Schneier on Security

APRIL 5, 2022

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Scams 270

Scams Engineering Encryption Technology 270

The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. Related: How China challenged Google in Operation Aurora. The Chinese government is well known for its censorship– and frequent harassment and intimidation of foreign journalists. These are the foremost reasons China is ranked fourth worst globally regarding press freedoms.

Hacking 219

Hacking Passwords Firewall Internet 219

Tech Republic Security

APRIL 5, 2022

A new report from CyberEdge group goes into detail on why businesses are more keen to pay off ransomware attackers and what can be done to increase cyber security. The post Nearly two-thirds of ransomware victims paid ransoms last year appeared first on TechRepublic.

Ransomware 193

Ransomware 193

Security Boulevard

APRIL 5, 2022

Hackers have stolen a mother lode of personal data from Intuit’s email marketing operation, Mailchimp. The post Mailchimp Hack Causes Theft of Trezor Crypto Wallet ‘Money’ appeared first on Security Boulevard.

Hacking 145

Hacking Marketing Social Engineering CISO 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

APRIL 5, 2022

In one type of phishing attack described by the IRS, scammers pose as IRS workers to try to coax employees into sharing social security numbers or bank account details. The post IRS warns consumers and businesses of common scams during tax season appeared first on TechRepublic.

Scams 187

Scams Banking Phishing Accountability 187

Malwarebytes

APRIL 5, 2022

On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. But since the affected products have reached end of life (EOL), the advice is to disconnect them, if still in use. CISA catalog. The CISA catalog of known exploited vulnerabilities was set up to list the most important vulnerabilities that have proven to pose the biggest risks.

Firmware 145

Firmware Software Risk Authentication 145

Bleeping Computer

APRIL 5, 2022

US chipmaker Intel announced Tuesday night that it had suspended all business operations in Russia, joining tech other companies who pulled out of the country due to the invasion of Ukraine. [.].

Technology 145

Technology Government 145

Tech Republic Security

APRIL 5, 2022

Known as Borat, a new Trojan spotted by Cyble allows attackers to compile malicious code to launch ransomware campaigns and DDoS attacks on the victim’s machine. The post Remote Access Trojan adds ransomware and DDoS attacks to usual bag of tricks appeared first on TechRepublic.

DDOS 152

DDOS Ransomware 152

CSO Magazine

APRIL 5, 2022

I don’t know how many times I’ve heard cybersecurity professionals say something like, “Not having multi-factor authentication is a huge risk for our organization.” The truth is, that type of statement may illustrate a control weakness, but unless the unwanted outcome is a ding in an audit report where MFA is required, that is not the real risk. The real risk is the probability of a ransomware incident, for example, or the leak of personally identifiable information (PII) from a customer databas

Risk 143

Risk Cybersecurity Authentication Ransomware 143

Tech Republic Security

APRIL 5, 2022

If you use SSH or services that require encryption keys, it can be challenging to safely store that data to allow you secure access to your accounts. Here are some services to help you keep track of them. The post 5 tools to make encryption key management easier appeared first on TechRepublic.

Encryption 130

Encryption Accountability Software 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

APRIL 5, 2022

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader. [.].

Media 143

Media Malware Government 143

Security Boulevard

APRIL 5, 2022

For years, compliance audits have basically been conducted the same way: create an audit plan, complete the audit. Read More. The post Agile Auditing: What You Need to Know appeared first on Hyperproof. The post Agile Auditing: What You Need to Know appeared first on Security Boulevard.

127

127

Bleeping Computer

APRIL 5, 2022

The servers of Hydra Market, the most prominent Russian darknet platform for selling drugs and money laundering, have been seized by the German police. [.].

Marketing 145

Marketing 145

Appknox

APRIL 5, 2022

As more and more businesses move towards cloud-based operations and embrace digital transformation, security is increasingly becoming an important question. As an enterprise migrates to the cloud, its assets and data resources need to be migrated as well, and that might expose the sensitive information.

Digital transformation 127

Digital transformation 127

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SecureBlitz

APRIL 5, 2022

Are you thinking about what best freelancing job websites for cyber security there are? The demand for cyber security freelancing jobs is no doubt on the increase in recent times; here, sit back as we walk you through the best freelancing job websites for 2022. As a cybersecurity expert, you can find freelance jobs on. The post 5 Best Freelancing Job Websites For Cyber Security appeared first on SecureBlitz Cybersecurity.

Cybersecurity 125

Cybersecurity 125

Tech Republic Security

APRIL 5, 2022

Making your software more secure is a process that takes careful planning, a lot of collaboration, and a healthy dose of iterating as you learn more. It’s the type of journey that goes more smoothly when you have a map. SafeStack Academy’s free white paper details what software security roadmaps are, why they’re useful in. The post Software security roadmaps: Secure your software without the expense appeared first on TechRepublic.

Software 112

Software 112

Security Boulevard

APRIL 5, 2022

Qualys this week updated its multi-vector endpoint detection and response (EDR) service to add additional threat-hunting and risk mitigation capabilities along with improved alert prioritization capabilities. Hiep Dang, vice president of endpoint security solutions for Qualys, said the 2.0 release of the multi-vector EDR service from Qualys now makes it easier to operationalize tactics and.

Risk 120

Risk Malware Cybersecurity Network Security 120

Dark Reading

APRIL 5, 2022

Security features to come include a TPM-like security processor for protecting artifacts that a computer uses during the secure boot-up process, as well as a control for blocking unsigned and untrusted apps.

121

121

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

eSecurity Planet

APRIL 5, 2022

MITRE Engenuity has released the latest round of its ATT&CK endpoint security evaluations, and the results show some familiar names leading the pack with the most detections. The MITRE evaluations are unique in that they emulate advanced persistent threat (APT) and nation-state hacking techniques, making them different from tests that might look at static malware samples, for example.

Antivirus 120

Antivirus Security Defenses Cybersecurity Ransomware 120

Tech Republic Security

APRIL 5, 2022

Customers of hardware wallet provider Trezor have been targeted by a phishing scam, resulting in the theft of cryptocurrency assets. See how it works and how to protect yourself from this new threat. The post Sophisticated phishing attacks steal Trezor’s hardware wallets appeared first on TechRepublic.

Phishing 106

Phishing Cryptocurrency Scams 106

CSO Magazine

APRIL 5, 2022

In an SEC filing made on Monday, Cash App parent company Block, Inc., said that it was working to contact roughly 8.2 million past and present customers of its investment services, as names, brokerage portfolio values and account numbers were compromised in a data breach. According to Block’s form 8-K, a employee who had regular access to the records during their employment downloaded customer records after leaving the company.

Hacking 118

Hacking Data breaches Passwords Accountability 118

Bleeping Computer

APRIL 5, 2022

Microsoft said that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services. [.].

119

119

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

APRIL 5, 2022

Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date.

Marketing 116

Marketing 116

CSO Magazine

APRIL 5, 2022

Businesses have been at work since last week investigating whether their applications or third-party software products are vulnerable to Spring4Shell , a critical remote code execution (RCE) vulnerability impacting Spring Framework, one of the most popular development frameworks for Java applications. While exploitation attempts have already been observed in the wild, the rate at which developers are updating their Spring instances appears to be slow going.

Risk 116

Risk Software 116

Security Boulevard

APRIL 5, 2022

Product development is a delicate balancing act of delivering new features and investing in architecture and technology, all while trying to focus on building the right product. Have you ever experienced one of these scenarios? The post What is Code Quality? 5 Software Development Checks You Should be Automating appeared first on Security Boulevard.

Software 115

Software Architecture Technology 115

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations.

Phishing 122

Phishing Government Hacking Malware 122

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

APRIL 5, 2022

This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura. Colibri Loader is a relatively new piece of malware that first appeared on underground forums in August 2021 and was advertised to “ people who have large volumes of traffic and lack of time to work out the material “ As it names suggests, it is meant to deliver and manage payloads onto infected computers.

Malware 111

Malware Advertising 111

Security Affairs

APRIL 5, 2022

Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children. Leaked data include names, ranks and passport details of Russians serving in the 64 Motor Rifle Brigade which occupied Bucha prior to March 31.

Hacking 116

Hacking Media Government Cybersecurity 116

Security Boulevard

APRIL 5, 2022

A security operations center (SOC) serves specific and important functions in strengthening the cybersecurity defenses of any organization. This dedicated unit of cybersecurity experts provides a core set of security capabilities, including risk management, incident management, compliance assessments, in-depth behavior and threat analysis, and situational security awareness.

Security Awareness 109

Security Awareness Risk Cybersecurity 109

Bleeping Computer

APRIL 5, 2022

Cash App is notifying 8.2 million current and former US customers of a data breach after a former employee accessed their account information. [.].

Data breaches 124

Data breaches Accountability 124

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.