Naked Security

JUNE 9, 2021

But Bitcoins are anonymous! However could they get refunded?

Ransomware 144

Ransomware Cryptocurrency 144

InfoWorld on Security

JUNE 11, 2021

In the latest Agents of Transformation report, Agents of Transformation 2021: The Rise of Full-Stack Observability , 77% of global technicians report experiencing a higher level of complexity as a result of accelerated cloud computing initiatives during the pandemic. A further 78% cited the need to manage the legacy and cloud technology patchwork as a further source of technology spread and complexity.

Technology 98

Technology 98

We Live Security

JUNE 30, 2021

Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed. The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity.

Scams 145

Scams 145

DoublePulsar

JUNE 8, 2021

I’ve talked about ransomware and extortion attacks on organizations for about a decade. I recently spent a year at Microsoft in Threat… Continue reading on DoublePulsar ».

Ransomware 98

Ransomware 98

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

SecureList

JUNE 23, 2021

Introduction. Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including models for static and dynamic detection, for processing sandbox logs and system events, etc.

Malware 145

Malware Technology Architecture Cybersecurity 145

Joseph Steinberg

JUNE 15, 2021

Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan. Moynihan made the comment on CNBC’s Squawk Box show yesterday (June 14), noting that “I became CEO 11 and a half years ago, and we probably spent $300 million to $400 million (per year) and we’re up over a billion now… The institutions around us, other institutions and my peers, spend like amounts, and our contra

Cybersecurity 364

Cybersecurity Artificial Intelligence Banking Insurance 364

Schneier on Security

JUNE 8, 2021

“If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” That was Bruce’s response at a conference hosted by U.S. Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. That may be necessary to keep in touch with civilian companies like FedEx in peacetime or when fighting terrorists or insurgents.

Software 363

Software Cybersecurity Backups Technology 363

Krebs on Security

JUNE 21, 2021

Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems — a basic first step in protecting networks from cyberattacks.

Hacking 362

Hacking Accountability Cybersecurity Technology 362

Lohrman on Security

JUNE 13, 2021

After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?

Hacking 299

Hacking Ransomware 299

Adam Levin

JUNE 4, 2021

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. . According to the company’s website, “ExaGrid offers a unique approach to ensure that attackers cannot compromise the backup data, allowing organizations to be confident that they can restore the affected primary storage and avoid paying ugly ransoms.

Ransomware 289

Ransomware Backups Insurance Healthcare 289

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Joseph Steinberg

JUNE 7, 2021

Every so often, I encounter an unusual technology device that so well solves a problem that I have encountered many times that I cannot imagine not adding the product to my arsenal of tools, even if it is not something that I would necessarily use every day. The Hushme is one such offering. Hushme is an unusual-looking headset that sports a single unusual, but tremendously significant, feature – it allows a person to carry on a conversation over the phone without anyone around them being able to

Artificial Intelligence 363

Artificial Intelligence Technology Media Cybersecurity 363

Troy Hunt

JUNE 9, 2021

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago , then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.

Malware 363

Malware 363

Schneier on Security

JUNE 2, 2021

The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ran

Ransomware 363

Ransomware Malware Hacking Cybercrime 363

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School , the University of California , and University of Maryland. A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.

Ransomware 361

Ransomware Cybercrime Malware Encryption 361

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Lohrman on Security

JUNE 20, 2021

The North Atlantic Treaty Organization (NATO) opened the door for cyber attacks to trigger “Article 5” actions. This is a big deal — here’s why.

Cyber Attacks 295

Cyber Attacks Ransomware 295

Tech Republic Security

JUNE 30, 2021

64% of respondents to PwC's latest CEO survey expect a jump in reportable ransomware and software supply chain incidents this year, and only 55% are prepared to respond.

Ransomware 218

Ransomware Software 218

Joseph Steinberg

JUNE 3, 2021

Joseph Steinberg recently discussed with Fox Business Network host and commentator, Kennedy, why hackers are targeting meat companies, pipelines, and other important elements of the US economy’s supply chain… and, what can Americans do to stop such attacks. To listen to the discussion, please either utilize the embedded player below, or click the image underneath it.

Artificial Intelligence 363

Artificial Intelligence Cybersecurity Hacking 363

Troy Hunt

JUNE 3, 2021

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments.

Government 363

Government Data breaches 363

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

JUNE 11, 2021

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announced 800 arrests based on text messages sent over the app.

Encryption 362

Encryption Software 362

Krebs on Security

JUNE 15, 2021

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her

Cybercrime 359

Cybercrime Ransomware Passwords Banking 359

Lohrman on Security

JUNE 6, 2021

Maria Thompson’s last day as North Carolina’s chief risk officer was June 4, 2021. In this interview, she shares her team’s cyber journey, along with helpful insights for others to benefit from.

Risk 221

Risk 221

Tech Republic Security

JUNE 16, 2021

Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.

Ransomware 218

Ransomware 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Joseph Steinberg

JUNE 9, 2021

According to the FBI, it has successfully seized most of the Bitcoin ransom paid by Colonial Pipeline to “Darkside” criminals after the highly publicized ransomware attack that led to recent gas shortages in multiple US States. Unlike reversing financial transactions performed by banks and/or classic funds-transfer networks, seizing Bitcoin typically entrails issuing a new transaction to move Bitcoin from the address at which it resides to a new address controlled by the seizer; to p

Cryptocurrency 363

Cryptocurrency Artificial Intelligence Government Hacking 363

Troy Hunt

JUNE 7, 2021

This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy. They are now the 2nd Latin American country and 20th country worldwide to have free and easy API level access to all their government domains. I'm going to continue onboarding governments as they reach out and ask for access, my hope being that greater visibility to the impact of data breaches helps minimise the disruption they cause t

Government 361

Government Data breaches 361

Schneier on Security

JUNE 17, 2021

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.” GEA-1 was d

Encryption 361

Encryption Telecommunications Mobile 361

Krebs on Security

JUNE 23, 2021

In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.

Banking 354

Banking Encryption Wireless Accountability 354

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

JUNE 1, 2021

Cybercriminals use various techniques for conducting cyberattacks. One such popular way to infiltrate a system is Pharming. It is an online scam attack quite similar to Phishing. Related: Credential stuffing explained. The term Pharming is a combination of two words Phishing and Farming. It is a type of social engineering cyberattack in which the website’s traffic is manipulated to steal confidential credentials from the users.

DNS 214

DNS Phishing Social Engineering Cyber Attacks 214

Tech Republic Security

JUNE 28, 2021

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.

Cybersecurity 218

Cybersecurity 218

Joseph Steinberg

JUNE 23, 2021

Cyber Security Expert, Joseph Steinberg, has joined Newsweek’s Expert Forum, the premier news outlet’s invitation-only community of pioneering thinkers and industry leaders. Steinberg was selected for the forum based on his proven expertise in the fields of cybersecurity, privacy, and artificial intelligence. Scott Gerber, founder of the Newsweek Expert Forum, noted: “We are honored to accept Joseph Steinberg into the Newsweek Expert Forum.

Artificial Intelligence 334

Artificial Intelligence CISO Technology Cybersecurity 334

Troy Hunt

JUNE 5, 2021

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out.

Passwords 361

Passwords 361

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams