Schneier on Security
JANUARY 19, 2022
Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didn’t make sense because it was far too labor intensive for that and — sorry to break it to you — your data isn’t worth all that much.
Tech Republic Security
JANUARY 19, 2022
A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
JANUARY 19, 2022
As we kick off 2022, it is a good time to think about what the next year will mean for the security industry. This next year is a critical time for our market. Over this past year, organizations of all types have increased their focus on cloud security. Still, there’s a long way to go, The post Multi-Cloud Security in 2022 appeared first on Security Boulevard.
CSO Magazine
JANUARY 19, 2022
Cybercrime is fueled by a complex ecosystem of criminal groups that specialize on different pieces of the final attack chains experienced by victims. There are the malware developers, the access brokers, the spammers, the private information sellers, the botnet operators, the malvertizers and more. One service that is often overlooked but still plays an important role in malware delivery are so-called traffic direction systems (TDS).
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
JANUARY 19, 2022
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.
CyberSecurity Insiders
JANUARY 19, 2022
VirusTotal, an anti-malware solution provider, is now offering a service that can collect credentials stolen by malicious software aka malware. And the Ireland-based company states that the info might have uploaded onto its cloud by its users to check whether it’s free from any kind of malware- without knowing a fact that it contains critical details.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
JANUARY 19, 2022
On Saturday night, January 15, Microsoft shook the cybersecurity world with a report that destructive wiper malware had penetrated dozens of government, non-profit, and IT organizations in Ukraine. This news capped a week of mounting apprehension of cyberattacks in Ukraine that could presage or accompany a real-world Russian military invasion of the country.
Bleeping Computer
JANUARY 19, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses. [.].
Malwarebytes
JANUARY 19, 2022
If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research Team has discovered a vulnerability in macOS, which allows malicious apps to successfully bypass a user’s privacy preferences. This means attackers could access personal data that was once private, as well as install a malicious app—or hijack one that’s already installed—to access the microphone to record conversations or capture screenshots of the user’s sc
The Hacker News
JANUARY 19, 2022
Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CSO Magazine
JANUARY 19, 2022
This past week has seen an inundation of notifications concerning Russia’s overt and covert efforts to set “their” stage to provide it with a pretext to invade Ukraine once again. The realpolitik of the Russian efforts and the media focus is on the likelihood of Russia taking this course of action. These preparatory actions include a widespread cyber component.
CyberSecurity Insiders
JANUARY 19, 2022
Red Cross, having its headquarters in Geneva, was hit by a cyber attack, exposing details of over 500,000 people to the hackers. The details that were accessed and stolen by the cyber criminals includes of missing persons during the time of natural disasters such as the latest Tonga Volcanic eruption propelled tsunami and families separated because of conflicts and information of people in detention.
InfoWorld on Security
JANUARY 19, 2022
In the wake of a recent incident that wreaked havoc on the NPM package registry, a new group of maintainers is reestablishing the Faker project, making it a community effort. The previous maintainer had sabotaged the Faker NPM package with malicious code, impacting more than 2,500 other NPM packages that depend on it. The Faker JavaScript library generates mock data for testing and development.
Security Boulevard
JANUARY 19, 2022
The two popular terms, cybersecurity and cloud security, are often used interchangeably. But do you know both are polar opposite in meaning and context? Yes, it’s true. Cybersecurity means securing computer networks against threats, network attacks, or unauthorized access. At […]. The post Difference Between Cybersecurity and Cloud Security appeared first on WeSecureApp :: Simplifying Enterprise Security!
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
TrustArc
JANUARY 19, 2022
When Google announced it would phase out support for third-party cookies, companies across industries were shocked and concerned about what this would mean for their advertising capabilities. Though the timeline for Google to follow through on this plan has been extended (yet again), we need to face this new reality and update our strategies to […].
Security Boulevard
JANUARY 19, 2022
These days WordPress infections are very common. In 2021, internetlivestats.com counted over 81 million websites hacked. If you’re one of the millions, you need to take action to fix and protect your site. Of course, a hacked site will put any site owner into panic mode. This article will provide insight on what to do if your website is hacked and how to move forward.
Dark Reading
JANUARY 19, 2022
Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware.
Security Boulevard
JANUARY 19, 2022
This article explains how a disk image can be taken from a virtual machine running on the public cloud. The acquired disk image can then be used with offline forensic tools like Autopsy and Encase. When to acquire a forensic image Cybercriminals often abuse services in the public cloud because of the low cost and […]. The post Taking Forensic Disk Images from the OVH Cloud appeared first on Rainbow and Unicorn.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
JANUARY 19, 2022
INTERPOL and the Nigerian Federal Police today announced the arrests of 11 business email compromise (BEC) actors in Nigeria as part of an international operation to disrupt and tackle sophisticated BEC cybercrime. Many of the suspects are thought to be members of SilverTerrier , a network known for BEC scams that have impacted thousands of companies globally.
Security Boulevard
JANUARY 19, 2022
2020 and 2021 saw more than their fair share of cybersecurity challenges, largely caused by the mass transition to remote work in response to the COVID-19 pandemic. As individuals and businesses rushed to ensure that work continued remotely during lockdowns, hackers were devising ways to take advantage of the resulting vulnerabilities. These issues, coupled with.
CSO Magazine
JANUARY 19, 2022
The words “chaos” and “engineering” aren’t usually found together. After all, good engineers keep chaos at bay. Yet lately software developers are deploying what they loosely call “chaos” in careful amounts to strengthen their computer systems by revealing hidden flaws. The results aren’t perfect – anything chaotic can’t offer guarantees– but the techniques are often surprisingly effective, at least some of the time, and that makes them worthwhile.
Bleeping Computer
JANUARY 19, 2022
A cyberattack on a Red Cross contactor has led to the theft of personal data for more than 515,000 people in 'Restoring Family Links,' a program that helps reunite families separated by war, disaster, and migration. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CSO Magazine
JANUARY 19, 2022
While this year’s Consumer Electronics Show was impacted by COVID, it didn’t stop Lenovo from announcing the first Microsoft Pluton-powered Windows 11 PCs. First announced in 2020, the Pluton is a security processor that Microsoft developed in partnership with AMD and Qualcomm to provide what they called “chip to cloud” security. Pluton is designed to eliminate opportunities for attackers to reduce the attack surface within Windows PCs.
Security Affairs
JANUARY 19, 2022
A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported. Box develops and markets cloud-based content management, collaboration, and file-sharing tools for businesses.
Heimadal Security
JANUARY 19, 2022
FIN8 is a financially motivated malicious actor who has been observed attacking financial institutions for numerous years, notably by deploying POS malware capable of stealing credit card information. As Antonia reports in her article, the financially motivated group FIN8 is notorious for organizing multiple customized phishing operations that are mostly targeting industries such as healthcare, entertainment, […].
Identity IQ
JANUARY 19, 2022
5 Data Breach Trends to Anticipate This Year. IdentityIQ. In its recent annual Data Breach Industry Forecast, credit reporting agency Experian made five predictions for cybercrime and data breach trends to expect this year. The report based their findings on new and emerging trends in finance and technology, continued disruption caused by the pandemic, increased global connectivity and other factors.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
JANUARY 19, 2022
Intel has entered the crypto mining market by launching a low power consuming silicon wafer that is aimed at those who make money through Crypto Mining. Dubbed as ‘Bonanza Mine’ Chip and to be beta launched in February this year, Intel aims to disrupt the Bitcoin mining has rates with its new product. Intel Bonanza Mine Processor will be unveiled first at the International Solid-State Circuits Conference (ISSCC) to be held on February 20th,2022 and will also reveal an Application Specific Integr
Heimadal Security
JANUARY 19, 2022
Cybercriminals take advantage of the popular instant messaging service dubbed Telegram for underground channels setup purposes. Their goal is to put for sale details of financial stolen data as pseudonym users become the buyers. Why Telegram Is Easily Abused by Hackers? According to BleepingComputer, one reason worth mentioning why threat actors manage easily to abuse […].
Security Boulevard
JANUARY 19, 2022
Deloitte today extended its portfolio of managed security services to include a managed extended detection and response (MXDR) offering that incorporates security monitoring and response capabilities developed by both Deloitte and its third-party partners. Curt Aubley, MXDR by Deloitte leader and a managing director for Deloitte Risk & Financial Advisory for Deloitte & Touche LLP, The post Deloitte Extends Managed Security Service to Include XDR appeared first on Security Boulevard.
The Hacker News
JANUARY 19, 2022
A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
314 
Let's personalize your content