Wed.Jan 25, 2023

article thumbnail

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month.

article thumbnail

US Cyber Command Operations During the 2022 Midterm Elections

Schneier on Security

The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s offensive cyber operations during the runup to the 2022 midterm elections. He didn’t name names, of course: We did conduct operations persistently to make sure that our foreign adversaries couldn’t utilize infrastructure to impact us,” said Nakasone. “We understood how foreign adversaries utilize infrastructure throughout the world.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Survey: Cybersecurity budgets aren’t matching cybersecurity challenges

Tech Republic Security

A new study finds that due to the growing threat surface from hybrid work and third-party vendors, only half of organizations have the budget to meet current cybersecurity needs. The post Survey: Cybersecurity budgets aren’t matching cybersecurity challenges appeared first on TechRepublic.

article thumbnail

Layoffs in Cybersecurity: Uncovering the Devastating Impacts on Women and How to Mitigate them

Jane Frankland

As we kick off the beginning of a New Year, I’d like to share some disheartening news that I’m sure you won’t have missed: Tech layoffs and the potential negative effects on women. Unfortunately, this is an issue that will have grave impacts on our industry if not adequately addressed. In 2023, there will be widespread layoffs. We’re already seeing them, especially in the tech industry.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

The risks of 5G security

Tech Republic Security

Unless you've been living under a rock for the past decade, you’ve probably heard of 5G telecommunications. But what is it? The post The risks of 5G security appeared first on TechRepublic.

Risk 177
article thumbnail

AsyncRAT Analysis with ChatGPT

Quick Heal Antivirus

As cyber threats continue to evolve and become more sophisticated, it’s crucial for security researchers and professionals. The post AsyncRAT Analysis with ChatGPT appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

More Trending

article thumbnail

Cybersecurity is Facing a Cataclysmic Problem

Security Boulevard

At a time when cybersecurity threats are at an all-time high, an alarming statistic is emerging: Professionals in this field are experiencing high levels of stress and burnout. The post Cybersecurity is Facing a Cataclysmic Problem appeared first on Security Boulevard.

article thumbnail

US Federal agencies fall prey to Phishing Scam via Remote Management Software

CyberSecurity Insiders

United States Cybersecurity and Infrastructure Security Agency (CISA) along with two other agencies; National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a warning to federal agencies against a phishing scam taking place through Remote Monitoring and Management (RMM) Software. The advisory was issued after two government firms fell prey to the attack and more is being investigated.

Scams 134
article thumbnail

Veterans bring high-value, real-life experience as potential cybersecurity employees

CSO Magazine

Johanna Wood was an armored crewman with Lord Strathcona’s Horse, a Canadian Army regiment. At first glance, Wood’s military role may seem incompatible with civilian work; there’s not a lot of call for tank operators in private companies. But Wood believes her experience working in tanks gives her a significant edge as she enters the cybersecurity profession.

article thumbnail

Mastodon vs. Twitter: Know the differences

We Live Security

Looking for an alternative to Twitter and thinking about joining the folks flocking to Mastodon? Here’s how the two platforms compare to each other. The post Mastodon vs.

Media 128
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Microsoft 365 outage takes down Teams, Exchange Online, Outlook

Bleeping Computer

Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues. [.

140
140
article thumbnail

2023 Predictions: Emerging Tech & Global Conflict Bring New Cyber Threats

CyberSecurity Insiders

By Immanuel Chavoya, Emerging Threat Expert, SonicWall 2022 saw a shifting cybersecurity landscape as rising geopolitical conflicts brought new tactics, targets, and goals for cybercrime. According to recent threat intelligence from SonicWall, global ransomware attempts declined 31% YoY as cybercriminals and nation-state actors opted for never-before-seen malware variants, IoT malware, and cryptojacking in attacks motivated by financial gain and state-sponsored hacktivism.

article thumbnail

Hackers auction alleged source code for League of Legends

Bleeping Computer

Threat actors are auctioning the alleged source code for Riot Game's League of Legends and the Packman anti-cheat software, confirmed to be stolen in a recent hack of the game company's developer environment. [.

Software 128
article thumbnail

Skyhawk Security Adds Runtime Protection to Cloud Security Portfolio

Security Boulevard

Skyhawk Security this week added a runtime protection capability to its integrated cloud security portfolio. Skyhawk Security CEO Chen Burshan said the Synthesis Security Platform brings a cloud threat detection and response (CDR) capability to the cloud security posture management (CSPM) platform that Skyhawk previously made available. Skyhawk Security is also now making the core.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

CISA: Federal agencies hacked using legitimate remote desktop tools

Bleeping Computer

CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management (RMM) software for malicious purposes. [.

Hacking 121
article thumbnail

DDoS Attacks in 2022 Exceeded All Records, Says Russia’s Largest ISP

Heimadal Security

The largest Russian ISP, Rostelecom, reports that DDoS attacks against Russian businesses hit an all-time high in 2022. In distributed denial of service attacks (DDoS), threat actors try to make a website or service that uses the internet inaccessible by flooding it with so many requests that the server can’t accept any more connections. This […] The post DDoS Attacks in 2022 Exceeded All Records, Says Russia’s Largest ISP appeared first on Heimdal Security Blog.

DDOS 122
article thumbnail

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Security Boulevard

The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations. The post Lessons from Log4Shell: 4 key takeaways for DevSecOps teams appeared first on Security Boulevard.

Software 117
article thumbnail

Zacks Investment Research data breach affects 820,000 clients

Bleeping Computer

Hackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to 820,000 customers. [.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

PayPal Credential Stuffing Attacks Renew Calls for MFA

Security Boulevard

An internal review confirmed that on December 20, 2022, unauthorized parties could use account holders’ login credentials to access their PayPal accounts. In response to what is being called a credential stuffing attack, PayPal warned affected customers to take steps to protect their personal information. “No information suggesting that any of your personal information was.

article thumbnail

Chinese threat actor DragonSpark targets East Asian businesses

CSO Magazine

Organizations in Taiwan, Hong Kong, Singapore, and China have been recently facing attacks from Chinese threat actor DragonSpark. The threat actor was observed using the open-source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the remote access Trojan (RAT) attractive to threat actors.

114
114
article thumbnail

Learn cutting-edge ethical hacking techniques for just $39.99

Tech Republic Security

The 2023 Masters in Cyber Security Certification Bundle includes full online training prep for key cybersecurity exams. The post Learn cutting-edge ethical hacking techniques for just $39.99 appeared first on TechRepublic.

Hacking 97
article thumbnail

7 Ways To Improve Your Personal Security Right Now

Security Boulevard

Does waking up each morning to an earful about the latest cyber disasters leave you worried about your personal security? With all ransomware attacks, identity theft scams, and countries hacking one another, it's enough to make anyone wonder… How about starting off with a cup of clarity instead? In this blog post, we’ll cover [.] The post 7 Ways To Improve Your Personal Security Right Now appeared first on Hurricane Labs.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Attackers move away from Office macros to LNK files for malware delivery

CSO Magazine

For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism. This trend has led to the creation of paid tools and services dedicated to building malicious LNK files.

Malware 111
article thumbnail

Phishing Trends: 2019-2022

Security Boulevard

Bolster's 2022 report predicted the growth of cyberfraud in a digital-first society. Q3 2022 saw a new record high of 1.27M phishing attacks. Stay tuned for Bolster's 2023 report for more insights on evolving trends. The post Phishing Trends: 2019-2022 appeared first on Security Boulevard.

Phishing 109
article thumbnail

New Mimic Ransomware Abuses Everything APIs for its Encryption Process

Trend Micro

Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage.

article thumbnail

Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages

The Hacker News

A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017. According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named "track[.]violetlovelines[.]com" that's designed to redirect visitors to unwanted sites.

Hacking 108
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Vishing Financial Institutions

Security Boulevard

Social-Engineer, LLC (SECOM) actively works with financial institutions to test and give guidance on their employees’ resilience against phone phishing, […] The post Vishing Financial Institutions appeared first on Security Boulevard.

article thumbnail

New stealthy Python RAT malware targets Windows in attacks

Bleeping Computer

A new Python-based malware has been spotted in the wild featuring remote access trojan (RAT) capabilities to give its operators control over the breached systems. [.

Malware 111
article thumbnail

Tax Prep Checklist: What You Need to File Your Taxes and Help Prevent Tax Fraud

Identity IQ

Tax Prep Checklist: What You Need to File Your Taxes and Help Prevent Tax Fraud IdentityIQ With the New Year comes the time for filing your taxes. You should already be preparing to get your information together to file last year’s taxes. When the time comes to officially file, you do not want to end up with missing documents or information. This can significantly lengthen the filing process and even result in delays in getting a tax refund.

article thumbnail

CyberInsurance Predictions for 2023

Security Boulevard

It is difficult to predict with certainty what the top trends in cyberinsurance will be in 2023, as the field is constantly evolving and new developments are emerging all the time. However, based on current trends and expert analysis, there are several areas that are likely to be particularly important in the coming years. Here. The post CyberInsurance Predictions for 2023 appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?