Schneier on Security

APRIL 30, 2021

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he made an application that was really just a script—code that tells another program what do rather than doing it itself—and didn’t include a standard ap

Internet 290

Internet Internet Malware 290

Hot for Security

APRIL 30, 2021

DigitalOcean, the popular cloud-hosting provider, has told some of its customers that their billing details were exposed due to what it described as a “flaw.” In an email sent out to affected users, DigitalOcean explained that an unauthorised party had managed to exploit the flaw to gain access to billing information between April 9 and April 22, 2021.

Data breaches 145

Data breaches Banking Accountability 145

Bleeping Computer

APRIL 30, 2021

Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. [.].

Engineering 145

Engineering Government Malware 145

Tech Republic Security

APRIL 30, 2021

Now that you have your Pritunl VPN server up and running, Jack Wallen shows you how to connect the client.

VPN 169

VPN 169

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

APRIL 30, 2021

Nitro Ransomware, a new variant of file encrypting malware is shaking up the internet by demanding Discord Nitro Gift Cards from victims instead of cryptocurrency. Researchers from MalwareHunterTeam have discovered this activity and discovered that the distributors of this malware are giving only 3 hours to buy the gift card after which the stolen data will leaked to the internet.

Ransomware 142

Ransomware Encryption Cryptocurrency Internet 142

Bleeping Computer

APRIL 30, 2021

Bank holding company First Horizon Corporation disclosed the some of its customers had their online banking accounts breached by unknown attackers earlier this month. [.].

Banking 144

Banking Accountability Hacking 144

Bleeping Computer

APRIL 30, 2021

The account information for almost 22 million ParkMobile customers is now in the hands of hackers and scammers after the data was released for free on a hacking forum. [.].

Accountability 138

Accountability Hacking 138

Security Boulevard

APRIL 30, 2021

Calling today’s modern business environment data-driven is stating the obvious. Data is at the core of most, if not every, business strategy, and for good reasons. Data allows leaders to base their decisions on facts, trends and statistics rather than gut feeling. But it’s more than just a tool to inform decision making; data is. The post How Private Cloud Enables Data Security appeared first on Security Boulevard.

Cybersecurity 132

Cybersecurity 132

CSO Magazine

APRIL 30, 2021

Researchers from Cybereason Nocturnus Team have detected anomalous characteristics in a newly discovered RoyalRoad weaponizer that delivers a previously undocumented backdoor. The researchers have been tracking recent developments in the RoyalRoad when they uncovered an attack targeting a Russian-based defense contractor. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ].

CSO 129

CSO Phishing Cybersecurity 129

Security Boulevard

APRIL 30, 2021

The COVID-19 pandemic has driven the world online in remarkable ways, forever changing the way we work, learn, and interact. The increased reliance on mobile applications is starkly apparent; mobile app usage grew 40% year-over-year in the second quarter of 2020, according to App Annie. In the recently released “Peril in a Pandemic: The State. The post Research Shows Glaring Mobile App Security Issues appeared first on Security Boulevard.

Mobile 127

Mobile Security Awareness Cybersecurity 127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

APRIL 30, 2021

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor. A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy.

Phishing 131

Phishing Malware Antivirus Encryption 131

Threatpost

APRIL 30, 2021

Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.

IoT 124

IoT 124

Bleeping Computer

APRIL 30, 2021

Ransomware gangs continue to target organizations large and small, including a brazen attack on the Washington DC police department. [.].

Ransomware 141

Ransomware 141

SC Magazine

APRIL 30, 2021

A signage of Microsoft is seen on March 13, 2020 in New York City. The IoT security team at the Microsoft Security Response Center said vulnerabilities discovered affect at least 25 different products made by more than a dozen organizations, including Amazon, ARM, Google Cloud, Samsung, RedHat, Apache and others. (Jeenah Moon/Getty Images). Microsoft researchers have discovered multiple memory allocation and remote code execution vulnerabilities in the operating systems for a wide range of comme

IoT 120

IoT Internet Internet Media 120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

APRIL 30, 2021

HP CISO Joanna Burkey sees a pivot to business partnership as vital for cybersecurity’s success. Inspiring women to join the sector is essential to this shift.

CISO 125

CISO Cybersecurity 125

Bleeping Computer

APRIL 30, 2021

Cryptocurrency trading platform Hotbit has shut down all services for at least a week after a cyberattack that down several of its services on Thursday evening. [.].

Cryptocurrency 122

Cryptocurrency 122

Security Boulevard

APRIL 30, 2021

Are you investing in cryptocurrency or thinking about it? Be sure to listen or watch our April monthly show for our top 3 ways to keep your cryptocurrency safe! ** Links mentioned on the show ** 10 Ways to Keep Your Cryptocurrency Safe [link] Beware of These Top Bitcoin Scams [link] 9 Best Crypto Wallets […]. The post 3 Ways to Keep Your Cryptocurrency Safe appeared first on The Shared Security Show.

Cryptocurrency 113

Cryptocurrency Scams Social Engineering Engineering 113

The Hacker News

APRIL 30, 2021

An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.

Ransomware 114

Ransomware VPN Cybersecurity 114

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

APRIL 30, 2021

As the digital threat landscape expands and poses new security threats, organizations are turning to digital innovation to meet their rapidly changing security needs. Many organizations are adopting multiple digital innovations, including 5G. However, with the incorporation of new devices into their networks, they are also introducing more edges and expanding the attack surface, posing new cybersecurity risks for their organizations.

Risk 110

Risk Cybersecurity 110

The Hacker News

APRIL 30, 2021

Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor.

Phishing 113

Phishing Data breaches Password Management Passwords 113

SC Magazine

APRIL 30, 2021

Gregory Touhill, former federal chief information security officer and deputy assistant Homeland Security secretary for cyber security operations, seen here at a House Foreign Affairs Committee hearing in 2015 in Washington, DC. Touhill was named director of Carnegie Mellon University’s CERT in April. (Photo by Mark Wilson/Getty Images). On April 21, Gregory Touhill was named as the new director of the Computer Emergency Readiness Team at the Software Engineering Institute (SEI), a non-pro

CISO 109

CISO Cybersecurity Artificial Intelligence Government 109

Security Boulevard

APRIL 30, 2021

I’m a firm believer that network security must be a layer in an overall security strategy. As cloud evolves, it’s hard not to notice the network security challenges in this domain. TL;DR: Kubernetes (K8s) has a built-in object (sort of) for managing network security (NetworkPolicy). While it allows the user to define the relationship between.

Network Security 109

Network Security Cybersecurity 109

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

APRIL 30, 2021

A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers. [.].

Encryption 106

Encryption Ransomware 106

Security Affairs

APRIL 30, 2021

Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws, collectively tracked as BadAlloc , affecting IoT and OT devices. The vulnerabilities could be exploited by attackers to bypass security controls to execute malicious code or trigger DoS conditions.

IoT 109

IoT VPN Firewall Risk 109

The Hacker News

APRIL 30, 2021

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash.

IoT 104

IoT Internet Internet Technology 104

Security Affairs

APRIL 30, 2021

UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue ( CVE-2021-20016 ) in SonicWall Secure Mobile Access (SMA) devices, fixed earlier this year, before the vendor addressed it.

Cybercrime 115

Cybercrime Ransomware Malware Mobile 115

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

APRIL 30, 2021

An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.

Ransomware 117

Ransomware 117

Malwarebytes

APRIL 30, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published advisory ICSA-21-119-04 about vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. Those operating systems and libraries are widely used in smart, Internet-connected “things” The number of affected devices could be enormous.

IoT 98

IoT Internet Internet Firewall 98

Security Boulevard

APRIL 30, 2021

This would be like a Civilian Cybersecurity Reserve and it would be voluntary and by invitation only. This would allow our national security agencies to have access to the qualified, capable, and service-oriented American talent necessary to respond when an attack occurs. The post The Civilian Cybersecurity Reserve: A National Guard-like program to address growing cybersecurity vulnerabilities faced by the U.S. government appeared first on Security Boulevard.

Government 98

Government Cybersecurity 98

Dark Reading

APRIL 30, 2021

Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later. What happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?

135

135

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.