Krebs on Security
SEPTEMBER 29, 2021
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.
Tech Republic Security
SEPTEMBER 29, 2021
Not all organizations have a team or even staffers who can focus solely on vulnerability management, says Trustwave.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
SEPTEMBER 29, 2021
A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. [.].
Malwarebytes
SEPTEMBER 29, 2021
Security and privacy advocates may have cause to worry after all: Portpass, a vaccine passport app in Canada, has been found to have been exposing the personal data of its users for an unknown length of time. On Monday, Canadian Broadcasting Corporation (CBC) received a tip that “the user profiles on the app’s website could be accessed by members of the public.” CBC won’t say how or where the data was found but does say it was unencrypted and could be viewed in plain text
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
SEPTEMBER 29, 2021
Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet set as a transit card. [.].
CSO Magazine
SEPTEMBER 29, 2021
Two-factor authentication (2FA) has been widely adopted by online services over the past several years and turning it on is probably the best thing users can do for their online account security. Faced with this additional hurdle that prevents them from exploiting stolen passwords, cybercriminals have had to adapt, too, and come up with innovative ways to extract one-time use authentication codes from users.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 29, 2021
The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access to a vulnerable device can access Notes via Siri/Voice Over.
Tech Republic Security
SEPTEMBER 29, 2021
Password managers are a good way to keep your passwords unique, strong and safe. Tom Merritt gives us five tips on how to use them correctly.
CyberSecurity Insiders
SEPTEMBER 29, 2021
London based Giant Group has confirmed that its IT infrastructure was suffering repercussions gained through a cyber attack on September 24th,2021 and all its phone, email and other payroll related servers were facing digital disruption. A statement on this note was posted on the website of GiantPay that confirms that the UK based Payroll firm was hit by a sophisticated attack that is being investigated by the security experts from the International Law Firm Crowell & Morning.
Security Affairs
SEPTEMBER 29, 2021
The U.S. CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions. Multiple attacks against private organizations and government entities, especially during the pandemic, were carried out by threat actors by exploiting vulnerabilities in popular VPN
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CSO Magazine
SEPTEMBER 29, 2021
We are often told that the cloud is more secure than on-premises solutions. But is it really? Both are subject to similar risks and vulnerabilities, and the cloud can sometimes be more complicated than on-premises because of our unfamiliarity with deployment and patching. [ Follow these 5 tips for better cloud security. | Get the latest from CSO by signing up for our newsletters. ].
CyberSecurity Insiders
SEPTEMBER 29, 2021
United States Senate has passed on a new resolution if/when approved will make it mandatory for owners of critical infrastructures to report cyber attacks within a time frame of 72 hours. A cyber incident bill dubbed as Defense Authorization Bill was put forward by the leaders of Senate Homeland Security and Governmental Affairs Committee and is waiting for a nod from the senior members of the senate.
Security Boulevard
SEPTEMBER 29, 2021
The ransomware economy is booming. Ransomware gangs are so successful that if cybercriminals were companies, some would be considered “unicorns.” Organized crime syndicates have taken over this highly lucrative extortion racket and are now running the ransomware economy at an industrial scale. The U.S. is reportedly hit by seven ransomware attacks every hour, with ransomware.
Bleeping Computer
SEPTEMBER 29, 2021
Russian law enforcement on Tuesday has arrested Ilya Sachkov, the co-founder and CEO of cybersecurity company Group-IB, on suspicion of high treason resulting from sharing data with foreign intelligence. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
SEPTEMBER 29, 2021
Cybersecurity researchers have found vulnerability on iPhone’s Apple Pay and Visa payments feature that allows hackers to make fraudulent contactless payments without the knowledge of the owner. A video proving this cyber incident is being circulated on the YouTube from the past 2 days and it claims that the cyber crooks can use simple radio equipment to make a payment in ‘express transit mode’, when in fact it is being paid to a nearby card.
Security Boulevard
SEPTEMBER 29, 2021
A look at key findings of a recent IDSA report to see how remote work has…. The post 93% of Security Professionals Say Their Identity Breaches Could Have Been Prevented appeared first on Ermetic. The post 93% of Security Professionals Say Their Identity Breaches Could Have Been Prevented appeared first on Security Boulevard.
Tech Republic Security
SEPTEMBER 29, 2021
The purchase of Singular Key will add to Ping's identity and access management service with a no-code method of creating workflows for identity verification for enterprises.
Security Boulevard
SEPTEMBER 29, 2021
Astro—Amazon’s new domestic security robot—is already attracting intense criticism. People think their privacy is at risk. The post Amazon Astro: ‘Privacy Nightmare’ in R2D2-Cute Package appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
SEPTEMBER 29, 2021
Over the past year we’ve seen an explosion in ransomware attacks – over 10x according to FortiGuard Labs – making the odds increasingly high that your organization will be attacked. In fact, a recent ransomware survey demonstrates that ransomware has become the top threat concern for most organizations globally.
Trend Micro
SEPTEMBER 29, 2021
We go into more detail about a fake version of the iTerm2 app that downloads and runs malware, detected by Trend Micro as TrojanSpy.Python.ZURU.A, which collects private data from a victim’s machine.
Cisco Security
SEPTEMBER 29, 2021
As we ride the biggest digital wave in history, the internet has become fundamental to how society maintains livelihoods, conducts business, and stays connected. With it, come a constant evolution of risk. Phishing, service disruptions, ransomware, and other attacks hijack data, destroy sources of income, steal identities and invade privacy, derail nations, and change the course of history.
Tech Republic Security
SEPTEMBER 29, 2021
Less than a third of the people surveyed by NordPass follow best practices when devising a password.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
SEPTEMBER 29, 2021
This blog was written by an independent guest blogger. The effects of the global pandemic pushed organizations to accelerate their digital transformation strategies. Because of this, companies in all industries were faced with an array of new technologies like cloud and containers that support the shift to edge computing and remote workers. With so much focus on these factors, companies often overlook some of the repercussions that come along with such rapid innovations.
Security Affairs
SEPTEMBER 29, 2021
Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide. Security researchers from Zimperium have uncovered a piece of malware, dubbed GriftHorse, that has infected more than 10 million Android smartphones across more than 70 countries. According to the experts, the malware campaign has been active since at least November 2020, threat actors are spreading via apparently harmless apps that were uploade
Heimadal Security
SEPTEMBER 29, 2021
The FinFisher surveillance solution was developed by the Gamma Group but it also comes with malware-like capabilities often found in spyware strains. Its creator claims it is only offered to government agencies and law enforcement organizations throughout the world, however cybersecurity firms have seen it being distributed through spearphishing campaigns and ISP infrastructure (ISPs).
CSO Magazine
SEPTEMBER 29, 2021
Even though jobs in cybersecurity pay well, far fewer women go into the field than men. According to the 2020 (ISC)² Cybersecurity Workforce Study , gender disparities persist around the globe. The highest percentage of women cybersecurity professionals is in Latin America, with 40%, while in North America the figure is just 21%. The results in Europe and Asia-Pacific are at 23% and 30% respectively.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
SEPTEMBER 29, 2021
Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications. [.].
Acunetix
SEPTEMBER 29, 2021
Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young information security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to work. Read more. The post Debunking 5 cybersecurity posture myths appeared first on Acunetix.
SecurityTrails
SEPTEMBER 29, 2021
We are excited to announce the immediate availability of our latest API integration into Palo Alto Networks Cortex XSOAR.
Bleeping Computer
SEPTEMBER 29, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
311 
Let's personalize your content