September, 2022

article thumbnail

NATO Countries Hit With Unprecedented Cyber Attacks

Lohrman on Security

Montenegro, Estonia and new NATO applicant Finland are just three of the countries being hit hard by sophisticated cyber attacks. What’s happening and who’s next?

article thumbnail

"Pwned", the Book, is Finally Here!

Troy Hunt

The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor

InfoSec 354
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

State And Local Government Cyber In-Security Endangers America: Let’s Finally Deal With It

Joseph Steinberg

It is not a secret that the American people remain in danger of massive, crippling cyberattacks that could impact financial services, utilities, health care, and just about every other area of modern life. What is not often discussed about the danger, however, is that one of the primary reasons that the United States, as a country, remains ill-prepared for fending off cyberattacks, is that decentralized State and Local government agencies, and not the centralized Federal government, run or overs

article thumbnail

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.

CISO 311
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Differences in App Security/Privacy Based on Country

Schneier on Security

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were allowed to access on users’ mobile phones, 49 of which had additional permissions deemed “dangerous” by Google.

Mobile 310
article thumbnail

CloudBees CEO: Software delivery is now ‘release orchestration’

Tech Republic Security

Enterprise software delivery company CloudBees has a new SaaS offering to discuss, and the firm's CEO gets philosophical. The post CloudBees CEO: Software delivery is now ‘release orchestration’ appeared first on TechRepublic.

Software 214

More Trending

article thumbnail

Winamp 5.9 Final released and it still whips the Llama's ass

Bleeping Computer

Winamp 5.9 Final has been released after four years of development and includes numerous improvements, including Windows 11 support, playback of HTTPS:// streams, and various bug fixes. [.].

Software 145
article thumbnail

How Underground Groups Use Stolen Identities and Deepfakes

Trend Micro

The growing appearance of deepfake attacks is significantly reshaping the threat landscape. These fakes brings attacks such as business email compromise (BEC) and identity verification bypassing to new levels.

Media 145
article thumbnail

Transacting in Person with Strangers from the Internet

Krebs on Security

Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions.

Internet 293
article thumbnail

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Schneier on Security

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].

302
302
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Benefits of edge computing

Tech Republic Security

Learn more about how edge computing can reduce latency, boost performance and improve data security among other benefits. The post Benefits of edge computing appeared first on TechRepublic.

Internet 209
article thumbnail

What happens with a hacked Instagram account – and how to recover it

We Live Security

Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again). The post What happens with a hacked Instagram account – and how to recover it appeared first on WeLiveSecurity.

article thumbnail

Ransomware gangs switching to new intermittent encryption tactic

Bleeping Computer

A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims' systems faster while reducing the chances of being detected and stopped. [.].

article thumbnail

Energy bill rebate scams spread via SMS and email

Graham Cluley

The UK’s National Cyber Security Centre (NCSC) has warned that fraudsters are sending out emails and SMS texts urging homeowners to sign up for a discount on their energy bills.

Scams 143
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Samsung discloses a second data breach this year

Security Affairs

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information. The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information.

article thumbnail

Credit Card Fraud That Bypasses 2FA

Schneier on Security

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped. But the thief has a method which circumnavigates those basic safety protocols.

Banking 287
article thumbnail

Malicious Oauth app enables attackers to send spam through corporate cloud tenants

Tech Republic Security

Microsoft investigated a new kind of attack where malicious OAuth applications were deployed on compromised cloud tenants before being used for mass spamming. The post Malicious Oauth app enables attackers to send spam through corporate cloud tenants appeared first on TechRepublic.

192
192
article thumbnail

Toys behaving badly: How parents can protect their family from IoT threats

We Live Security

It pays to do some research before taking a leap into the world of internet-connected toys. The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity.

IoT 145
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

IRS warns Americans of massive rise in SMS phishing attacks

Bleeping Computer

The Internal Revenue Service (IRS) warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks. [.].

Phishing 143
article thumbnail

Uber’s hacker *irritated* his way into its network, stole internal documents

Graham Cluley

Uber has suffered a security breach which allowed a hacker to break into its network, and access the company's internal documents and systems. How did they do it? By bombarding an employee with a spate of multi-factor authentication (MFA) push notifications.

article thumbnail

Netography Uses Labels and Tags to Provide Security Context

Security Boulevard

Netography today added support for context labels and tagging to a software-as-a-service (SaaS) platform that provides deep packet inspection capabilities to identify cybersecurity threats in near-real-time. Netography CEO Martin Roesch said labels and tags will make it easier for cybersecurity teams to use flow logs to visualize and analyze network traffic by application, location, compliance.

article thumbnail

New Report on IoT Security

Schneier on Security

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices.

IoT 286
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Why 2FA is failing and what should be done about it

Tech Republic Security

Jack Wallen details a recent hack and why he believes one aspect of two-factor authentication is part of the problem. The post Why 2FA is failing and what should be done about it appeared first on TechRepublic.

article thumbnail

The deepfake danger: When it wasn’t you on that Zoom call

CSO Magazine

In August, Patrick Hillman, chief communications officer of blockchain ecosystem Binance, knew something was off when he was scrolling through his full inbox and found six messages from clients about recent video calls with investors in which he had allegedly participated. “Thanks for the investment opportunity,” one of them said. “I have some concerns about your investment advice,” another wrote.

article thumbnail

Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks

Bleeping Computer

Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets. [.].

143
143
article thumbnail

Protecting teens from sextortion: What parents should know

We Live Security

Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online. The post Protecting teens from sextortion: What parents should know appeared first on WeLiveSecurity.

142
142
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

How CIOs Can Balance Boldness and Caution By Implementing DevOps Test Data Management

Security Boulevard

How CIOs Can Balance Boldness and Caution By Implementing DevOps Test Data Management. jasonaxelrod. Thu, 09/01/2022 - 12:16. With automated test data, companies can achieve fast, quality software releases, more seamless cloud adoption, and improved data security and privacy for meeting emerging compliance requirements. Josh Harbert. Sep 01, 2022. Too often, modern businesses are forced to choose between the speed of innovation and privacy and security for valuable data.

article thumbnail

Leaking Passwords through the Spellchecker

Schneier on Security

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.

Passwords 284
article thumbnail

New Chaos malware spreads over multiple architectures

Tech Republic Security

A new malware named Chaos raises concerns as it spreads on multiple architectures and operating systems. The post New Chaos malware spreads over multiple architectures appeared first on TechRepublic.

article thumbnail

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

CSO Magazine

Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.