

136

136

Bleeping Computer

FEBRUARY 9, 2021

The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize. [.].

Ransomware 137

Ransomware 137

SecureWorld News

FEBRUARY 9, 2021

Have you ever purchased a bottle of drain cleaner? A primary ingredient is lye. The chemical burns through clogs, but can also burn your eyes and skin. And it can kill you if you drink too much. That's why it is so disturbing that a hacker tried to poison a Florida city by spiking the local water with massive amounts of of this chemical. Let's look at the hacker's timeline and movements.

Cyber Attacks 135

Cyber Attacks Hacking 135

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

FEBRUARY 9, 2021

This year has seen a major shift in remote working. After the issuance of movement restriction policies by the government to avoid the spread of coronavirus, organizations had no choice but to send people home. Most were in a hurry to get people up and working from home such that most resulted in advising some people to use their own devices. It is also highly likely that most overlooked the importance of cybersecurity.

VPN 133

VPN Antivirus Internet Internet 133

CSO Magazine

FEBRUARY 9, 2021

Privacy and security regulations are evolving quickly. The European Union's GDPR and California's new CPRA law are only the most high-profile examples. According to Privacy Desk , around 110 countries have data protection and privacy laws in place. Within the US, hundreds of state-level bills are pending. Nevada, Maine, Oregon, and Texas are among the states that have already passed consumer information protection acts.

132

132

CyberSecurity Insiders

FEBRUARY 9, 2021

An 8 member group of cyber criminals reportedly indulged in cyber crime involving cryptocurrency steal and personal information of many celebrities pertaining to Sports and Movie field of United States. The National Crime Agency(NCA) of United States that launched a probe in the incident last month found that an eight member gang of criminals hacked many phone lines of musicians, their families, and some sports and movie stars to steal personal information such as the banking details and content

Cyber Attacks 133

Cyber Attacks Banking Cryptocurrency Accountability 133

Security Boulevard

FEBRUARY 9, 2021

A small municipal water supply was briefly tainted by a dangerous chemical: Another reminder of the risks of SCADA on the internet. The post Water Supply Poisoned by Hacker in Oldsmar, Fla. appeared first on Security Boulevard.

Internet 130

Internet Internet Risk Social Engineering 130

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

FEBRUARY 9, 2021

Adobe released security patches for 50 flaws affecting six products, including a zero-day flaw in Reader that has been exploited in the wild. Adobe has released security updates that address 50 vulnerabilities affecting its Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver products. Adobe fixed 23 CVEs in Adobe Reader , 17 of which have been rated as Critical.

Hacking 130

Hacking Software Information Security Malware 130

Security Boulevard

FEBRUARY 9, 2021

I have often written about the Kubler Ross stages of a data breach: denial, investigation, anger, blame, acceptance and litigation. Or something like that. A recent case in the federal appeals court in Georgia points out a problem with post-breach class-action litigation. Who is actually “harmed” by a data breach, and is that harm the. The post Can Breach Victims Sue Now for Future Harm?

Data breaches 130

Data breaches Data privacy Risk Government 130

The State of Security

FEBRUARY 9, 2021

An attacker hacked into a Florida city’s water treatment plant and attempted to leverage that access to poison the municipality’s water supply. According to WTSP-TV, an operator at the water treatment plant in the 15,000-person City of Oldsmar, Florida noticed someone controlling his mouse cursor on February 5 at around 08:00. The operator didn’t think much […]… Read More.

Hacking 129

Hacking 129

CSO Magazine

FEBRUARY 9, 2021

Last month, the UK's National Cyber Security Centre reported that one organization paid nearly $9 million to attackers for a decryption key after falling victim to a ransomware attack. The organization recovered its files, but it did not identify the root cause of the attack.

Ransomware 129

Ransomware 129

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

FEBRUARY 9, 2021

CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. [.].

Ransomware 133

Ransomware 133

We Live Security

FEBRUARY 9, 2021

While the incursion was thwarted in time, cyberattacks targeting critical infrastructure are a major cause for concern. The post Hacker attempts to poison Florida city’s water supply appeared first on WeLiveSecurity.

Cybercrime 137

Cybercrime 137

Security Boulevard

FEBRUARY 9, 2021

An attacker used the TeamViewer app to remotely access Oldsmar’s water treatment system. This is a wakeup call for water districts everywhere. The post Hard Lessons from the Oldsmar Water Facility Cyberattack Hack appeared first on Nozomi Networks. The post Hard Lessons from the Oldsmar Water Facility Cyberattack Hack appeared first on Security Boulevard.

Hacking 126

Hacking IoT Cybersecurity 126

NSTIC

FEBRUARY 9, 2021

We are excited to introduce our first guest author in this blog series, Ryan McKenna, at University of Massachusetts at Amherst, whose research represents the state of the art in the subject of this blog post: answering workloads of statistical queries with differential privacy. - Joseph Near and David Darais To date, this series focused on relatively simple data analyses, such as learning one summary statistic about our data at a time.

125

125

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

FEBRUARY 9, 2021

2021 has barely begun and we have already witnessed what appears to be the biggest compilation of breached credentials in our lifetime. The Compilation of Many Breaches (COMB) was recently made available via an online forum, as broken by CyberNews, and contains over 3.2 billion credentials built up of unique pairs of cleartext emails and […]. The post Combating COMB: 3.2 billion credentials leaked in breach compilation appeared first on Blueliv.

Data breaches 123

Data breaches 123

Bleeping Computer

FEBRUARY 9, 2021

Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [.].

141

141

Security Boulevard

FEBRUARY 9, 2021

A report published by F5 Labs today finds that while the total number of credential spills involving large pairs of usernames and passwords doubled from 2016 to 2020, the volume of spilled credentials has been steadily declining during the same period. The average spill size declined from 63 million records in 2016 to 17 million. The post F5 Labs Survey Sees Decline in Credential Spill Volume appeared first on Security Boulevard.

Passwords 121

Passwords Security Awareness Cybersecurity 121

Bleeping Computer

FEBRUARY 9, 2021

Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. [.].

120

120

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.