Thu.Oct 08, 2020

article thumbnail

CISA Warns Government Agencies of Increasing Emotet Attacks

Adam Levin

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of an increase in Emotet malware-based phishing attacks on state and local agencies. “Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats,” the alert stated.

article thumbnail

How to beef up cybersecurity in a remote work environment

Tech Republic Security

The goal is to not only secure your remote devices and endpoints but to make that security part of your overall strategy, says NordVPN Teams.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Azure Flaws Open Admin Servers to Takeover

Threatpost

Two flaws in Microsoft's cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.

Hacking 135
article thumbnail

Buyers beware: Hackers poised to make Amazon Prime Day into a prime phishing day

Tech Republic Security

Analysis of hundreds of millions of web pages found phishing and fraudulent sites using the Amazon brand and logos poised for big Prime Day sales, according to Bolster Research.

Phishing 185
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Data from Airlink International UAE leaked on multiple dark web forums

Security Affairs

Cybersecurity researchers from Cyble have spotted a threat actor sharing leaked data of Airlink International UAE for free on two different platforms. Cybersecurity researchers from Cyble have found a threat actor sharing leaked data of Airlink International UAE for free on two platforms on the dark web. The availability of the data on the dark web could pose organizations to serious risk, threat actors could use this data to carry out multiple malicious attacks.

article thumbnail

Password managers: A cheat sheet for professionals

Tech Republic Security

The sheer number of passwords the average person has can lead to confusion and tons of password retrieval emails. Simplify and secure your digital life by learning about password managers.

More Trending

article thumbnail

How SMBs can better protect their data from cyberattacks

Tech Republic Security

SMBs compromised by an effective cyberattack can not only lose data and suffer financially but go out of business entirely, says Infrascale.

206
206
article thumbnail

Springfield Public Schools district hit with ransomware

Security Affairs

The Springfield Public Schools district in Massachusetts was forced to shut down its systems after a ransomware attack and closed the schools. The Springfield Public Schools district, the third largest school district in Massachusetts, was forced to shut down its systems after a ransomware attack. The district, which has over 25,000 students, 4,500 employees, and more than sixty schools that were closed after the incident.

article thumbnail

Security pros: Cyber threats to industrial enterprises increase due to pandemic

Tech Republic Security

86% polled said their organization made cybersecurity a priority during the COVID-19 crisis and implemented appropriate training for remote workers, according to a report.

article thumbnail

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

Security Affairs

QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over NAS devices. QNAP has addressed two critical security vulnerabilities in the Helpdesk app that can potential allow threat actors to take over vulnerable QNAP network-attached storage (NAS) devices. Helpdesk is a built-in app that allows owners of QNAP NAS to directly submit help requests to the vendor from their NAS, to do this, the app has specific permission.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

COVID-19 budgets, data security, and automation are concerns of IT leaders and staff

Tech Republic Security

Dueling surveys from Kaseya showed that IT department leaders share their underlings' worries about security and productivity.

179
179
article thumbnail

MontysThree threat actor targets Russian industrial organizations

Security Affairs

A previously unknown threat actor, tracked as MontysThree , composed of Russian speaking members targets Russian industrial organizations. Kaspersky Lab researchers spotted a new threat actor, tracked as MontysThree , composed of Russian speaking members targets Russian industrial organizations. The MontysThree group used a toolset dubbed MT3 in highly targeted attacks with cyber espionage purposes.

Malware 100
article thumbnail

Cloud and remote work support strengthened US market performance

Tech Republic Security

The IT outlook for 2021, top trends and guidance as the enterprise prepares for "the next normal," according to a new report from IDC.

Marketing 170
article thumbnail

Behind Anduril’s Effort to Create an Operating System for War

WIRED Threat Level

The company, launched by Oculus cofounder Palmer Luckey, is building software to connect multiple Air Force systems—allowing officers to act more quickly.

Software 107
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Cisco Fixes High-Severity Webex, Security Camera Flaws

Threatpost

Three high-severity flaws exist in Cisco's Webex video conferencing system, Cisco’s Video Surveillance 8000 Series IP Cameras and Identity Services Engine.

article thumbnail

Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce

Dark Reading

Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds.

144
144
article thumbnail

Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks

Threatpost

A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Prime Day a field day for hackers.

Phishing 113
article thumbnail

Scale Up Threat Hunting to Skill Up Analysts

Dark Reading

Security operation centers need to move beyond the simplicity of good and bad software to having levels of "badness," as well as better defining what is good. Here's why.

Software 100
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

H&M Configuration Error Leads to $42 Million Privacy Fine

SecureWorld News

You come back from vacation and your boss asks about the trip. That's pretty nice. And when you come back from being out sick, your supervisor schedules a "welcome back" meeting with you to see how you are feeling and what was wrong. That sounds thoughtful. And then one day something happens at your office: you and your coworkers accidentally discover that the information from your chats with the boss are recorded in a corporate database.

article thumbnail

Android Ransomware Has Picked Up Some Foreboding New Tricks

WIRED Threat Level

While it's still far more common on PCs, mobile ransomware has undergone a worrying evolution, new research shows.

article thumbnail

RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims

Threatpost

Collectively, 240 fraudulent Android apps -- masquerading as retro game emulators -- account for 14 million installs.

article thumbnail

US Seizes Domain Names Used in Iranian Disinformation Campaign

Dark Reading

The US has seized 92 domain names used by Iran's Islamic Revolutionary Guard Corps to spread a worldwide disinformation campaign.

93
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

MontysThree APT Takes Unusual Aim at Industrial Targets

Threatpost

The newly discovered APT specializes in espionage campaigns against industrial holdings -- a rare target for spyware.

Spyware 85
article thumbnail

US Election-Related Websites Vulnerable to Fraud, Abuse

Dark Reading

New research finds the vast majority of reputable news, political, and donor-oriented sites don't use registry locks.

93
article thumbnail

HEH P2P Botnet Sports Dangerous Wiper Function

Threatpost

The P2P malware is infecting any and all types of endpoints via brute-forcing, with 10 versions targeting desktops, laptops, mobile and IoT devices.

IoT 74
article thumbnail

Your Next Move: Cybersecurity Specialist

CompTIA on Cybersecurity

Cyber-criminals are on the rise. If you have a passion for resolving highly complex issues, cybersecurity specialist might be the job for you.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Kaspersky Researchers Spot Russia-on-Russia Cyber-Espionage Campaign

Dark Reading

Steganography-borne malware used to spy on industrial targets in Russia.

Malware 101
article thumbnail

Roadmap to Avoiding Data Breach Litigation

SecureWorld News

The cybersecurity and data privacy industry is definitely a "growth industry." According to Forbes , the global cybersecurity market will be worth $173 billion in 2020, and looking to increase to $270B by 2026. So, it is not at all surprising that cybersecurity and data privacy are top priorities for the C-suite. The concerns are certainly well founded, as the number of cyberattacks are increasing, specifically this year where we see the number of cyberattacks has significantly increased since t

article thumbnail

ContentProvider Path Traversal Flaw on ESC App Reveals Info

Trend Micro

A flaw in how path traversal was coded in the health app led to possible data leakage.

Risk 87
article thumbnail

Key Considerations & Best Practices for Establishing a Secure Remote Workforce

Dark Reading

Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.