Thu.Feb 03, 2022

article thumbnail

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft ).

Phishing 309
article thumbnail

Interview with the Head of the NSA’s Research Directorate

Schneier on Security

MIT Technology Review published an interview with Gil Herrera, the new head of the NSA’s Research Directorate. There’s a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps tackle one of NSA’s most interesting problems: big data.

Big data 273
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. In effect, my passwords are now “keys” — and I must authenticate across many accounts, multiple times per day, on a variety of device platforms.

article thumbnail

Symantec finds evidence of continued Russian hacking campaigns in Ukraine

Tech Republic Security

APT group Armageddon was identified as acting against Ukraine late last year, and Symantec’s own data backs up that presented by The Security Service of Ukraine. The post Symantec finds evidence of continued Russian hacking campaigns in Ukraine appeared first on TechRepublic.

Hacking 156
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

A worrying Etsy listing reveals the stalking potential of Apple’s AirTags

Malwarebytes

In April of 2021, Apple introduced AirTags to the world, making the small tracking devices—similar to a Tile— available for purchase at the end of that month. The circular, coin-like product is designed to be attached to or placed in objects that are commonly lost, such as keychains, wallets, purses, backpacks, etc. You can track an AirTag with your iPhone in some powerful ways, enabling you to locate a set of keys that has fallen down between the cushions of a couch, for example.

article thumbnail

Bring a burner to the Olympics, and other mobile device travel safety tips

Tech Republic Security

Those traveling to China for the 2022 Winter Olympics have been advised to bring burner phones. Here’s how to use travel tips like that one to keep yourself safe anywhere in the world. The post Bring a burner to the Olympics, and other mobile device travel safety tips appeared first on TechRepublic.

Mobile 149

More Trending

article thumbnail

Are IT and OT losing the ransomware battle?

Tech Republic Security

A report from Claroty finds ransomware attacks against critical infrastructures rampant, and paying ransoms often results in less downtime and lost revenue. Is there a way out? The post Are IT and OT losing the ransomware battle? appeared first on TechRepublic.

article thumbnail

BlackCat ransomware – what you need to know

The State of Security

What is this BlackCat thing I’ve heard about? BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide. What makes BlackCat different from other ransomware-as-a-service providers? Like other ransomware groups, BlackCat extorts money from targeted organisations by stealing sensitive […]… Read More.

article thumbnail

Kaspersky: Many wearables and healthcare devices are open to attack due to vulnerable data transfer protocol

Tech Republic Security

Security analysts found 33 weak points in MMQT, a frequently used protocol that rarely involves authentication or encryption. The post Kaspersky: Many wearables and healthcare devices are open to attack due to vulnerable data transfer protocol appeared first on TechRepublic.

article thumbnail

Meet an Open Source Contributor: Sal Kimmich

Security Boulevard

Editor's Note: We’re celebrating February 3rd, the day the term ‘Open Source’ was first coined , as World Open Source Day here at Sonatype by recognizing our incredible maintainers and contributors, and the open source projects they support. Read all about Sal Kimmich's journey below. . The post Meet an Open Source Contributor: Sal Kimmich appeared first on Security Boulevard.

129
129
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

US hacker claims to have downed the internet of North Korea

CyberSecurity Insiders

A hacker from United States named P4x has admitted that he took down the internet of North Korea last week by launching a distributed denial of service attack on the central DNS servers of the country. The denial of service attack launched by P4x was retaliation for the digital attack made on him or the US government by Pyongyang’s DPK hackers. Reports are in that the attack might have been funded by American intelligence in order to punish the Kim Jong Un nation for testing missiles from Septem

Internet 127
article thumbnail

Solving The Remote-Work Productivity Questions Once And For All

IT Security Central

There has been no shortage of digital ink spilled about the merits and pitfalls of remote work. A seemingly unending surge of worker surveys, scientific studies, pundit prognostications and C-suite demands have coalesced around the one intractable truth — nobody seems to agree if remote work is a productivity boon or bust. To be sure, […]. The post Solving The Remote-Work Productivity Questions Once And For All first appeared on IT Security Central - Teramind Blog.

125
125
article thumbnail

Smashing Security podcast #260: New hire mystery, hacktivist ransomware, and digi-dating

Graham Cluley

Who's that new guy working at your company, and why don't you recognise him from the interview? How are hacktivists raising the heat in Belarus? And should you be fully vaxxed for your online date? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

article thumbnail

Heimdal CyberSecurity & Threat Intelligence Report 2021

Heimadal Security

It should come as no surprise that 2021 will be recalled as one of the most disrupting years in the history of cyber-attacks, with ransomware causing mayhem on companies and governments, as well as essential infrastructure, on a scale never previously seen. Looking Back at 2021 The “new normal” foisted upon organizations as they accommodate […].

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Cyber Attack on Europe’s major Oil terminal

CyberSecurity Insiders

A Cyber Attack on Europe’s major oil terminal could trigger an oil shortage in coming days and that too at the time when the entire nation was suffering to curtail the already high energy prices. Cybersecurity Insiders have learnt that the fuel shortage is being caused because of a digital attack that has affected all the port terminals that handle oil barges.

article thumbnail

Why Companies Should Contribute to Open Source – and How to Do It

Security Boulevard

Contributing to open source software is beneficial to a business, its developers, and the open source software (OSS) packages they rely on. By giving back, a company can be confident the foundational technologies for their business are secure and reduce the tech debt by relying on publicly-maintained versions. The post Why Companies Should Contribute to Open Source – and How to Do It appeared first on Security Boulevard.

Software 111
article thumbnail

Using KPIs to generate results in Cybersecurity

CyberSecurity Insiders

Gaining investment from business leaders to create a mature cybersecurity program and fund initiatives is an imperative for success in enterprise risk mitigation. All too often, security and IT organizations struggle to capture the attention of executives needed to advance their priorities and build even basic cybersecurity capabilities. Year after year, important initiatives get deprioritized for other business initiatives, pushing out the adoption of important technologies or funding of headco

article thumbnail

New SEO Poisoning Campaign Is Wreaking Havoc on the Cyberthreat Landscape

Heimadal Security

A new SEO poisoning campaign is currently taking place with the goal of dropping the Batloader and Atera Agent malware into the targeted systems. It seems that it’s directed towards professionals who are on the lookout for downloading productivity tools like TeamViewer, Zoom, or Visual Studio. What Is SEO Poisoning? SEO poisoning is a technique […].

Malware 106
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

DHS creates Cyber Safety Review Board to review significant cybersecurity incidents

CSO Magazine

Following President Biden’s cybersecurity executive order issued last May, the Department of Homeland Security (DHS) announced on February 3 the creation of the Cyber Safety Review Board (CSRB). This public-private initiative is charged with reviewing and assessing significant cybersecurity incidents across government and the private sector. “The CSRB will provide a unique forum for collaboration between government and private sector leaders who will deliver strategic recommendations to the Pres

article thumbnail

Ransomware Attack Against KP Snacks

Heimadal Security

KP Snacks is a leading manufacturer of popular British snacks, such as PopChips, Skips, Hula Hoops, Penn State pretzels, McCoy’s, and Wheat Crunchies. With over 2,000 workers and yearly sales of more than $600 million, KP Snack represents a tempting target for threat actors. What Happened? A cyber-attack on KP Snacks caused supply chain disruptions across […].

article thumbnail

Oil terminals in Europe’s biggest ports hit by a cyberattack

Security Affairs

A cyber attack hit the oil terminals of some of the biggest European ports impacting their operations. Some of the major oil terminals in Western Europe’s biggest ports have been targeted with a cyberattack. Threat actors have hit multiple oil facilities in Belgium’s ports, including Antwerp, which is the second biggest port in Europe after Rotterdam.

article thumbnail

Target shares its own web skimming detection tool Merry Maker with the world

CSO Magazine

Web skimming has been a major scourge for online shops over the past several years with attacks ranging from simple script injections into payment forms to sophisticated compromises of legitimate third-party scripts and services. Sometimes referred to as Magecart attacks , they have become the leading cause of card-not-present (CNP) fraud and have impacted small and big brands alike, as well as different types of ecommerce platforms.

eCommerce 101
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Target open sources scanner for digital credit card skimmers

Bleeping Computer

Target, one of the largest American department store chains and e-commerce retailers, has open sourced 'Merry Maker' - its years-old proprietary scanner for payment card skimming. [.].

Retail 109
article thumbnail

How SSPM Simplifies Your SOC2 SaaS Security Posture Audit

The Hacker News

An accountant and a security expert walk into a bar… SOC2 is no joke. Whether you're a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public Accountant (CPA).

article thumbnail

US Hacker ‘P4x’ Gets Back at Pyongyang (but We Smell a Rat)

Security Boulevard

An infosec researcher was hacked by North Korea. U.S. law enforcement did nothing, so he took matters into his own hands. The post US Hacker ‘P4x’ Gets Back at Pyongyang (but We Smell a Rat) appeared first on Security Boulevard.

InfoSec 98
article thumbnail

Windows Terminal now can automatically launch profiles as Administrator

Bleeping Computer

Microsoft released today a new Windows Terminal version that comes with a long-awaited feature making it possible to launch profiles that will automatically run as Administrator. [.].

100
100
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Segregation of Duties: What it is and Why it’s Important

Security Boulevard

Successfully managing risk across the enterprise is undoubtedly one of the stiffest challenges faced by today’s security professionals. Read More. The post Segregation of Duties: What it is and Why it’s Important appeared first on Hyperproof. The post Segregation of Duties: What it is and Why it’s Important appeared first on Security Boulevard.

Risk 98
article thumbnail

Conti Ransomware hits British Company KP Snacks

CyberSecurity Insiders

KP Snacks was hit by Conti Ransomware group last week and so a legal counsel and a team of security experts have been hired to investigate the incident to the core. KP stands for Kenyon Produce (KP) and is known to produce famous snacks such as Skips, Hula Hoops, Penn State Pretzels, McCoy’s, Nut Medleys, Veg Crisps, Furrows Crisps, Popcorn, Tyrrells, Pom-Bear, Wheat Crunchies and popchips.

article thumbnail

JumpCloud Adds Patch Management to Directory Platform

Security Boulevard

JumpCloud today added a patch management option, delivered as a cloud service, to its directory platform. Greg Armanini, senior director of product management for JumpCloud, said IT teams can schedule and automatically apply patch updates, track versions of patches and create reports on operating system patches for both Apple macOS and Microsoft Windows systems via.

article thumbnail

Zimbra zero-day vulnerability actively exploited to steal emails

Bleeping Computer

A cross-site scripting (XSS) Zimbra security vulnerability is actively exploited in attacks targeting European media and government organizations. [.].

Media 116
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.