Sat.Jun 19, 2021 - Fri.Jun 25, 2021

article thumbnail

How Can SMBs Fight Cyberattacks?

Security Boulevard

Even before the COVID-19 pandemic, small to mid-sized businesses (SMBs) faced unique challenges on the cybersecurity front. The massive disruption caused by the pandemic only exacerbated the challenges of protecting data, systems and business—not to mention customers and their data. Now that we’re starting to see signs of recovery, it’s important for SMBs to view.

article thumbnail

Does That Data Make Your Company a Cyber Attack Target?

CyberSecurity Insiders

By Matthew Meehan, chief operating officer at TokenEx. We have all heard the proverb that teaches, “slow and steady wins the race.” But what if slow isn’t an option? In the wake of COVID-19, many businesses sped through the digitization process to transform their businesses in record time. In their haste, important data protection measures and security considerations were either undermined, or simply not considered.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 248

Troy Hunt

Thought I'd do a bit of AMA this week given the rest of the content was a bit lighter. If you like this sort of content then I'll try and be a bit more organised next time, give some notice and make more of an event out of it. Other than that, I'm screwing around with more IoT things, dealing with more breaches, onboarding new governments so yeah, same same 🙂 References Here's the iFixit kit I bought, it's the "Pro Tech Toolkit" (this is a really nice pie

IoT 326
article thumbnail

How Cyber Safe is Your Drinking Water Supply?

Krebs on Security

Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems — a basic first step in protecting networks from cyberattacks.

Hacking 314
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Apple Will Offer Onion Routing for iCloud/Safari Users

Schneier on Security

At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” That’s basically its private version of onion routing , which is what Tor does. Privacy Relay is built into both the forthcoming iOS and MacOS versions, but it will only work if you’re an iCloud Plus subscriber and you have it enabled from within your iCloud settings.

DNS 281
article thumbnail

Newsweek Expert Forum Welcomes Cyber Security Expert Joseph Steinberg

Joseph Steinberg

Cyber Security Expert, Joseph Steinberg, has joined Newsweek’s Expert Forum, the premier news outlet’s invitation-only community of pioneering thinkers and industry leaders. Steinberg was selected for the forum based on his proven expertise in the fields of cybersecurity, privacy, and artificial intelligence. Scott Gerber, founder of the Newsweek Expert Forum, noted: “We are honored to accept Joseph Steinberg into the Newsweek Expert Forum.

More Trending

article thumbnail

How Cyber Sleuths Cracked an ATM Shimmer Gang

Krebs on Security

In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.

Banking 291
article thumbnail

The Future of Machine Learning and Cybersecurity

Schneier on Security

The Center for Security and Emerging Technology has a new report: “ Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases these technologies are elaborations on long-standing methods — not fundamentally new approaches — that bring new attack surfaces of their own.

article thumbnail

Splunk launches security products and AWS security enhancements

Tech Republic Security

The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.

article thumbnail

Don’t name your Wi-Fi hotspot this, unless you want to crash your iPhone

Hot for Security

A bizarre bug has been discovered in iOS that can cause an iPhone to crash when it attempts to join a Wi-Fi network with a particular name. What’s the offending name? Well, I don’t want to put it in the text of this article in case some readers are curious enough to try it out for themselves. So, here it is as an image: Security researcher Carl Schou stumbled across the problem, and tweeted a vido of his iPhone getting in a mighty muddle when trying to connect to a Wi-Fi hotspot with

Software 145
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device. One of many similar complaints on Western Digital’s user forum.

Internet 286
article thumbnail

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Schneier on Security

Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiam’s interception products, dubbed “Invisible Man” and “Night Crawler,” are capable of remotely accessing a target’s files, location, and covertly turning on a device’s camera and microphone.

article thumbnail

Cars are packed with technology, but they can still be hacked

Tech Republic Security

The threat to people's lives is terrifying, so auto manufacturers need to change their old-school strategies to protect people.

article thumbnail

Gaming industry under siege from cyberattacks during pandemic

We Live Security

Cyberattacks targeting the gaming industry skyrocket, with web attacks more than tripling year-on-year in 2020. The post Gaming industry under siege from cyberattacks during pandemic appeared first on WeLiveSecurity.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

iPhone bug breaks WiFi when you join hotspot with unusual name

Bleeping Computer

A new iPhone bug has come to light that breaks your iPhone's wireless functionality by merely connecting to a certain WiFi hotspot. Once triggered, the bug would render your iPhone unable to establish a WiFi connection, even if it is rebooted or the WiFi hotspot is renamed. [.].

Wireless 145
article thumbnail

How Air Gapping Can Protect IP

Security Boulevard

In today’s hyperautomated world, organizations connect various environments, applications and databases to one another, creating complex infrastructures. Security professionals discuss the difficulties inherent in securing cloud environments, and the risks that third-party vendors pose to a company’s increasingly IT-dependent business structure. Malicious actors continue to target critical information through increasingly sophisticated supply chain attacks.

Risk 144
article thumbnail

How to be prepared for a ransomware attack: Check your data and backups

Tech Republic Security

Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.

Backups 186
article thumbnail

How to tell if a website is safe

We Live Security

It can be difficult to tell a legitimate website apart from an unsafe one – follow these steps to identify and protect yourself from bad websites. The post How to tell if a website is safe appeared first on WeLiveSecurity.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Windows 11 won't work without a TPM - What you need to know

Bleeping Computer

Windows 11 requires a TPM security processor to install or upgrade to Windows 11. Unfortunately, there has been a lot of confusion about what type of TPM you need and why you need it in the first place. [.].

144
144
article thumbnail

Cybercriminals Increasingly Target Manufacturing, IP

Security Boulevard

Recent attacks targeting intellectual property (IP) and critical infrastructure are raising the security stakes for manufacturing organizations, as the industry records one of the highest attack rates of any sector since the onset of COVID-19. One in five manufacturing companies in the U.S. and UK have been victims of a cyberattack in the last 12. The post Cybercriminals Increasingly Target Manufacturing, IP appeared first on Security Boulevard.

article thumbnail

Remote Access Trojan now targeting schools with ransomware

Tech Republic Security

Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US.

article thumbnail

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. South Korean representatives declared on Friday that North Korea-linked APT group Kimsuky is believed to have breached the internal network of the South Korean Atomic Energy Research Institute (KAERI). The Korea Atomic Energy Research Institute (KAERI) in Daejeon, South Korea was established in 1959 as the sole professional research-oriented institute for nuclea

Hacking 139
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Mercedes-Benz data breach exposes SSNs, credit card numbers

Bleeping Computer

Mercedes-Benz USA has just disclosed a data breach impacting under 1,000 customers and potential buyers that exposed their credit card information, social security numbers, and driver license numbers. [.].

article thumbnail

The Role of 5G in Defining Cybersecurity Strategies

Security Boulevard

Increased availability and adoption of 5G technology means a more connected world, which in turn means more users with a greater variety of devices. While this means that IT security teams will have more to manage, many of the leading security vendors have been planning for 5G for years. Organizations should be doing all of. The post The Role of 5G in Defining Cybersecurity Strategies appeared first on Security Boulevard.

article thumbnail

Disconnect your WD My Book Live from the internet or face data deletion, says Western Digital

Graham Cluley

Storage drive maker Western Digital is telling owners of its WD My Book Live device to disconnect it from the internet, after reports that some have had their data erased by malicious software. Read more in my article on the Tripwire State of Security blog.

Internet 140
article thumbnail

FIN7 hacking gang’s “pen tester” jailed for seven years by US court

Hot for Security

The Western District of Washington has sentenced a Ukrainian man to seven years in prison for his role in a hacking gang that are estimated to have caused more than one billion dollars worth of damage. 33-year-old Andrii Kolpakov worked for the FIN7 gang (also sometimes known as Carbanak, Navigator Group, or Anunak) which made its fortune targeting retailers, restaurants, and gambling firms in more than 40 countries around the world, stealing tens of millions of payment card details at thousands

Hacking 137
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

The Taiwanese memory and storage chip maker ADATA was hit by the Ragnar Locker ransomware gang that also published more than 700GB of stolen data. The Ragnar Locker ransomware gang has published on its leak sites more than 700GB of data stolen from Taiwanese memory and storage chip maker ADATA. The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. “!

article thumbnail

Security News in Review: Avaddon Ransomware Closes Down; CLOP Gang Members Arrested

Security Boulevard

This week in security news in review, we have reporting on the Avaddon ransomware gang closing down, Google releasing a new framework about supply chain attack prevention, and a new malware that prevents you from visiting piracy sites. These and other stories in this week’s edition of the cyber news you need to know. . The post Security News in Review: Avaddon Ransomware Closes Down; CLOP Gang Members Arrested appeared first on Security Boulevard.

article thumbnail

Dell SupportAssist bugs put over 30 million PCs at risk

Bleeping Computer

Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices. [.].

Risk 142
article thumbnail

State?sponsored or financially motivated: Is there any difference anymore?

We Live Security

What does the increasingly fuzzy line between traditional cybercrime and attacks attributed to state-backed groups mean for the future of the threat landscape? The post State‑sponsored or financially motivated: Is there any difference anymore? appeared first on WeLiveSecurity.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.