Adam Levin

FEBRUARY 8, 2021

An Android app with over 10 million installations spread malware to its users in a recent update. Barcode Scanner is an app available in the Google Play store for Android devices. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. The app has been a popular download among Android users for several years and before the most recent update had never engaged in questionable practices.

Mobile 303

Mobile Advertising Malware Risk 303

Schneier on Security

FEBRUARY 8, 2021

Hackers are exploiting zero-day in SonicWall: In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.” In Monday’s update, SonicWall representatives said the company’s engineering team confirmed that the submission by NCC Group included a “critical zero-day” in the SMA 100 s

Hacking 291

Hacking Engineering Cybersecurity 291

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.

Phishing 256

Phishing Scams Banking Mobile 256

Schneier on Security

FEBRUARY 8, 2021

It seems to be the season of sophisticated supply-chain attacks. This one is in the NoxPlayer Android emulator : ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company’s official API (api.bignox.com) and file-hosting servers (res06.bignox.com). Using this access, hackers tampered with the download URL of NoxPlayer updates in the API server to deliver malware to NoxPlayer users. […].

Malware 226

Malware 226

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 8, 2021

A Comparitech report found that Japan and the UAE have the most expensive identities available on illicit marketplaces at an average price of $25.

216

216

Bleeping Computer

FEBRUARY 8, 2021

A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. [.].

145

145

The Hacker News

FEBRUARY 8, 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category.

Software 145

Software 145

Tech Republic Security

FEBRUARY 8, 2021

Cybersecurity expectations are vague, and that has to change if there is any chance of approaching a reasonable amount of cybersecurity.

Cybersecurity 196

Cybersecurity 196

Bleeping Computer

FEBRUARY 8, 2021

Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap. [.].

Hacking 144

Hacking 144

Tech Republic Security

FEBRUARY 8, 2021

The Global Risks Report highlights the onslaught of cyberattacks and a failure of governments to stop them.

Government 216

Government Cybersecurity Risk 216

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Graham Cluley

FEBRUARY 8, 2021

A remote hacker managed to gain access to computer systems at the water treatment plant in Oldsmar, Florida, and briefly increased the amount of sodium hydroxide in the water by a dramatic amount.

Authentication 145

Authentication Hacking 145

Tech Republic Security

FEBRUARY 8, 2021

Security is important in any organization, but getting employees to follow protocol can be a challenge. Tom Merritt offers five reasons why using fear-based motivation techniques is not ideal.

166

166

SC Magazine

FEBRUARY 8, 2021

A malicious hacker’s attempted poisoning of the Oldsmar, Florida water supply serves as a stark reminder of the potentially devastating consequences that can result from operating vulnerable and unsecured industrial controls in a critical infrastructure environment. Oldsmar and Pinellas County, Fla. officials today revealed that an unknown individual last Friday morning hijacked a remote access system used by employees at the city’s water treatment plant.

CISO 144

CISO Internet Internet Media 144

Tech Republic Security

FEBRUARY 8, 2021

Using psychology can help improve the odds of success against a cybercriminal's digital incursion.

Cybersecurity 216

Cybersecurity 216

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

We Live Security

FEBRUARY 8, 2021

A view of the Q4 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. The post ESET Threat Report Q4 2020 appeared first on WeLiveSecurity.

Threat Reports 144

Threat Reports Threat Detection 144

Tech Republic Security

FEBRUARY 8, 2021

Use these practical guidelines to determine if something's a great deal or too good to be true.

Scams 202

Scams 202

CyberSecurity Insiders

FEBRUARY 8, 2021

Social Media is being used to tear the fabric of society apart, says Gen Sir Patrick Sanders, the top general of Britain. In a candid interview given only to Skynews via Podcast, Gen. Sanders said that the threat is not the power plants or other critical infrastructure unlike seen in films. It is going to be launched through cyberspace triggering political unrest and economic issues among the populace.

Cyber Attacks 143

Cyber Attacks Media Hacking Cybersecurity 143

CSO Magazine

FEBRUARY 8, 2021

There are many reasons why enterprises are using cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) to facilitate web applications. Outsourcing to the cloud adds scalability, efficiency, and reliability, while also reducing workloads for IT teams. These are positives, for sure – but while enterprise IT leaders celebrate the benefits that the cloud brings to their businesses, they may be missing a big negative.

Architecture 137

Architecture 137

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

FEBRUARY 8, 2021

As the national infrastructure and the private companies operating in Sweden were being targeted on a constant note with cyber attacks, the government of Nordic nation has planned to establish a National Cyber Security Centre (NCSC) soon. The NCSC will be in lines with the cyber arm of UK’s GCHQ and will be managed by the Swedish Armed Forces (SAF) and the National Defence Radio Establishment, aka Signals Intelligence (Signit) branch of the SAF.

Cyber threats 134

Cyber threats Cyber Attacks Government Technology 134

Heimadal Security

FEBRUARY 8, 2021

As Daniel Wanderson wrote for Security Boulevard, a CEO must consider every aspect of his/her business – and cybersecurity is one of the most important ones since anyone can become the victim of a cyber attack. At any minute, you face external threats. At any minute, you face internal threats. It’s crucial to know how […]. The post Internal Threats: A Major Risk to Any Business appeared first on Heimdal Security Blog.

Risk 135

Risk Cyber Attacks Cybersecurity Education 135

CyberSecurity Insiders

FEBRUARY 8, 2021

Reuters’ published a news article saying Brazil’s electro-nuclear power plant was hit by a ransomware attack, bringing down the operations to a halt on a partial note. And an official confirmation says that the attack was launched by notorious North Korean Lazarus hacking group that is known for its social engineering attacks such as the Wannacry 2017.

Ransomware 134

Ransomware Social Engineering Cryptocurrency Cybercrime 134

Security Boulevard

FEBRUARY 8, 2021

Users create content on a daily basis. Much of this content has no long-term value and is not business-critical; however, a small percentage is key to running operations. Some of it contains sensitive client information. Some of it contains intellectual property. If this data goes missing or falls into the wrong hands due to a. The post 3 Critical Data Security Strategies for 2021 appeared first on Security Boulevard.

Cyber threats 132

Cyber threats Ransomware Malware Cybersecurity 132

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

FEBRUARY 8, 2021

Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update. [.].

Malware 130

Malware 130

CSO Magazine

FEBRUARY 8, 2021

What will your worklife be like years from now? Today's work-from-home world has given us a glimpse of the future, as these five articles from CIO, Computerworld, CSO, InfoWorld, and Network World illustrate.

CSO 131

CSO 131

CyberSecurity Insiders

FEBRUARY 8, 2021

Chinese Cybersecurity firm Qihoo 360 has discovered a new malware campaign that is being infecting vulnerable android devices, turning them into devices that can be used in automated Distributed Denial of Service(DDoS) campaigns. According to the research conducted by Qihoo, the malware dubbed as Matryosh is found reusing Mirai Botnet Framework to self multiply itself through vulnerable Android Debug Bridge (ADB) interface and keeping its activities discrete by masking its operations with the us

Malware 131

Malware Mobile DDOS Cryptocurrency 131

Security Boulevard

FEBRUARY 8, 2021

A day when the world comes together with one vision: Making online experiences better and safer for everyone! The internet Continue reading. The post Safer Internet Day: The Future is Digital, Let’s Keep it Safe! appeared first on Kratikal Blog. The post Safer Internet Day: The Future is Digital, Let’s Keep it Safe! appeared first on Security Boulevard.

Internet 130

Internet Internet 130

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

FEBRUARY 8, 2021

Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016 , Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are being targeted by state-sponsored attacks.

System Administration 128

System Administration Hacking Cyber threats Accountability 128

Security Boulevard

FEBRUARY 8, 2021

Has COVID-19 really changed the way we work and think about cybersecurity? As we approach the first anniversary of shutdowns and mandatory work-from-home (WFH) orders, it might be a little too early for a definitive answer. But research from Siemplify hints that on-premises SOCs will be a thing of the past. A little more than. The post Remote SecOps May Improve Cloud Security appeared first on Security Boulevard.

Cybersecurity 126

Cybersecurity Mobile Network Security 126

The State of Security

FEBRUARY 8, 2021

On February 9, 2021, the world will celebrate the 18th iteration of Safer Internet Day. It’s an opportunity for everyone to recognize the importance of staying safe online. It’s also a reminder that all of us play a part in making the web a safer place. One of the ways we can observe Safer Internet […]… Read More. The post Social Media Best Practices for Safer Internet Day appeared first on The State of Security.

Internet 126

Internet Internet Media 126

SC Magazine

FEBRUARY 8, 2021

Every time a driver buckles up or an airbag is deployed we see the powerful influence of the insurance companies who insisted those measures become mandatory. Now, those insurers are poised to drive cybersecurity investment by insisting that organizations meet certain criteria to qualify for coverage. Still unclear is whether this will serve the cybersecurity community well, or distort strategies to protect data and networks. “I believe this to be the next tectonic shift,” said Bryan Hurd,

Insurance 126

Insurance Cyber Insurance Cybersecurity Government 126

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.