Tue.Jan 25, 2022

article thumbnail

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.

article thumbnail

Merck Wins Insurance Lawsuit re NotPetya Attack

Schneier on Security

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses

Insurance 174
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

3 Common Cloud Misconfigurations to Avoid

Security Boulevard

One way or another, cloud infrastructure has firmly entrenched itself as a crucial component for almost all organizations, and public cloud spending is expected to continue to skyrocket over the next five years. As with any organization-wide adoption program, cloud infrastructure initiatives require extensive planning to embrace and expand the scope successfully and securely.

Risk 141
article thumbnail

Using the NIST Cybersecurity Framework to address organizational risk

CSO Magazine

The U.S. federal government has been very active the past year, particularly with the cybersecurity executive order (EO) and associated tasks and goals that have come out of it. One framework and industry source that has been getting increased attention is the NIST Cybersecurity Framework (CSF). The CSF came out of another EO, 13636, which is from 2013 and directed NIST to work with stakeholders to develop a voluntary framework for reducing risk to critical infrastructure.

Risk 130
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

More than 40 billion records exposed in 2021

Security Boulevard

Security Brief Asia is reporting on new research showing more than 40 billion records were exposed by data breaches in 2021. According to the research from Tenable's Security Response Teams, they found a considerable increase in breach incidents, with 1,825 breach data incidents publicly disclosed between November 2020 and October 2021, compared with the same period in 2020, which saw 730 publicly disclosed events with just over 22 billion records exposed. .

article thumbnail

The Benefits of Using a VPN on Your Home Network

Webroot

If you’ve considered using a virtual private network (VPN) at all, it’s likely to establish a secure connection while working remotely or to connect to public networks. But privacy enthusiasts appreciate the benefits of a VPN even from the comfort of their own homes. Depending on your level of comfort with your internet service provider (ISP) – and what country you live in – setting one up for your household may be a smart bet.

VPN 125

More Trending

article thumbnail

Is Google tracking your location even when you think you’ve turned it off? US states sue over “deception”

Graham Cluley

Four US states have launched a law suit against Google, claiming that the technology giant continued to track users' location, even when they users had asked it not to.

article thumbnail

Android Malware BRATA Is More Dangerous than Ever

Heimadal Security

The latest version of the BRATA malware includes new and dangerous capabilities, such as GPS tracking, the ability to use various communication channels, and a function that wipes all evidence of malicious activity from the machine. More on BRATA RAT BRATA (Brazilian Remote Access Tool Android), discovered in 2019, is a malware that was developed […].

Malware 114
article thumbnail

No Excuses: Get Your (ISC)² Certification Done in 2022

CyberSecurity Insiders

The need is real. The shortage of cybersecurity talent presents a clear and present danger in virtually every corner of the globe as bad actors plot their next move. How wide is the gap? Recent research shows the cyber workforce must grow by 65 percent to adequately defend organizations’ critical assets.*. No excuses — now is your time to commit to certification.

article thumbnail

Global Affairs Canada Was Recently Hit by a Cyberattack

Heimadal Security

The Government of Canada’s Department of Foreign Affairs and Trade is responsible for the country’s diplomatic and consular relations, foreign trade, and the oversight of international development and humanitarian aid programs. What Happened? Following an attack on Global Affairs Canada (GAC) systems last week, the organization experienced service disruption.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

IBM develops a Cyber Resilience Center for Los Angeles

CyberSecurity Insiders

International Business Machines, shortly known as IBM, has developed a Cyber Resilience Center (CRC) for the Port of Los Angeles that will help in thwarting cyber threats that could negatively affect the free flow of cargo. Nowadays, most of the ports in the world are automated, as they need to handle and distribute tons of cargo with a specified business time frame.

article thumbnail

Critical SonicWall RCE Bug Actively Targeted by Threat Actors

Heimadal Security

A critical SonicWall RCE bug is now on the radar of hackers, as these are massively trying to exploit it. The vulnerability is related to the Secure Mobile Access (SMA) gateways of SonicWall and was addressed by the company in the month of December 2021 for which CVE-2021-20038 was assigned. More Details about the SonicWall […]. The post Critical SonicWall RCE Bug Actively Targeted by Threat Actors appeared first on Heimdal Security Blog.

Mobile 104
article thumbnail

Top 5 Gaming Cybersecurity Trends for the year 2022 that you Need to Know

Appknox

If we talk about industries that have skyrocketed immensely in recent times, mobile gaming would certainly top the list. However, as fun and profitable mobile games are for users and business owners, they involve unimaginable security risks. Mobile games involve volumes of sensitive user and business data and provide a very profitable setting for cybercriminals to take advantage of.

Mobile 105
article thumbnail

Watering hole deploys new macOS malware, DazzleSpy, in Asia

We Live Security

Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs. The post Watering hole deploys new macOS malware, DazzleSpy, in Asia appeared first on WeLiveSecurity.

Malware 104
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Volkswagen fires employee for exposing Cyber Security Vulnerabilities

CyberSecurity Insiders

Volkswagen(VW) has fired an employee for raising concerns over vulnerabilities existing in the firm’s payment platforms. The world’s largest carmaker said that the issue was dismissed and the senior employee in question was fired because of some disagreement in work culture. Cybersecurity Insiders has learnt that the employee was fired for alerting the management about susceptibilities in Volkswagen Payments SA, now a part of JP Morgan since Sept 2021.

Media 99
article thumbnail

Google Drive flags nearly empty files for 'copyright infringement'

Bleeping Computer

Users were left startled as Google Drive's automated detection systems flagged a nearly empty file for copyright infringement. The file, according to one Drive user, contained nothing other than just the digit "1" within. [.].

99
article thumbnail

Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks

The Hacker News

A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong.

Malware 98
article thumbnail

UK govt releasing Nmap scripts to find unpatched vulnerabilities

Bleeping Computer

The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads UK's cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks. [.].

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Log4j, SBOMs and Secure Code Libraries

Security Boulevard

Deb Radcliff interviews Mike Manrod , CISO, and Christian Taillon , IT security engineer at Grand Canyon Education. The post Log4j, SBOMs and Secure Code Libraries appeared first on Security Boulevard.

CISO 98
article thumbnail

Linux system service bug gives you root on every major distro

Bleeping Computer

A vulnerability in the pkexec component that is present in the default configuration of all major Linux distributions can be exploited to gain full root privileges on the system, researchers warn today. [.].

98
article thumbnail

Detect-and-Alert: Why It’s the Wrong Approach to Client-Side Web Attacks

Security Boulevard

Security vendor: “You want to buy some detect-and-alert?” You: “You don’t want to sell me detect-and-alert.” Security vendor (mind suddenly weakened): “I. I don’t want to sell you detect-and-alert.” You: “You want to go home and rethink your approach to 3rd party client-side risk.” Security vendor: “I want to go home and. The post Detect-and-Alert: Why It’s the Wrong Approach to Client-Side Web Attacks appeared first on Source Defense.

Risk 98
article thumbnail

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

The Hacker News

A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

New Year, New CVE: a Deep Dive into the ‘node-forge’ (CVE-2022-0122)

Security Boulevard

With over 16 Million weekly downloads, the important and widely-used "node-forge" component on npm implements key security functions, including Transport Layer Security protocol , cryptographic functions, and development tools for web apps in native JavaScript. The post New Year, New CVE: a Deep Dive into the ‘node-forge’ (CVE-2022-0122) appeared first on Security Boulevard.

98
article thumbnail

Missing Microsoft Intune certs break email, VPN on Samsung devices

Bleeping Computer

Microsoft says Samsung devices enrolled in Microsoft Intune using a work profile will experience email and VPN connectivity issues due to missing certificates after upgrading to Android 12. [.].

VPN 98
article thumbnail

ManagedMethods Named a Tech & Learning Awards of Excellence Best of 2021 Winner

Security Boulevard

Tech & Learning selects ManagedMethods as a standout product supporting teaching and learning in 2021 BOULDER, Colo.—January 25, 2022—ManagedMethods today announced the company has been named a winner in the Secondary Education category of the Tech & Learning Awards of Excellence Best of 2021. This awards program recognizes the educational technology that exceptionally supported teachers […].

article thumbnail

Celebrating Data Privacy Day – or is it Data Protection Day?

BH Consulting

Each year, on 28 January, Data Protection Day is celebrated globally. Back in April 2006, the Council of Europe decided to launch a Data Protection Day and it chose to commemorate the date when the Council of Europe’s data protection convention, known as Convention 108, was opened for signature. Every 28 January, governments, parliaments, national data protection bodies and other actors carry out activities to raise awareness about the rights to personal data protection and privacy.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Four Steps Manufacturers Can Take to Build a Robust Security Program

Security Boulevard

In the not-too-distant past, manufacturers spent the vast majority of their security resources on physical security. But now with the convergence of IT and OT (operational technology), that’s not an option. In fact, manufacturing was the second most-attacked industry in 20201 (we’re still waiting on 2021 figures). This means taking surface-level measures like air gapping….

article thumbnail

Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads

The Hacker News

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics.

98
article thumbnail

The Role of Functional Testing in Application Security

Security Boulevard

Learn about the importance functional testing plays in application security and how it can help ensure that newly introduced functionality does not introduce new vulnerabilities. The post The Role of Functional Testing in Application Security appeared first on Security Boulevard.

98
article thumbnail

Now jail for tech bosses in UK over Data Security concerns

CyberSecurity Insiders

Till date, the Online Safety Bill of UK did not hold any tech company bosses for failing to protect their user data. But now, the legislation is about to be amended in such a way that it is going to turn punitive and will propose a jail term for tech bosses who fail to comply with the latest rules. Meaning, all the companies that are offering online services including Facebook, YouTube, Google and Twitter will from now on prosecuted with not just a hefty fine accounting of billions of pounds, bu

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.