Security Affairs

OCTOBER 29, 2022

The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate.

Cyber Attacks 144

Cyber Attacks Hacking Government Information Security 144

Schneier on Security

NOVEMBER 1, 2022

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summari

Surveillance 331

Surveillance Telecommunications Encryption Government 331

Troy Hunt

NOVEMBER 3, 2022

I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging from all the usual stuff (namely trawling through masses of data breaches) to all new stuff, in particular expanding and enhancing the public API. The API is actually pretty simple: plug in an email address, get a result, and that's a very clearly documented process.

Data breaches 325

Data breaches 325

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.

Malware 319

Malware Identity Theft Cybercrime Passwords 319

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

NOVEMBER 2, 2022

Also including blockchain-related projects in the ban, SourceHut's creator said the technology is associated with fraudulent activities and high-risk investments. The post Open-source repository SourceHut to remove all cryptocurrency-related projects appeared first on TechRepublic.

Cryptocurrency 198

Cryptocurrency Risk Technology Scams 198

Schneier on Security

OCTOBER 31, 2022

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica : In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about.

268

268

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation offering, which allows users to publicly confirm that they can reply to emails at the domain of their stated current employer.

Scams 263

Scams Cryptocurrency CISO Artificial Intelligence 263

Tech Republic Security

NOVEMBER 3, 2022

New Microsoft 365 deployment tools, making OneDrive work on your iPhone, and a new Cranefly backdoor lead the top news for this week. The post Tech news you may have missed Oct. 28–Nov. 3 appeared first on TechRepublic.

Big data 168

Big data Software 168

Schneier on Security

NOVEMBER 4, 2022

The NSA (together with CISA) has published a long report on supply-chain security: “ Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. “: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment.

Software 259

Software Risk 259

Troy Hunt

OCTOBER 29, 2022

Geez we've been getting hammered down here: Optus, MyDeal, Vinomofo, Medibank and now Australian Clinical Labs. It's crazy how much press interest there's been down here and whilst I think some of it is a bit hyperbolic, bringing the issue to the forefront and ensuring it's being discussed is certainly a good thing. Anyway, let's see what happens between now and next week's video, at this rate there'll be at least one more major Aussie breach to talk about!

Data breaches 247

Data breaches IoT 247

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Bleeping Computer

NOVEMBER 4, 2022

Internet domains for the popular Z-Library online eBook repository were seized early this morning by the U.S. Department of Justice, preventing easy access to the service. [.].

Internet 145

Internet Internet Government Technology 145

Tech Republic Security

NOVEMBER 1, 2022

IoT devices can be openings for attackers, causing major disruptions to businesses. Follow these three steps to secure your IoT devices. The post 3 inexpensive steps to secure IoT appeared first on TechRepublic.

IoT 147

IoT Internet Internet 147

Dark Reading

NOVEMBER 4, 2022

The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says.

Software 141

Software 141

Security Boulevard

NOVEMBER 3, 2022

Written by Christopher Hadnagy and Dr. Abbie Marono There is no denying the appeal of body-language focused blogs, particularly those […]. The post Dispelling Body Language Myths appeared first on Security Boulevard.

Social Engineering 139

Social Engineering Engineering 139

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Bleeping Computer

NOVEMBER 4, 2022

The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. [.].

Internet 145

Internet Internet Government 145

SecureList

NOVEMBER 1, 2022

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 139

Malware Ransomware Phishing Spyware 139

Dark Reading

NOVEMBER 1, 2022

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

Encryption 139

Encryption 139

Security Boulevard

NOVEMBER 1, 2022

The International Counter Ransomware Summit is on in D.C., with 36 nations and blocs. But will it amount to anything of substance? The post FBI/CISA Failed: Biden’s Ransomware Summit Convenes, Impotently appeared first on Security Boulevard.

Ransomware 133

Ransomware Security Awareness Social Engineering Network Security 133

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Bleeping Computer

NOVEMBER 1, 2022

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. [.].

Phishing 145

Phishing Accountability 145

SecureList

OCTOBER 31, 2022

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The malware was regularly modified and upgraded by the developers to target media, diplomatic, governmental and public sector organizations and think-tanks in Japan.

Malware 135

Malware Encryption Phishing Passwords 135

Security Affairs

NOVEMBER 3, 2022

Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 (CVSS score of 8.8), that impacts the Identity Services Engine (ISE).

Hacking 131

Hacking Engineering Information Security 131

CyberSecurity Insiders

NOVEMBER 1, 2022

According to a finding of Treasury Department Data shared with world renowned news resource CNN, about $1 billion ransomware payments were made across the United States in the year 2021; probably the most ever reported in the history of cyber crime. Treasury’s Financial Crimes Enforcement Network (FinCEN) report states that most of the crime was committed by Russian hackers or those funded by the Kremlin.

Ransomware 130

Ransomware Cryptocurrency Malware Encryption 130

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Bleeping Computer

OCTOBER 29, 2022

A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. [.].

145

145

SecureList

NOVEMBER 2, 2022

Introduction. This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you to stay up to date on the modern threat landscape and to be better prepared for attacks.

Malware 133

Malware Passwords Engineering Data collection 133

Security Affairs

NOVEMBER 1, 2022

The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential to the development of our societies, by placing people at the heart of decision-making.

Ransomware 129

Ransomware Artificial Intelligence Hacking Cybersecurity 129

CyberSecurity Insiders

OCTOBER 31, 2022

First news that is trending on the Google search engine is related to a ransomware attack that took place on Germany’s Copper producer ‘Aurubis’. News is out that the world’s second largest producer’s IT systems were hit by a ransomware attack disrupting the digital infrastructure to the core. Perhaps this is supposed to be the first company related to metals and mining that was hit a by a file encrypting malware in the European nation and believably first from the west.

Cybersecurity 129

Cybersecurity Cyber threats Ransomware Malware 129

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

Marketing

Bleeping Computer

NOVEMBER 1, 2022

The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. [.].

Encryption 142

Encryption 142

Dark Reading

NOVEMBER 2, 2022

Vulnerable people are lured by Facebook ads promising high-paying jobs, but instead they're held captive and put to work in Cambodia running cyber scams.

Cybercrime 139

Cybercrime Scams 139

Security Boulevard

OCTOBER 30, 2022

Pentesters love passwords. It’s great for us that the keys to the kingdom lie in something the user usually chooses and most often chooses insecurely. Wikipedia tells us that “A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. The password […]. The post Password Attacks – Saving Time for the Fun Stuff appeared first on Security Aegis.

Passwords 128

Passwords Authentication 128

CyberSecurity Insiders

NOVEMBER 1, 2022

A new ransomware named ‘Azov Ransomware’ is found framing cybersecurity researchers as it doesn’t demand any ransom from its victims, instead it is asking them to contact forensic experts from a firm in the vicinity and do as per their instructions. Though the actions of Azov Ransomware are strange, researchers state that it’s not a big surprise. As someone is trying to frame security personnel from a specific company or some in related field are playing the blame-game.

Ransomware 127

Ransomware Cybersecurity Malware Encryption 127

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.

Data privacy