Krebs on Security

NOVEMBER 4, 2021

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing 299

Phishing Scams Mobile DNS 299

Schneier on Security

NOVEMBER 4, 2021

The Israeli cyberweapons arms manufacturer — and human rights violator , and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them. Aside from the obvious difficulties this causes, it’ll make it harder for them to buy zero-day vulnerabilities on the open market.

Manufacturing 286

Manufacturing Marketing Spyware 286

Tech Republic Security

NOVEMBER 4, 2021

Ping Identity executive advisor Aubrey Turner warns that eager cybercriminals are ready to exploit the current chaotic state of the world, and preparation is essential going into the holidays.

Cybersecurity 217

Cybersecurity 217

Security Boulevard

NOVEMBER 4, 2021

Ransomware attacks are ubiquitous, and the insurance markets are chaotic. That, at least, seems to be the state of cybersecurity and risk mitigation since the COVID-19 pandemic began. It also isn’t far from the truth: Ransomware attacks have markedly increased, placing significant pressure on insurance markets to provide organizations with affordable options to minimize risk.

Ransomware 144

Ransomware Insurance Marketing Risk 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 4, 2021

IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.

IoT 206

IoT Internet Internet 206

The Hacker News

NOVEMBER 4, 2021

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines.

Cybersecurity 143

Cybersecurity 143

Security Affairs

NOVEMBER 4, 2021

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys.

Authentication 142

Authentication Passwords Accountability Hacking 142

Tech Republic Security

NOVEMBER 4, 2021

Now you can leverage your advanced IT experience to switch to an exciting new career in cybersecurity, by starting with a narrow specialization and advancing from there.

Cybersecurity 169

Cybersecurity Risk 169

Security Boulevard

NOVEMBER 4, 2021

What took you so long? The U.S. Commerce Dept. has finally blocked exports to the notorious NSO Group—makers of sophisticated “zero click” spyware, Pegasus. The post US Blocks Trade with ‘Legal’ Pegasus Spyware Firm, NSO appeared first on Security Boulevard.

Spyware 141

Spyware Risk Mobile Government 141

Javvad Malik

NOVEMBER 4, 2021

Do you want fries with that? Global giant McDonald’s is famous for its fast food. However, it’s not their burgers and fries that made the business profitable. Ray Kroc struggled to initially bring enough revenue from his franchised restaurants in order to pay for the land and the building for McDonald’s restaurants, which meant growth was limited to one restaurant at a time.

Marketing 113

Marketing Passwords Accountability Risk 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

NOVEMBER 4, 2021

Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes. The post Google squashes Android zero‑day bug exploited in targeted attacks appeared first on WeLiveSecurity.

135

135

Bleeping Computer

NOVEMBER 4, 2021

The US government is targeting the DarkSide ransomware and its rebrands with up to a $10,000,000 reward for information leading to the identification or arrest of members of the operation. [.].

Ransomware 134

Ransomware Government 134

Graham Cluley

NOVEMBER 4, 2021

A British man has been charged by the US Department of Justice for his alleged role in stealing $784,000 worth of cryptocurrency in a series of SIM swap attacks. Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 135

Cryptocurrency Hacking 135

Dark Reading

NOVEMBER 4, 2021

Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.

Cybersecurity 132

Cybersecurity 132

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

NOVEMBER 4, 2021

The longest six hours in Facebook’s history took place on October 4, 2021, as Facebook and its sister properties went dark. The social network suffered a catastrophic outage. The only silver lining to the outage, if there is one, is that the outage wasn’t caused by malicious actors. Rather, it was a self-inflicted wound caused by Facebook’s own network engineering team.

Engineering 127

Engineering 127

The Hacker News

NOVEMBER 4, 2021

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.

Authentication 125

Authentication 125

Bleeping Computer

NOVEMBER 4, 2021

Contestants hacked the Samsung Galaxy S21 smartphone during the second day of the Pwn2Own Austin 2021 competition, as well as routers, NAS devices, speakers, and printers from Cisco, TP-Link, Western Digital, Sonos, Canon, Lexmark, and HP. [.].

Hacking 122

Hacking 122

CSO Magazine

NOVEMBER 4, 2021

Late last year, a group believed to be Russia’s Cozy Bear (APT29) successfully compromised SolarWinds’ Orion update software , turning it into a delivery vehicle for malware. Nearly 100 customers of the popular network monitoring tool were affected, including government entities and cybersecurity company FireEye.

CISO 117

CISO Government Malware Software 117

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

NOVEMBER 4, 2021

Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories on GitHub. [.].

Passwords 114

Passwords 114

Dark Reading

NOVEMBER 4, 2021

Unlike traditional security approaches, the zero-trust security model verifies a user's identity each and every time they need specific system access.

126

126

CSO Magazine

NOVEMBER 4, 2021

Graylog is extending its SIEM (security information and event management) software with anomaly detection and user entity behavior analytics (UEBA) to provide organizations with a software suite that combines and streamlines security techniques designed to handle a wide range of risks related to insider threats, credential-based attacks, and other cyberthreats.

Data collection 114

Data collection Software Risk 114

Security Affairs

NOVEMBER 4, 2021

A critical heap-overflow vulnerability, tracked as CVE-2021-43267, in Linux Kernel can allow remote attackers to takeover vulnerable installs. A SentinelOne researcher discovered a critical remote code execution vulnerability, tracked as CVE-2021-43267, resides in the Transparent Inter Process Communication (TIPC) module of the Linux kernel. The flaw is a critical heap-overflow issue that could lead to remote code execution and full system compromise.

Hacking 114

Hacking Information Security Cybersecurity 114

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

NOVEMBER 4, 2021

As if disruption to the global supply chain post-pandemic isn’t bad enough, cybercriminals are selling access, sometimes in the form of credentials, to shipping and logistics companies in underground markets. That’s a worrisome, if not unexpected, development; a cybersecurity incident at a company that operates air, ground and maritime cargo transport on multiple continents and.

Risk 113

Risk Marketing Cybersecurity IoT 113

Bleeping Computer

NOVEMBER 4, 2021

A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware. [.].

Ransomware 118

Ransomware Hacking 118

CyberSecurity Insiders

NOVEMBER 4, 2021

This blog was written by an independent guest blogger. The pandemic accelerated a trend that was already gaining increased traction: the preference for shopping online. The last eighteen months have brought a surge to the eCommerce industry, with consumers of all ages learning how to order items online. Competition has never been fiercer for online retailers, which means it’s not just quality products and customer service that companies must focus on.

Retail 111

Retail eCommerce Cyber Attacks Authentication 111

Security Affairs

NOVEMBER 4, 2021

The US government offers up to a $10,000,000 reward for information leading to the identification or arrest of DarkSide gang members. The US government wants to dismantle the DarkSide ransomware operation and its rebrands and it is offering up to a $10,000,000 reward for information leading to the identification or arrest of members of the gang in key leadership position s. “The U.S.

Ransomware 109

Ransomware Government Cybercrime Encryption 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

NOVEMBER 4, 2021

Cisco has released security updates to address critical security flaws allowing unauthenticated attackers to log in using hard-coded credentials or default SSH keys to take over unpatched devices. [.].

105

105

Security Affairs

NOVEMBER 4, 2021

The US CISA shared a list of vulnerabilities known to be exploited in the wild and orders US federal agencies to address them within deadlines. The US Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of 306 actively exploited vulnerabilities and has issued a binding operational directive ordering US federal agencies to address them within specific timeframes and deadlines.

Risk 106

Risk Cyber Attacks Cybersecurity Hacking 106

eSecurity Planet

NOVEMBER 4, 2021

It’s been an active week for security vulnerabilities, with MITRE and the U.S. Cybersecurity & Infrastructure Agency (CISA) revealing hundreds of critical vulnerabilities. CISA ordered federal agencies to patch a list of nearly 300 vulnerabilities , and encouraged private organizations to fix them too. CISA said the list will be updated as any vulnerability meets three criteria: The vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) ID.

Software 105

Software Firmware Computers and Electronics Risk 105

Cisco Security

NOVEMBER 4, 2021

Congratulations to security advocate Wouter Hindriks of Avit Group! Cybersecurity defenders have had an extra challenging job to do over the past year and a half. While critical, securing our digital world can sometimes be a thankless and exhausting endeavor, especially under these unprecedented circumstances. One tried-and-true way to get through difficult situations, however, is by connecting with others.

Cybersecurity 105

Cybersecurity Technology Education Marketing 105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.