The Last Watchdog

MAY 25, 2021

Resilience was the theme of RSA Conference 2021 which took place virtually last week. Related: Web attacks spike 62 percent in 2020. I’ve been covering this cybersecurity gathering since 2004 and each year cybersecurity materially advances. By the same token, the difficulties of defending modern IT systems has redoubled as organizations try to balance security and productivity.

Internet 214

Internet Internet Cybersecurity Software 214

Tech Republic Security

MAY 25, 2021

It's critical to plug cybersecurity vulnerabilities before bad guys get wind of them. To make that happen, businesses should encourage security and developer teams to collaborate, says an expert.

Cybersecurity 180

Cybersecurity 180

Hot for Security

MAY 25, 2021

Apple Mac users are being advised to update their operating system as a matter of priority, after malicious hackers have discovered a way of bypassing the privacy protections built into Apple Macs. The vulnerability , allows attackers to gain permissions on vulnerable Macs without users’ granting explicit consent. Specifically, as security researchers at Jamf explain , versions of the XCSSET malware hunt for installed apps for which the targeted user may already have granted permission to

Malware 145

Malware Passwords Software 145

Tech Republic Security

MAY 25, 2021

Adding statistical noise to a data set can guarantee that there are no accidental information leaks. It's a difficult task, made easier by the open-source SmartNoise framework.

133

133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Google Security

MAY 25, 2021

Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler Today, we are sharing details around our discovery of Half-Double , a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory. Rowhammer is a DRAM vulnerability whereby repeated accesses to one address can tamper with the data stored at other addresses.

Manufacturing 145

Manufacturing Engineering IoT Mobile 145

Tech Republic Security

MAY 25, 2021

Criminals send ransom demands not only to the attacked organization but to any customers, users or other third parties that would be hurt by the leaked data.

Ransomware 141

Ransomware 141

We Live Security

MAY 25, 2021

You would do well to update to macOS Big Sur 11.4 post-haste. The post Apple fixes macOS zero‑day bug that let malware take secret screenshots appeared first on WeLiveSecurity.

Malware 145

Malware 145

Bleeping Computer

MAY 25, 2021

VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. [.].

144

144

Webroot

MAY 25, 2021

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous term; everyone wants it to be better, but what exactly does that mean? And how do you properly measure it?

Phishing 143

Phishing DNS Backups Cyber threats 143

Security Affairs

MAY 25, 2021

Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is aware of a report that this issue may have been actively exploited.” reads the security advisories published by Apple for the abov

Malware 143

Malware Cryptocurrency Ransomware Encryption 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

MAY 25, 2021

This blog was written by an independent guest blogger. A staggering $1.9 billion in cryptocurrency was stolen by criminals in 2020, a recent report by Finaria reveals. Fortunately, despite the growth of the crypto market, crypto crime has decreased by 57% since 2019, dropping to $1.9 billion. The widespread recent implementation of stronger security measures also means crypto-criminals stole 160% more in value in 2019 than in 2020, despite the similar number of crimes.

Cryptocurrency 142

Cryptocurrency Risk Cybersecurity Marketing 142

CSO Magazine

MAY 25, 2021

Victim shaming is never OK. Unfortunately, in some organizations, employees who fall victim to a social engineering ploy that leads to a ransomware attack are blamed for their actions. “Shaming and blaming somebody for being attacked doesn’t teach anybody and it's certainly not going to make that organization better apt to take care of themselves in the future,” said Mat Gangwer, Senior Director of Managed Threat Response at Sophos.

Social Engineering 140

Social Engineering Engineering Phishing Ransomware 140

SC Magazine

MAY 25, 2021

National Institute for Standards and Technology headquarters in Maryland. NIST will finalize “post-quantum” cryptography standards later this year (NIST). A years-long project by the federal government to develop new “post-quantum” cryptography standards will be finalized later this year, according to an official at the National Institute for Standards and Technology.

Technology 139

Technology Government Encryption Backups 139

Security Boulevard

MAY 25, 2021

If you track 2,635 cybersecurity companies, as I do, how do you know which ones to pay attention to? Those with PR teams that reach out to brief you? They often have a great story to tell and have some interesting new technology to demonstrate. New funding rounds at high valuations? That can be a. The post Top 20 Fastest Growing Cybersecurity Companies in Q1 2021 appeared first on Security Boulevard.

Cybersecurity 135

Cybersecurity Technology Mobile Network Security 135

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Hot for Security

MAY 25, 2021

Microsoft is preparing to retire the Internet Explorer 11 browser on June 15, 2022, but there are a few important caveats. If we consider those exceptions, it looks like IE will be around in some capacity even past then. Everyone knew the day would come when Microsoft finally ditched the old Internet Explorer browser. The company has been working towards this goal for some time and has built a replacement browser based on Chromium, like many available alternatives. “With Microsoft Edge cap

Internet 126

Internet Internet IoT Marketing 126

SC Magazine

MAY 25, 2021

Average total annual financial loss for companies from compromised cloud accounts is more than $500,000, according to new research. (Sean Gallup/Getty Images). Average total annual financial loss for companies from compromised cloud accounts is more than $500,000, according to new research. . The findings came from a survey of 600 IT and security professionals in the U.S. jointly produced by Proofpoint and the Ponemon Institute.

Accountability 125

Accountability Architecture Risk Media 125

Hot for Security

MAY 25, 2021

We’re 15 months into the pandemic, and although many have learned to embrace work-from-home and social distancing measures, the struggles of isolation and lack of social contact have carved deep wounds into our psyche. Stuck at home with limited social interactions, individuals have found refuge online, spending hours in front of their screens.

Cybersecurity 124

Cybersecurity Identity Theft Digital transformation Media 124

Bleeping Computer

MAY 25, 2021

Microsoft has fixed a known Windows 10 issue that would lead to FLAC encoded music files becoming corrupted when changing their title, artist, or other metadata in File Explorer. [.].

123

123

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 25, 2021

Cloud threats are on the rise. At any point in time, sensitive data can move between 2,481 different cloud apps and services, making it a prime target for cybercriminals. A recent study by McAfee concluded that there’s been a 630% rise in cyberattacks on cloud services since January 2020. According to industry research, cloud breaches. The post Five Most Common Cloud Threats appeared first on Security Boulevard.

Cybersecurity 123

Cybersecurity 123

SC Magazine

MAY 25, 2021

Hackers with minimal experience and technical expertise are increasingly targeting industrial networks, driving a new wave of low sophistication OT breaches that researchers tells SC Media is a strong learning opportunity for criminals looking to monetize their work. The low sophistication attacks, which are outlined by Mandiant in a new blog post released Tuesday, encompass simpler attacks, where actors with varying levels of skill and resources use common IT tools and techniques to gain access

Media 121

Media Internet Internet Engineering 121

Security Affairs

MAY 25, 2021

Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Once activated, the Home Network Security station scans all traffic passing in and out of your home network, allowing it to prevent intrusions, block hacking attempts, and web threats as

Network Security 119

Network Security Authentication Firmware Passwords 119

CSO Magazine

MAY 25, 2021

CISOs will have to manage new security challenges in a post-pandemic world. Reconfigured workplaces and employee health considerations, as well as increased threats, have been foisted on organizations just as many security workers are feeling tired and stressed out, according to experts speaking at last week’s RSA Conference. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ].

CISO 115

CISO CSO Cybersecurity 115

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

MAY 25, 2021

The audio equipment manufacturer Bose Corporation said it was the victim of a ransomware attack that took place earlier this year, on March 7. Bose Corporation has announced it was the victim of a ransomware attack that took place earlier this year, on March 7. According to the breach notification letter filed by Bose, the company was hit by a sophisticated cyber attack, threat actors deployed ransomware within its infreastructure. “I am writing to inform you that Bose Corporation, located

Ransomware 118

Ransomware Malware Cyber Attacks Backups 118

SC Magazine

MAY 25, 2021

The need to defend company networks can pile on stress for the security community. (Photo by Ian Gavan/Getty Images for Kaspersky Lab ). For security professionals, stress comes with the territory. But it’s hard to deny that the last year-and-a-half has been perhaps the most stressful and challenging period in the history of cybersecurity. COVID-19 threatened lives, livelihoods and companies security as employees migrated en masse to a work-from-home model.

InfoSec 113

InfoSec CISO Media Cybersecurity 113

Threatpost

MAY 25, 2021

Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.

Malware 110

Malware Hacking 110

Malwarebytes

MAY 25, 2021

Incognito mode is the name of Google Chrome’s private browsing mode, but it’s also become the catch-all term used to describe this type of web surfing, regardless of the browser being used. Some call it Private Mode, others call it Private Browsing. Apple almost certainly got there first , yet Chrome’s 2008 creation has largely become the generic name for all private browsing activity.

Accountability 111

Accountability Engineering VPN Media 111

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Hot for Security

MAY 25, 2021

As travel restrictions begin to ease, the UK’s national reporting center for fraud and cybercrime is warning the British public to watch out for holiday fraud. According to the latest public alert, holiday fraud has been a very lucrative business during the 2020-2021 financial year, inflicting losses of £2.2 million. Action Fraud says it had received 1,907 reports with an average loss of £1,242 per victim.

Advertising 111

Advertising Scams Media Cybercrime 111

CSO Magazine

MAY 25, 2021

A lack of cohesion between software development teams and cybersecurity functions compounds the software supply chain risks faced by organizations, making it all the more urgent for cybersecurity leaders and their teams to better engage with and educate developers. Standard cybersecurity awareness training won’t be effective with developers, experts say.

Software 109

Software Risk Cyber Risk Education 109

Security Boulevard

MAY 25, 2021

Imagine the following scenario. Following the Covid-19 outbreak, a local government website became the reliable central hub to communicate governmental information to its citizens. The information might vary from instructions for making an appointment to get vaccinated while under lockdown. One evening, on the nine o’clock news, the news anchor states that thousands of vaccines […].

DDOS 109

DDOS Government 109

Bleeping Computer

MAY 25, 2021

Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum. [.].

Data breaches 125

Data breaches Hacking 125

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.