Krebs on Security

MAY 21, 2021

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants , an environmental engi

Scams 363

Scams Accountability Advertising Engineering 363

Schneier on Security

MAY 21, 2021

This seems to be a new tactic : Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B.

Encryption 351

Encryption Ransomware Malware 351

Bleeping Computer

MAY 21, 2021

The Federal Bureau of Investigation (FBI) says the Conti ransomware gang has attempted to breach the networks of over a dozen US healthcare and first responder organizations. [.].

Healthcare 144

Healthcare Ransomware 144

CyberSecurity Insiders

MAY 21, 2021

A data breach can potentially cripple your organization, so it’s crucial to set up firewalls and prop up valuable cyber defenses to protect sensitive data. However, not all cyber attacks occur digitally. For the most part, data leaks can still happen, even if you have the latest antivirus programs installed. Apart from malicious software, it’s also important to be mindful of how you and your employees are handling the physical devices that store sensitive information.

Cybersecurity 145

Cybersecurity Data breaches Cyber Attacks Antivirus 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MAY 21, 2021

QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices. [.].

Ransomware 141

Ransomware Accountability Internet Internet 141

Security Boulevard

MAY 21, 2021

Threat actors routinely impersonate brands as part of their attacks. Brand abuse can occur anywhere online, and impersonating a reputable company automatically gives credibility to a threat that might otherwise be instantly identified as suspicious. Because brand impersonation is so broadly used across the threat landscape, security teams need to have complete visibility into the top brand threats targeting their organization.

139

139

Security Boulevard

MAY 21, 2021

Just a week after announcing it would no longer cover ransomware payments in France, global insurance company AXA has been hit with a targeted ransomware attack. The Avaddon ransomware group took credit for the attack, telling Bleeping Computer that it also launched a DDoS attack against the insurer’s websites in Thailand, Malaysia, Hong Kong, and the Philippines as added pressure to pay the ransom amount.

Insurance 138

Insurance Ransomware DDOS Banking 138

CSO Magazine

MAY 21, 2021

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s servers, even if the users set their account profiles as private. The cause: a faulty API that permitted unauthenticated requests.

Accountability 135

Accountability Internet Internet 135

Security Boulevard

MAY 21, 2021

Many crises have caused societies to explore new opportunities, and the pandemic-induced switch to remote work is certainly an example. It is likely to accelerate underlying trends in urban living and enhance the quality of life for city dwellers. Even though the pandemic isn’t over and no one really knows for sure what will come. The post How Remote Work Changes Where we Work and Live appeared first on Security Boulevard.

IoT 133

IoT Cybersecurity 133

Bleeping Computer

MAY 21, 2021

Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. [.].

Data breaches 132

Data breaches Hacking 132

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Hot for Security

MAY 21, 2021

Despite many enforcement challenges seen throughout the years, European Union Data Protection Authorities, operating under the General Data Protection Regulation (GDPR), have issued a whopping 661 fines for a total of nearly 300 million Euros. None of the 28 EU nations have been spared financial consequences in the three years since the GDPR took effect.

Data privacy 128

Data privacy Internet Internet Data breaches 128

Bleeping Computer

MAY 21, 2021

This week's ransomware news has been dominated by the attack on Ireland's Health Service Executive (HSE) that has severely disrupted Ireland's healthcare system. [.].

Healthcare 134

Healthcare Ransomware 134

The Hacker News

MAY 21, 2021

India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug. 26, 2011 and Feb.

Data breaches 127

Data breaches Cyber Attacks Hacking 127

Hot for Security

MAY 21, 2021

Security researchers have discovered a new massive spam email campaign designed to push the latest version of STRRAT malware, according to data shared by Microsoft. Ransomware attacks are among the most dangerous for people and companies alike. Having your data locked by ransomware, possibly stolen in the process, and then face blackmail is not a pleasant prospect.

Ransomware 122

Ransomware Malware Security Intelligence Encryption 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Cisco Security

MAY 21, 2021

In the latest episode of the Security Stories podcast , we welcome three leaders from Cisco Talos for a discussion on mental health, stress and burnout. Check it out on your podcast platform of choice, available via the Security Stories webpage. . Joining myself, Ben Nahoney and Sana Yousef, are Matt Watchinski, Vice President of Talos, Matt Olney, Talos’ Head of Threat Intelligence and Interdiction, and Mitch Neff, who leads Talos’ communication strategy and hosts the Beers with Talos p

120

120

Elie

MAY 21, 2021

Learn the concepts behind deep-learning side-channels attack, a powerful cryptanalysis technique, by using it to recover AES cryptographic keys from a hardware device.

118

118

Dark Reading

MAY 21, 2021

Security experts discuss oft-neglected areas of cloud security and offer guidance to businesses working to strengthen their security posture.

133

133

Bleeping Computer

MAY 21, 2021

Google Chrome has suddenly started crashing yesterday for many Windows users worldwide making the browser unusable. [.].

Software 143

Software 143

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Hot for Security

MAY 21, 2021

A group of hackers targeting vulnerable network attached storage (NAS) devices sold by QNAP Systems Inc. has shut down operations after extorting regular users and small businesses of almost 9 Bitcoin, the equivalent of around $365,000, in a matter of weeks. Qlocker operators began targeting the devices around mid- April, when throngs of users discovered that their digital files had been replaced by password-protected 7zip archives.

Ransomware 116

Ransomware Small Business Cybercrime Encryption 116

Security Boulevard

MAY 21, 2021

Take heed, pharmaceutical manufacturers – 10% of you are at high risk of suffering a ransomware attack. It may come as no surprise that you’re in the crosshairs of attackers; any organization in health care or the medical field, especially the companies developing vaccines against COVID-19 likely will draw the attention of bad actors. But. The post Ransomware Susceptibility Index Spells Trouble for Pharma appeared first on Security Boulevard.

Ransomware 109

Ransomware Manufacturing Risk Malware 109

We Live Security

MAY 21, 2021

How stalkerware puts the stalkers' own data at risk – Watch out for FluBot – Building security into critical infrastructure. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Risk 127

Risk 127

Threatpost

MAY 21, 2021

The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in.

131

131

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

MAY 21, 2021

Welcome to the Ask Chloé column on Security Boulevard! Each week, Chloé provides advice to readers’ questions to help guide them as they navigate the technology industry. This week, Chloé explores hackers’ rights and the challenges women face in the male-dominated world of cybersecurity. Dear Chloé, I came across your talk on hacker rights. Since watching.

InfoSec 107

InfoSec Technology Cybersecurity Security Awareness 107

The Hacker News

MAY 21, 2021

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension.

Ransomware 107

Ransomware Malware Security Intelligence Encryption 107

Threatpost

MAY 21, 2021

Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses the elements involved in creating a modern SIEM strategy for remote work and cloud-everything.

Cybersecurity 108

Cybersecurity InfoSec Hacking 108

The Hacker News

MAY 21, 2021

U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date. The development was first reported by Bloomberg, citing "people with knowledge of the attack.

Insurance 105

Insurance Ransomware 105

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CSO Magazine

MAY 21, 2021

Four years ago, the WannaCry ransomware variant spread like wildfire, infecting and encrypting over 230,000 computers at public- and private-sector organizations worldwide, and inflicting hundreds of millions, if not billions, of dollars in damage. Less than two short months later, another ransomware attack, NotPetya, again ripped its way through global organizations, temporarily crippling the shipping industry and costing Maersk $300 million alone.

Ransomware 98

Ransomware Encryption 98

InfoWorld on Security

MAY 21, 2021

I may be overstating a bit, but it seems like we can’t go a week without some breach or ransom attack hitting the news cycles. It’s even more frustrating when these incidents affect the lives of the rank and file, such as long gas lines—or no gas. Although it’s easy to play Monday-morning quarterback, the common pattern is that companies are using security technology that’s less than effective, and perhaps the security talent on the ground is the same.

Cybersecurity 98

Cybersecurity Government Technology 98

SC Magazine

MAY 21, 2021

A Cisco Systems office building as seen in 2001. (Photo by Dan Krauss/Getty Images). Embracing a proactive tech refresh strategy and the integration of technology are two the of most effective security practices that organizations can enact in order to achieve desired outcomes, according to a recently published research study from Cisco Systems and Cyentia Institute.

Technology 98

Technology CISO Threat Detection Media 98

CSO Magazine

MAY 21, 2021

The cyber attack on Colonial Pipeline is the latest in an increasing number of ransomware attacks that have been targeting both private enterprise and the public sector. In this case, it appears that the ransomware variant involved is DarkSide, which ExtraHop has seen in customer environments. This campaign starts by mapping the environment and exfiltrating data, meaning that the attackers likely now have access to detailed information about the company and its pipeline operations.

Cyber Attacks 98

Cyber Attacks Ransomware Encryption 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.