Tue.Jun 14, 2022

article thumbnail

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form

article thumbnail

Hacking Tesla’s Remote Key Cards

Schneier on Security

Interesting vulnerability in Tesla’s NFC key cards: Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys­with no authentication required and zero indication given by the in-car display. “The authorization given in the 130-second interval is too general… [it

Hacking 235
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

Krebs on Security

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. The user interface for Downthem[.]org. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com , two

DDOS 141
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022. The list is maintained on this page.

179
179
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Half of IT leaders say passwords too weak for security purposes

Tech Republic Security

Most IT leaders are worried about passwords being stolen at their organization, according to a survey from Ping Identity. The post Half of IT leaders say passwords too weak for security purposes appeared first on TechRepublic.

Passwords 152
article thumbnail

BlackCat Ransomware is being induced into Microsoft Exchange Servers

CyberSecurity Insiders

Microsoft Exchange Servers are being targeted by those spreading BlackCat Ransomware and information is out that the hackers are seen exploiting unpatched vulnerabilities on the systems to induct the said file encrypting malware. It has been observed that in over two instances the hackers could steal credentials and transit information to remote servers, to use that data for double extortion.

More Trending

article thumbnail

Vulnerability management mistakes CISOs still make

CSO Magazine

Multiple breaches, including the massive 2017 data breach at the credit reporting agency Equifax , have been traced back to unpatched vulnerabilities—a 2019 Tripwire study found that 27% of all breaches were caused by unpatched vulnerabilities, while a 2018 Ponemon study put the number at a jaw-dropping 60%.

CISO 116
article thumbnail

Is Cybersecurity a Top Priority for Politicians? World Politics and Cybersecurity

Heimadal Security

Since 2020, the Covid-19 pandemic has re-shaped the way in which we all live and work. In February 2022 another context came forth to drive change, especially in the (cyber)security market – the Russia-Ukraine conflict. This war, like the pandemic, is clearly driving the growth of the cybersecurity market, which is already expected to reach […].

article thumbnail

Ransomware gang creates site for employees to search for their stolen data

Bleeping Computer

The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack [.].

article thumbnail

Congressional hearings focus on AI, machine learning challenges in cybersecurity

CSO Magazine

Congressional hearings on artificial intelligence and machine learning in cyberspace quietly took place in the U.S. Senate Armed Forces Committee’s Subcommittee on Cyber in early May 2022. The committee discussed the topic with representatives from Google, Microsoft and the Center for Security and Emerging Technology at Georgetown University. While work has begun in earnest within industry and government, it is clear that much still needs to be done.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

IDIQ Names 3 Industry Veterans to Grow Resident-Link Product Offering

Identity IQ

IDIQ Names 3 Industry Veterans to Grow Resident-Link Product Offering. IdentityIQ. — Company adds new executive and sales leadership for product focused on credit reporting of rental payments —. Temecula, California, June 14, 2022 – IDIQ , an industry leader in identity theft protection and credit monitoring, announces three veterans in the multi-family and credit industries have joined the company to help lead the company’s newly-acquired Resident-Link product and brand.

article thumbnail

Some Cybersecurity Startups Still Attract Funding Despite Headwinds

eSecurity Planet

With the plunge in tech stocks and the freeze in the IPO market, the funding environment for cybersecurity startups has come under pressure. According to Pitchbook, the amount of venture capital investment in the first quarter was off by 35.8% to $5.1 billion on a quarter-over-quarter basis. The median late-stage valuation fell by 26.1%. VCs are certainly getting pickier with their investments.

article thumbnail

Patch Tuesday June 2022 – Microsoft Releases Several Chromium Security Updates

Heimadal Security

This month’s Patch Tuesday has brought us some improvements and fixes for issues associated with Microsoft Edge Stable Channel (Version 102.0.1245.39), which incorporates the latest Security Updates of the Chromium project for CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, and CVE-2022-2007. The Follina Vulnerability Remains Unpatched The most important vulnerability to be addressed, remains CVE-2022-30190, as it was discovered that hosts […].

96
article thumbnail

Cloudflare mitigates record-breaking HTTPS DDoS attack

Bleeping Computer

Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. [.].

DDOS 99
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Clear Majority of Cybersecurity Professionals Believe They are in a Perpetual State of Cyberwar: Venafi Survey

Security Boulevard

Clear Majority of Cybersecurity Professionals Believe They are in a Perpetual State of Cyberwar: Venafi Survey. brooke.crothers. Tue, 06/14/2022 - 16:02. 2 views. Current geo-political conflict has profound change on perception of cyberwar. The Ukraine-Russia war has caused a pronounced shift in the way Cybersecurity professionals view the cyberwar.

article thumbnail

Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws

Bleeping Computer

Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. [.].

98
article thumbnail

Identity Fraud: The New Corporate Battleground

The Security Ledger

The pandemic accelerated the migration to digital services, with millions of U.S. consumers turning to the internet for everything from medical care to shopping and banking. But as consumers increasingly move their transactions online, criminals enjoy a landscape ripe for identity fraud, John Buzzard of Javelin Strategy writes in this Expert. Read the whole entry. » Related Stories Understanding the Economic Impact of Credential Stuffing Attacks How to Bring the Power of No-Code Security Au

Banking 98
article thumbnail

Android malware on the Google Play Store gets 2 million downloads

Bleeping Computer

Cybersecurity researchers have discovered adware and information-stealing malware on the Google Play Store last month, with at least five still available and having amassed over two million downloads. [.].

Adware 98
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

The Hacker News

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date.

DDOS 98
article thumbnail

Noname Security Expands API Security Platform

Security Boulevard

Noname Security has updated its platform for securing application programming interfaces (APIs) to make it possible to discover them in seconds and then automatically remediate vulnerabilities when discovered. In addition, Noname API Security Platform 3.0 added a revamped user interface to make it easier to drill down into, customize and export views along with a.

article thumbnail

Latest Chrome Update Resolves Four High Risk Vulnerabilities

Digital Guardian

Google has yet again updated Chrome to resolve multiple vulnerabilities in the browser, including four marked high severity.

Risk 119
article thumbnail

New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets"

The Hacker News

A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet.

98
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Microsoft patches actively exploited Follina Windows zero-day

Bleeping Computer

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. [.].

98
article thumbnail

Don’t panic! “Unpatchable” Mac vulnerability discovered

Malwarebytes

Researchers at MIT’s Computer Science & Artificial Intelligence Lab (CSAIL) found an attack surface in a hardware-level security mechanism utilized in Apple M1 chips. The flaw is unpatchable, but attackers would need to chain it with other vulnerabilities to make use of the attack method. The hardware attack can bypass Pointer Authentication (PAC) on the Apple M1 CPU.

article thumbnail

DTEX Systems Wins “Most Innovative Data Loss Prevention” and “Publisher’s Choice Insider Threat Prevention” in Global InfoSec Awards During RSA Conference 2022

Security Boulevard

After 2+ years, it was great to finally be back on-site at the 2022 RSA Conference (RSAC), the world’s leading information security conference and expo. It was even more exciting to kick off the week with two prestigious award wins from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine, including Most Innovative … Continued.

InfoSec 96
article thumbnail

Enterprise Mobile Security in 2022: How Your Business Can Stay Protected

Appknox

If you are not taking enterprise mobile security seriously, look at these stats:

Mobile 140
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

How to Build a Targeted and Sustainable Cybersecurity Budget

Security Boulevard

How Much is Enough? How to Build a Targeted and Sustainable Cybersecurity Budget Ensuring cybersecurity investments align with the business’ goals is a key element of success, however, managing the two simultaneously can be extremely challenging. Kev Eley, Vice President…. The post How to Build a Targeted and Sustainable Cybersecurity Budget appeared first on LogRhythm.

article thumbnail

Windows 11 KB5014697 update adds Spotlight for Desktop, fixes 33 bugs

Bleeping Computer

Microsoft has released the Windows 11 KB5014697 cumulative update with security updates, improvements, and the new Spotlight for Desktop feature that automatically changes your desktop background. [.].

98
article thumbnail

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

The Hacker News

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks.

97
article thumbnail

New Hertzbleed side-channel attack affects Intel, AMD CPUs

Bleeping Computer

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS). [.].

107
107
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.