Adam Levin
MARCH 31, 2022
When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are: Keep at least three copies of your data: The emphasis here is on at least. Backups are inherently fallible, and can fall prey to malware, ransomware, power surges, and hardware failure. The only way to make sure your data is truly secured is by having backups of your backups.
Krebs on Security
MARCH 31, 2022
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 31, 2022
North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors.
The Last Watchdog
MARCH 31, 2022
Cybersecurity has never felt more porous. You are no doubt aware of the grim statistics: •The average cost of a data breach rose year-over-year from $3.86 million to $4.24 million in 2021, according to IBM. •The majority of cyberattacks result in damages of $500,000 or more, Cisco says. •A sobering analysis by Cybersecurity Ventures forecasts that the global cost of ransomware attacks will reach $265 billion in 2031. • The FBI reports that 3,000-4,000 cyberattacks are counted each day.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 31, 2022
The two tech companies are believed to have provided hacker groups with user information as part of the impersonation. The post Apple and Meta shared data with child hackers pretending to be law enforcement appeared first on TechRepublic.
Veracode Security
MARCH 31, 2022
Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite serious depending on your organization’s use of Spring Framework.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
MARCH 31, 2022
By Chester Avey. The Covid-19 pandemic has caused seismic change for business. Not only have markets and industries had to find ways to adapt, but companies of all sizes have faced an unprecedented scenario. It can be easy to understand then, that cybersecurity may not have been a huge priority for businesses . However, it has now been well established that over the period of the pandemic there has been an enormous rise in cybercrime.
Tech Republic Security
MARCH 31, 2022
Quantum computing has the potential to unlock most of the encryption algorithms in use by companies today. What should IT professionals do to secure their information? The post Is 2022 the year encryption is doomed? appeared first on TechRepublic.
Security Boulevard
MARCH 31, 2022
As Women's History Month comes to an end, we reflect on the impact women have made in shaping our industry. At Contrast, women comprise more than a fourth of our workforce, and they are well represented across sales, customer success, marketing, human resources, finance, and product development. To celebrate Women's History Month, we invited some of our women in tech to give advice to others trying to break into the field.
CyberSecurity Insiders
MARCH 31, 2022
Laspsus$ ransomware group has revealed some details about its latest victim through its official telegram channel and Argentina-based IT and software firm Globant that has a global business presence seems to have become its latest victim. Lapsus$ claimed that it has stolen about 70GB of Globant’s data, including the company’s software source code, and threatened the company to release more details, if it doesn’t bow down to its ransom demands.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 31, 2022
Websites should be scanned regularly for malware. Jack Wallen shows you how to do this on Linux with the help of ISPProtect. The post How to scan your websites for malware with ISPProtect appeared first on TechRepublic.
eSecurity Planet
MARCH 31, 2022
As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent , according to HP Wolf Security research. And with many employees getting multiple emails per day, it’s easy for spam emails to slip their notice. Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020.
TrustArc
MARCH 31, 2022
The new path for consent & preference management. The ecosystem for gathering, storing, and managing consents and preferences is changing. This is what we know so far.
SecureList
MARCH 31, 2022
For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evolving.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
MARCH 31, 2022
From the afternoon hours of Tuesday, thousands of mobile users in United States received spam text from their phone numbers. And telecom company Verizon Wireless was forced to issue a public statement that some threat actors might have taken control of its servers to send spam to its users and diverting them to Russian state media network Channel One.
Security Boulevard
MARCH 31, 2022
Hackers have been spoofing email from police forces to steal personal data from big tech companies. The post Apple, Facebook Doxxed Users—via Fake Police EDRs appeared first on Security Boulevard.
Heimadal Security
MARCH 31, 2022
According to the Google Threat Analysis Group (TAG), a great number of threat actors are currently exploiting the event of the Russian invasion in Ukraine to launch phishing and malware cyberattacks against Eastern European and NATO countries. The cyberattacks also target Ukraine. As Google’s report reads: Government-backed actors from China, Iran, North Korea, and Russia, […].
PCI perspectives
MARCH 31, 2022
The PCI Security Standards Council has published the PCI Data Security Standard v4.0. The standard was developed with feedback from the global payments industry and provides a baseline of technical and operational requirements designed to protect account data.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
MARCH 31, 2022
New research from XM Cyber analyzing the methods, attack paths, and impacts of cyberattacks has discovered that attackers can compromise 94% of critical assets within just four steps of initial breach points. The hybrid cloud security company’s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-prem, multi-cl
SecureBlitz
MARCH 31, 2022
Here is a crypto trading bot review of Bitcoin Prime. Given their popularity, the rate at which cryptocurrencies get created and expanded is astounding. It has caught the interest of governments’ economic arms and individuals worldwide who want to apply it in their enterprises. Cryptocurrencies are remarkable commercial inventions. Given their intention to amass vast.
Security Boulevard
MARCH 31, 2022
Historically, the fear of cyberthreats put organizations and their IT departments on the defense. So much so they still strive to design security plans that try to protect every part of their infrastructure — data centers, assets, networks — everything.…. The post How Much is Enough? A Different Cybersecurity Risk Management Approach appeared first on LogRhythm.
CSO Magazine
MARCH 31, 2022
The Hive ransomware group has claimed to have stolen 850,000 personally identifiable information (PII) records from the Partnership HealthPlan of California (PHC). The data includes names, Social Security numbers, and addresses along with 400 GB of stolen files from the healthcare organization’s server, according to a post on Hive’s dark web site. The PHC has confirmed “anomalous activity on certain computer systems within its network.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
MARCH 31, 2022
The Chinese APT group known as Deep Panda has been spotted in a recent campaign targeting VMware Horizon servers with the Log4Shell exploit to deploy a novel rootkit named 'Fire Chili'. [.].
Security Boulevard
MARCH 31, 2022
Background: Over the past few days, the Zscaler ThreatLabz team has been closely monitoring the reports of potential RCEs in Spring Cloud Framework and Spring Cloud Function. Spring is an open-source lightweight Java platform which many developers use as their application development framework. As part of the Spring echo system, Spring Cloud is a component using which one can write cloud agnostics code or develop applications and make them working on well known cloud services such as AWS, Azure,
Bleeping Computer
MARCH 31, 2022
A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe. [.].
The Hacker News
MARCH 31, 2022
Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MARCH 31, 2022
A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month. [.].
Cisco Security
MARCH 31, 2022
How Cisco Secure helps customers navigate uncertain times. Security resilience is the ability to protect the integrity of every aspect of your business in order to withstand unpredictable threats or changes – and then emerge stronger. This has always been a requirement in cybersecurity, but recent events have made it more critical than ever. By now we all know that avoiding cyberattacks one hundred percent of the time is unrealistic.
Bleeping Computer
MARCH 31, 2022
Curiosity and a love of learning are definite advantages in the cybersecurity field, and reading and learning more about the subject is just a few clicks away. The world needs more people out there fighting cybercrime. Perhaps one of them could be you. [.].
Malwarebytes
MARCH 31, 2022
Calendars are a rich source of bad behaviour for scammers and spammers. They’re one of the most prolific tools the workplace has for collaborative actions and general cross-purpose messaging. They’ve been misused by bad actors for many years now, most commonly spamming unwary potential victims and leading them to bad times ahead. A brief history of calendar connivances.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
293 
Let's personalize your content