August, 2022

article thumbnail

Hacktivism and DDOS Attacks Rise Dramatically in 2022

Lohrman on Security

2022 has brought a surge in distributed denial-of-service attacks as well as a dramatic rise in patriotic hacktivism. What’s ahead for these trends as the year continues?

DDOS 357
article thumbnail

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote cont

Scams 319
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hyundai Uses Example Keys for Encryption System

Schneier on Security

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […].

article thumbnail

Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV

Troy Hunt

How best to punish spammers? I give this topic a lot of thought because I spend a lot of time sifting through the endless rubbish they send me. And that's when it dawned on me: the punishment should fit the crime - robbing me of my time - which means that I, in turn, need to rob them of their time. With the smallest possible overhead on my time, of course.

Passwords 363
article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

How to protect your organization from the top malware strains

Tech Republic Security

A joint advisory from the U.S. and Australia offers tips on combating the top malware strains of 2021, including Agent Tesla, LokiBot, Qakbot, TrickBot and GootLoader. The post How to protect your organization from the top malware strains appeared first on TechRepublic.

Malware 218
article thumbnail

What is the cost of a data breach?

CSO Magazine

The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, in 2022, the average cost of a data breach globally reached an all-time high of $4.35 million.

More Trending

article thumbnail

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their

Mobile 288
article thumbnail

USB “Rubber Ducky” Attack Tool

Schneier on Security

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a user’s login credentials or causing Chrome to send all saved passwords to an attacker’s webserver. But these attacks had to be carefully crafted for specific operating systems and software versions and lacked the flexibility to work across platforms.

Passwords 350
article thumbnail

Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen

Bleeping Computer

Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. [.].

article thumbnail

How older security vulnerabilities continue to pose a threat

Tech Republic Security

Security flaws dating back more than 10 years are still around and still pose a risk of being freely exploited, says Rezilion. The post How older security vulnerabilities continue to pose a threat appeared first on TechRepublic.

Risk 212
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Complete guide to IoT Security

Security Boulevard

The IoT market is projected to hit the $1.5 Trillion mark by 2025. Doesn’t that number look staggering? Putting in perspective, it’s a 600% growth from 2019, when the IoT market was pegged at $250 Billion. It is expected that 25 billion devices will be a part of the IoT network by 2025 with smartphones […]. The post Complete guide to IoT Security appeared first on Security Boulevard.

IoT 145
article thumbnail

CI/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers

eSecurity Planet

Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain , according to NCC researchers. The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC researchers have done on compromised CI/CD pipelines.

Software 145
article thumbnail

Google Cloud blocks largest HTTPS DDoS attack ever

CSO Magazine

Google Cloud has claimed to have blocked the largest Layer 7 (HTTPS) DDoS attack to date after a Cloud Armor customer was targeted by a series of attacks that peaked at 46 million requests per second (rps). Google stated the attack, which occurred on June 1, was at least 76% larger than the previously reported HTTPS DDoS record and showed characteristics that link it to the M?

DDOS 142
article thumbnail

Man-in-the-Middle Phishing Attack

Schneier on Security

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user.

Phishing 318
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Hackers hide malware in James Webb telescope images

Bleeping Computer

Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. [.].

Malware 144
article thumbnail

New CosmicStrand rootkit targets Gigabyte and ASUS motherboards

Tech Republic Security

A probable Chinese rootkit infects targeted computers and stays active even if the system is being reinstalled. The post New CosmicStrand rootkit targets Gigabyte and ASUS motherboards appeared first on TechRepublic.

203
203
article thumbnail

Upskilling is Critical to Closing Cybersecurity Skills Gaps

Security Boulevard

Cybersecurity is the number-one skills gap in 2022, surpassing cloud computing as the top-ranking area of focus for individuals and organizations, according to a Pluralsight survey of more than 700 tech professionals. Respondents with access to modern upskilling options demonstrated more confidence in their skills and trust in their organizations. These technologists had access to.

article thumbnail

Security Compliance & Data Privacy Regulations

eSecurity Planet

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

A Cyberattack Forced the Shutdown of 7-Eleven Stores in Denmark

Heimadal Security

Following a nationwide cyberattack that affected stores’ payment and checkout systems, 7-Eleven locations in Denmark closed their doors yesterday. 7-Eleven, Inc., styled as 7 ELEVEn, is an American multinational chain of retail convenience stores selling convenience foods, beverages, and gasoline, headquartered in Dallas, Texas. The American company has 78,029 stores in 19 countries and territories, […].

Retail 142
article thumbnail

Surveillance of Your Car

Schneier on Security

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it. The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few regulations governing its sale or use. While many of these companies stress they are using aggregated or anonymized data, the unique nature of location and movement data increases the potential for violations of user privacy.

article thumbnail

Chrome extensions with 1.4 million installs steal browsing data

Bleeping Computer

Threat analysts at McAfee found five Google Chrome extensions that steal track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times. [.].

142
142
article thumbnail

Verizon: Mobile attacks up double digits from 2021

Tech Republic Security

With more people using their mobile devices for work and personal use, hackers are exploiting the vulnerabilities these activities create. The post Verizon: Mobile attacks up double digits from 2021 appeared first on TechRepublic.

Mobile 201
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

PwC Survey Finds C-Level Execs View Cybersecurity as Biggest Risk

Security Boulevard

A survey of 722 C-level executives published today by PwC finds 40% of business leaders now rank cybersecurity as being the number one serious risk their organizations face today. In addition, 58% of corporate directors said they would benefit most from enhanced reporting around cybersecurity and technology. Nearly half of respondents (49%) said as a.

Risk 142
article thumbnail

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

Cyber attackers continue to up their game. One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). The new attack method, reported by Sophos researchers yesterday, is already growing in use. The “cookie-stealing cybercrime spectrum” is broad, the researchers wrote, ranging from “entry-level criminals” to advanced adversaries, using various techniques.

article thumbnail

Meet DUMPS Forum: A pro-Ukraine, anti-Russia cybercriminal forum

Digital Shadows

While the Russian invasion of Ukraine has typically been met with a response of horror and condemnation across the globe, The post Meet DUMPS Forum: A pro-Ukraine, anti-Russia cybercriminal forum first appeared on Digital Shadows.

article thumbnail

Ring Gives Videos to Police without a Warrant or User Consent

Schneier on Security

Amazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent. Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from US Senator Ed Markey (D-Mass.), confirming that there have been 11 cases in 2022 where Ring complied with police “emergency” requests.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Janet Jackson's music video is now a vulnerability for crashing hard disks

Bleeping Computer

Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers. [.].

145
145
article thumbnail

Tech news you may have missed: August 18 – 25

Tech Republic Security

Apple updates, cookie theft, tech tips and a 5G cheat sheet top this week’s most-read news on TechRepublic. The post Tech news you may have missed: August 18 – 25 appeared first on TechRepublic.

195
195
article thumbnail

UK 5G Network company EE blocks 200 million phishing texts

CyberSecurity Insiders

Everything Everywhere shortly and widely known as EE, a UK based company that offers super-fast telecom and data network services based on 5G says that it has officially blocked 200 million phishing texts and over 11 million scammed calls to its users in the month of this year’s July alone. The revelation comes just after a couple of days when another network provider revealed scamsters are circulating fake messages induced with the Apple Pay, Evri and NHS links that aren’t genuine in real and,

Phishing 140
article thumbnail

New Linux Malware Surges, Surpassing Android

eSecurity Planet

Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Atlas VPN report said the number of new Linux malware samples collected soared by 646% from the first half of 2021 to the first half of 2022, from 226,334 samples to nearly 1.7 million.

Malware 141
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.