Wed.Jan 25, 2023

article thumbnail

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month.

article thumbnail

US Cyber Command Operations During the 2022 Midterm Elections

Schneier on Security

The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s offensive cyber operations during the runup to the 2022 midterm elections. He didn’t name names, of course: We did conduct operations persistently to make sure that our foreign adversaries couldn’t utilize infrastructure to impact us,” said Nakasone. “We understood how foreign adversaries utilize infrastructure throughout the world.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Survey: Cybersecurity budgets aren’t matching cybersecurity challenges

Tech Republic Security

A new study finds that due to the growing threat surface from hybrid work and third-party vendors, only half of organizations have the budget to meet current cybersecurity needs. The post Survey: Cybersecurity budgets aren’t matching cybersecurity challenges appeared first on TechRepublic.

article thumbnail

Layoffs in Cybersecurity: Uncovering the Devastating Impacts on Women and How to Mitigate them

Jane Frankland

As we kick off the beginning of a New Year, I’d like to share some disheartening news that I’m sure you won’t have missed: Tech layoffs and the potential negative effects on women. Unfortunately, this is an issue that will have grave impacts on our industry if not adequately addressed. In 2023, there will be widespread layoffs. We’re already seeing them, especially in the tech industry.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The risks of 5G security

Tech Republic Security

Unless you've been living under a rock for the past decade, you’ve probably heard of 5G telecommunications. But what is it? The post The risks of 5G security appeared first on TechRepublic.

Risk 194
article thumbnail

AsyncRAT Analysis with ChatGPT

Quick Heal Antivirus

As cyber threats continue to evolve and become more sophisticated, it’s crucial for security researchers and professionals. The post AsyncRAT Analysis with ChatGPT appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

More Trending

article thumbnail

Cybersecurity is Facing a Cataclysmic Problem

Security Boulevard

At a time when cybersecurity threats are at an all-time high, an alarming statistic is emerging: Professionals in this field are experiencing high levels of stress and burnout. The post Cybersecurity is Facing a Cataclysmic Problem appeared first on Security Boulevard.

article thumbnail

US Federal agencies fall prey to Phishing Scam via Remote Management Software

CyberSecurity Insiders

United States Cybersecurity and Infrastructure Security Agency (CISA) along with two other agencies; National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a warning to federal agencies against a phishing scam taking place through Remote Monitoring and Management (RMM) Software. The advisory was issued after two government firms fell prey to the attack and more is being investigated.

Scams 134
article thumbnail

Veterans bring high-value, real-life experience as potential cybersecurity employees

CSO Magazine

Johanna Wood was an armored crewman with Lord Strathcona’s Horse, a Canadian Army regiment. At first glance, Wood’s military role may seem incompatible with civilian work; there’s not a lot of call for tank operators in private companies. But Wood believes her experience working in tanks gives her a significant edge as she enters the cybersecurity profession.

article thumbnail

2023 Predictions: Emerging Tech & Global Conflict Bring New Cyber Threats

CyberSecurity Insiders

By Immanuel Chavoya, Emerging Threat Expert, SonicWall 2022 saw a shifting cybersecurity landscape as rising geopolitical conflicts brought new tactics, targets, and goals for cybercrime. According to recent threat intelligence from SonicWall, global ransomware attempts declined 31% YoY as cybercriminals and nation-state actors opted for never-before-seen malware variants, IoT malware, and cryptojacking in attacks motivated by financial gain and state-sponsored hacktivism.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Mastodon vs. Twitter: Know the differences

We Live Security

Looking for an alternative to Twitter and thinking about joining the folks flocking to Mastodon? Here’s how the two platforms compare to each other. The post Mastodon vs.

Media 129
article thumbnail

Skyhawk Security Adds Runtime Protection to Cloud Security Portfolio

Security Boulevard

Skyhawk Security this week added a runtime protection capability to its integrated cloud security portfolio. Skyhawk Security CEO Chen Burshan said the Synthesis Security Platform brings a cloud threat detection and response (CDR) capability to the cloud security posture management (CSPM) platform that Skyhawk previously made available. Skyhawk Security is also now making the core.

article thumbnail

Microsoft 365 outage takes down Teams, Exchange Online, Outlook

Bleeping Computer

Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues. [.

136
136
article thumbnail

Learn cutting-edge ethical hacking techniques for just $39.99

Tech Republic Security

The 2023 Masters in Cyber Security Certification Bundle includes full online training prep for key cybersecurity exams. The post Learn cutting-edge ethical hacking techniques for just $39.99 appeared first on TechRepublic.

Hacking 106
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

DDoS Attacks in 2022 Exceeded All Records, Says Russia’s Largest ISP

Heimadal Security

The largest Russian ISP, Rostelecom, reports that DDoS attacks against Russian businesses hit an all-time high in 2022. In distributed denial of service attacks (DDoS), threat actors try to make a website or service that uses the internet inaccessible by flooding it with so many requests that the server can’t accept any more connections. This […] The post DDoS Attacks in 2022 Exceeded All Records, Says Russia’s Largest ISP appeared first on Heimdal Security Blog.

DDOS 115
article thumbnail

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Security Boulevard

The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations. The post Lessons from Log4Shell: 4 key takeaways for DevSecOps teams appeared first on Security Boulevard.

Software 119
article thumbnail

Chinese threat actor DragonSpark targets East Asian businesses

CSO Magazine

Organizations in Taiwan, Hong Kong, Singapore, and China have been recently facing attacks from Chinese threat actor DragonSpark. The threat actor was observed using the open-source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the remote access Trojan (RAT) attractive to threat actors.

114
114
article thumbnail

PayPal Credential Stuffing Attacks Renew Calls for MFA

Security Boulevard

An internal review confirmed that on December 20, 2022, unauthorized parties could use account holders’ login credentials to access their PayPal accounts. In response to what is being called a credential stuffing attack, PayPal warned affected customers to take steps to protect their personal information. “No information suggesting that any of your personal information was.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

New Mimic Ransomware Abuses Everything APIs for its Encryption Process

Trend Micro

Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage.

article thumbnail

Attackers move away from Office macros to LNK files for malware delivery

CSO Magazine

For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism. This trend has led to the creation of paid tools and services dedicated to building malicious LNK files.

Malware 111
article thumbnail

7 Ways To Improve Your Personal Security Right Now

Security Boulevard

Does waking up each morning to an earful about the latest cyber disasters leave you worried about your personal security? With all ransomware attacks, identity theft scams, and countries hacking one another, it's enough to make anyone wonder… How about starting off with a cup of clarity instead? In this blog post, we’ll cover [.] The post 7 Ways To Improve Your Personal Security Right Now appeared first on Hurricane Labs.

article thumbnail

Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages

The Hacker News

A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017. According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named "track[.]violetlovelines[.]com" that's designed to redirect visitors to unwanted sites.

Hacking 110
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Phishing Trends: 2019-2022

Security Boulevard

Bolster's 2022 report predicted the growth of cyberfraud in a digital-first society. Q3 2022 saw a new record high of 1.27M phishing attacks. Stay tuned for Bolster's 2023 report for more insights on evolving trends. The post Phishing Trends: 2019-2022 appeared first on Security Boulevard.

Phishing 111
article thumbnail

Tax Prep Checklist: What You Need to File Your Taxes and Help Prevent Tax Fraud

Identity IQ

Tax Prep Checklist: What You Need to File Your Taxes and Help Prevent Tax Fraud IdentityIQ With the New Year comes the time for filing your taxes. You should already be preparing to get your information together to file last year’s taxes. When the time comes to officially file, you do not want to end up with missing documents or information. This can significantly lengthen the filing process and even result in delays in getting a tax refund.

article thumbnail

Vishing Financial Institutions

Security Boulevard

Social-Engineer, LLC (SECOM) actively works with financial institutions to test and give guidance on their employees’ resilience against phone phishing, […] The post Vishing Financial Institutions appeared first on Security Boulevard.

article thumbnail

CISA: Federal agencies hacked using legitimate remote desktop tools

Bleeping Computer

CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management (RMM) software for malicious purposes. [.

Hacking 115
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

CyberInsurance Predictions for 2023

Security Boulevard

It is difficult to predict with certainty what the top trends in cyberinsurance will be in 2023, as the field is constantly evolving and new developments are emerging all the time. However, based on current trends and expert analysis, there are several areas that are likely to be particularly important in the coming years. Here. The post CyberInsurance Predictions for 2023 appeared first on Security Boulevard.

article thumbnail

Riot Games Receives a $10 Million Ransom Demand

Heimadal Security

Last week, video game developer Riot Games, which is behind popular games such as League of Legends and Valorant had its development environment compromised by threat actors through a social engineering attack. This week, the attackers demanded a $10 million ransom for source code stolen from League of Legends. The LA-based publisher took to Twitter […] The post Riot Games Receives a $10 Million Ransom Demand appeared first on Heimdal Security Blog.

article thumbnail

Exploit released for critical Windows CryptoAPI spoofing bug

Bleeping Computer

Proof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by the NSA and U.K.'s NCSC allowing MD5-collision certificate spoofing. [.

100
100
article thumbnail

WhatsApp hijackers take over your account while you sleep

Malwarebytes

Late last week, Twitter user Zuk ( @ihackbanme ) tweeted an issue about WhatsApp that has the potential to turn heads. The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with a pincode that says "Do not share this". You don't share it, yet you still get hacked.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.