Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone el

Mobile 339

Mobile Wireless Authentication Accountability 339

Daniel Miessler

MAY 19, 2021

Every year I like to look at Verizon’s DBIR report and see what kind of wisdom I can extract. This year they appear to have put in even more effort, so let’s get into it. The format is simple: a series of content extraction bullets, some analysis and commentary along the way, and then a quick summary of what I saw as the main takeaways. Content extraction.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Schneier on Security

MAY 19, 2021

Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance.

Surveillance 235

Surveillance 235

Tech Republic Security

MAY 19, 2021

Commentary: It's progress that President Biden's executive order recognizes the need to secure open source software. What it doesn't do is address the best way to accomplish it.

Software 207

Software 207

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Hot for Security

MAY 19, 2021

I hope you’re being cautious if you’re installing extensions from the Chrome Web Store for your browser and care about your online security. Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it.

Authentication 145

Authentication Accountability Software 145

Tech Republic Security

MAY 19, 2021

CISOs from Twitter, United Airlines and a Bain Capital partner discuss how to integrate security into all aspects of an organization at Rubrik's FORWARD conference Tuesday.

CISO 196

CISO Ransomware 196

Tech Republic Security

MAY 19, 2021

SSH keys can be used in Linux or operating systems that support OpenSSH to facilitate access to other hosts without having to enter a password. Here's how to do it.

Passwords 161

Passwords 161

Bleeping Computer

MAY 19, 2021

A recent Windows 10 1909 cumulative update prevents Microsoft 365 desktop users from logging into Microsoft Teams, Microsoft Outlook, and Microsoft OneDrive for Business. [.].

142

142

Tech Republic Security

MAY 19, 2021

As businesses move to the cloud, threat actors have kept pace, which makes their attacks harder to detect and more effective than ever.

Software 159

Software 159

SC Magazine

MAY 19, 2021

Thanks to a rapid shift to remote work, Zero Trust is finally garnering the attention it deserves. With its tailored controls, micro-perimeters and trust-nothing approach to access, Zero Trust gives CISOs confidence that their security program can secure their remote workforce and meet regulatory compliance requirements. Built on an identity-centric framework for security, Zero Trust completely transforms both current and legacy IT models.

CISO 134

CISO CSO Architecture IoT 134

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MAY 19, 2021

The company unveiled the features at its FORWARD conference, where Snowflake CEO Frank Slootman discussed why it's good to be "anxious and paranoid.

Ransomware 148

Ransomware 148

Bleeping Computer

MAY 19, 2021

Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. [.].

134

134

Tech Republic Security

MAY 19, 2021

Security expert says non-fungible tokens are a really exciting possibility for artists, but they can be stolen. He offers some ways to keep them secure.

142

142

Bleeping Computer

MAY 19, 2021

The US House Committee on Homeland Security has passed five bipartisan bills on Monday to bolster defense capabilities against cyber attacks targeting US organizations and critical infrastructure. [.].

Cyber Attacks 132

Cyber Attacks 132

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MAY 19, 2021

The HIPAA Journal reported that “2020 was the worst ever year for healthcare industry data breaches.” In the US alone, there were 642 reported data breaches in which the number of records stolen exceeded 500, and in total, nearly 29.3 …. The post Healthcare cybersecurity: Our 6-step plan to secure healthcare data appeared first on ManageEngine Blog.

Healthcare 129

Healthcare Cybersecurity Data breaches 129

Bleeping Computer

MAY 19, 2021

Popular German cloud hosting and dedicated server provider Hetzner has banned cryptomining on its servers after users have been using their large storage devices to mine Chia. [.].

Cryptocurrency 128

Cryptocurrency Technology 128

Tech Republic Security

MAY 19, 2021

Cybercriminals are increasingly using email as an easy and effective way to infect computers with malware and trick potential victims with phishing scams, says Trustwave.

Scams 115

Scams Phishing Malware 115

The Hacker News

MAY 19, 2021

DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. "In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said.

Ransomware 127

Ransomware Cybercrime 127

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 19, 2021

Cybereason is excited to announce it was named a finalist in the Best Endpoint Security category of the 2021 SC Awards Europe competition. Winners will be announced June 8, 2021. Earlier this year, Cybereason was named a finalist for Best Enterprise Security product with SC Awards U.S. The post SC Awards Europe: Cybereason Named Finalist for Best Endpoint Security appeared first on Security Boulevard.

122

122

Quick Heal Antivirus

MAY 19, 2021

Microsoft has finally released its new update for Windows 10 PCs, called Windows 10 May 2021 Update (version. The post Quick Heal Supports Windows 10 May 2021 Update (Version 21H1) appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

121

121

Tech Republic Security

MAY 19, 2021

Jack Wallen installed 1Password on Linux and found it to be a fantastic solution for password management. Follow his tutorial on how to get this proprietary solution installed on your open source OS.

Password Management 106

Password Management Passwords 106

Bleeping Computer

MAY 19, 2021

Microsoft is finally retiring Internet Explorer 11 from some Windows 10 versions and replacing it with the Chromium-based Microsoft Edge. [.].

Internet 133

Internet Internet 133

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Tech Republic Security

MAY 19, 2021

When an organization becomes aware of a new attack, spreading the word helps the community get ahead of threats before they get worse.

123

123

Malwarebytes

MAY 19, 2021

Royal Mail phish scams are still in circulation, slowly upgrading their capabilities with evasion tools deployed in far more sophisticated malware attacks. Often, the quality of sites we see varies greatly. Many fake Royal Mail pages are cookie-cutter efforts existing on borrowed time. The operators know their scam is a case of here today, gone tomorrow.

Phishing 112

Phishing Scams Malware Mobile 112

Tech Republic Security

MAY 19, 2021

Criminals can launder money through NFTs and even steal them. One expert says there are some ways to keep yours safe.

Cybersecurity 132

Cybersecurity 132

PCI perspectives

MAY 19, 2021

Just prior to the onset of the COVID-19 pandemic in India, Neha Abbad got an opportunity to work as a part of a high performing team at MattsenKumar Cyber Services in Gurgaon, a top metropolitan city of India. Accepting the challenge meant being separated from her family for months during the country-wide, pandemic-related lockdown. While difficult, the new work greatly inspired her and the support and encouragement from her seniors helped her build confidence that she had the capability to deli

113

113

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

MAY 19, 2021

Why intelligence sharing is important to help get ahead of attacks. If knowledge is shared with others, they can thwart attacks sooner.

Cybersecurity 121

Cybersecurity 121

Bleeping Computer

MAY 19, 2021

The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks. [.].

Ransomware 141

Ransomware 141

Threatpost

MAY 19, 2021

Work's being done with uber-lightweight nanoagents on every IoT device to stop malicious behavior, such as a scourge of botnet attacks, among other threats.

IoT 120

IoT Mobile Malware 120

Security Boulevard

MAY 19, 2021

Before diving into cyber security and how the industry is using AI at this point, let’s define the term AI first. Artificial Intelligence (AI), as the term is used today, is the overarching concept covering machine learning (supervised, including Deep Learning, and unsupervised), as well as other algorithmic approaches that are more than just simple […].

Artificial Intelligence 111

Artificial Intelligence Marketing 111

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.