Sat.Apr 16, 2022 - Fri.Apr 22, 2022

article thumbnail

Clever Cryptocurrency Theft

Schneier on Security

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportiona votes based on the amount of currency they own. A clever hacker used a “flash loan” feature of another decentralized finance project to borrow enough of the currency to give himself a controlling stake, and then approved a $182 million transfer to his own wallet.

article thumbnail

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information. Data that must remain private simply cannot be readable by unauthorized parties – and that rule applies both when the relevant information is at rest on an internal server, in the cloud, or on some backup media, as well as when it is in transit over any form of network or other means of communicatio

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Top IAM tools 2022: Compare identity and access management solutions

Tech Republic Security

Identity and access management software helps you maintain control of your environment by allowing authorized users to access company resources. Learn 10 of the top IAM tools to see which might be the best fit for your business. The post Top IAM tools 2022: Compare identity and access management solutions appeared first on TechRepublic.

Software 183
article thumbnail

The Use of Artificial Intelligence in Cybersecurity

Security Boulevard

The digital age has created several opportunities for us, and at the same time, we’ve been exposed to a whole new level of cyberthreats. There’s no denying that cybersecurity is now an integral part of every business that wants to avoid being a victim of identity theft, data breaches, and other cyber risks. Cybercriminals are […]. The post The Use of Artificial Intelligence in Cybersecurity appeared first on EasyDMARC.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Schneier on Security

Interesting implementation mistake : The vulnerability, which Oracle patched on Tuesday , affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally. […]. ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S.

article thumbnail

When “secure” isn’t secure at all: High?impact UEFI vulnerabilities discovered in Lenovo consumer laptops

We Live Security

ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware. The post When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops appeared first on WeLiveSecurity.

Firmware 145

More Trending

article thumbnail

The Basics of Cloud Security for Your Business

Security Boulevard

Cloud security encompasses the controls, policies, practices and technologies that protect applications, data and infrastructure from internal and external threats. Cloud security is critical for organizations to successfully implement digital transformation plans and integrate cloud-based solutions and services into their existing operating structures.

article thumbnail

Long Article on NSO Group

Schneier on Security

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists.

Software 264
article thumbnail

Cisco Umbrella default SSH key allows theft of admin credentials

Bleeping Computer

Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely. [.].

145
145
article thumbnail

How phishing attacks are spoofing credit unions to steal money and account credentials

Tech Republic Security

Attackers are impersonating local credit unions to capture personal information and extract money, says Avanan. The post How phishing attacks are spoofing credit unions to steal money and account credentials appeared first on TechRepublic.

Phishing 172
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How to recover files encrypted by Yanlouwang

SecureList

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Yanluowang description.

article thumbnail

Beware of fake Twitter philanthropists offering to put $750 into your Cash App account

Malwarebytes

Twitter philanthropists are a controversial emergence on the social media platform. In essence, Twitter-based philanthropy is about incredibly rich people helping out those who need it. The help is random, and often focused around performing a task like listening to a podcast or simply retweeting something. Of course, not everyone can “win” and many, many people miss out.

article thumbnail

How do Companies Process Sensitive Data and Why is That Important?

CyberSecurity Insiders

Source. Keeping information secure from any theft activities in the digital world is necessary. But unfortunately, with everything going online, the digital world seems to be just as dangerous as the real world, especially when storing your personal information. . These issues will often arise when a company fails to ensure proper security measures and when companies don’t process sensitive data properly.

article thumbnail

Over 42 million people in the UK had financial data compromised

Tech Republic Security

International law firm RPC found the rate of ransomware attacks are spiking, leading to more sensitive information being jeopardized. The post Over 42 million people in the UK had financial data compromised appeared first on TechRepublic.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

GitHub suspends accounts of Russian devs at sanctioned companies

Bleeping Computer

Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions. [.].

article thumbnail

Oracle releases massive Critical Patch Update containing 520 security patches

Malwarebytes

Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of these updates may need your urgent attention if you are a user of the affected product. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).

article thumbnail

Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities

Dark Reading

Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.

Firmware 145
article thumbnail

US critical infrastructures targeted by complex malware

Tech Republic Security

A recently discovered set of malicious tools allows state-sponsored attackers to target critical infrastructures in the US. See what you should do to protect yourself from this new threat. The post US critical infrastructures targeted by complex malware appeared first on TechRepublic.

Malware 153
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Malware is seen sending extortion emails to pay $2K in Bitcoins

CyberSecurity Insiders

A malware dubbed MyloBot malware is seen sending extortion emails to victims and demanding a payment of $2,732 in digital currency. Interestingly, this malicious software has the potential to stay concealed for 14 days and then contacts the command-and-control server to execute malevolent binaries directly from memory. This malware that was first detected in 2018 has anti-debugging capabilities and the potential to remove other malware already installed in the system or network.

Malware 135
article thumbnail

It’s legal to scrape public data—US appeals court

Malwarebytes

Web scraping—the automated extraction of data from websites—has been around for a long time. Simultaneously cursed and praised, with nobody being able to quite land the decisive blow about whether it should be allowed, one way or another. This may have changed, thanks to a recent US appeals court ruling. A tangled web of scraped content. LinkedIn (and, by extension, Microsoft ) is not impressed with people or organisations scraping publicly available data from its site.

Phishing 134
article thumbnail

CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA adds a VMware privilege escalation flaw and a Google Chrome type confusion issue to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog.

article thumbnail

LinkedIn was the most exploited brand in phishing attacks last quarter

Tech Republic Security

Phishing attacks aimed at stealing LinkedIn account credentials surged during the first quarter of 2022, says Check Point Research. The post LinkedIn was the most exploited brand in phishing attacks last quarter appeared first on TechRepublic.

Phishing 150
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Emotet Botnet Grows in Size and Activity

Heimadal Security

Known as a banking Trojan, Emotet is a kind of malware that belongs to the banking Trojans malware strain. Malspam, which are spam emails that contain malware, is the primary method of spreading it (hence the term). Users are more likely to be persuaded if the communications feature recognized branding and are formatted in the […]. The post Emotet Botnet Grows in Size and Activity appeared first on Heimdal Security Blog.

Banking 129
article thumbnail

Why you shouldn’t automate your VirusTotal uploads

Malwarebytes

It is important to realize that uploading certain files to VirusTotal may result in leaking confidential data, which could result in a breach of confidentiality, or worse. We have warned against uploading personal information, as does VirusTotal itself on their home page. But apparently some organizations have automated the uploading of email attachments without really thinking through the possible consequences.

Malware 129
article thumbnail

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.

DDOS 134
article thumbnail

Report: Many SMBs wouldn’t survive a ransomware attack

Tech Republic Security

Some 75% of SMBs polled in a CyberCatch survey said they’d be able to survive only three to seven days following a ransomware attack. The post Report: Many SMBs wouldn’t survive a ransomware attack appeared first on TechRepublic.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Cybersecurity Ecosystem Mapping Updates: April 2022

Security Boulevard

Reflection, future plans, and a large set of updates to the original cybersecurity ecosystem mapping. The post Cybersecurity Ecosystem Mapping Updates: April 2022 appeared first on Security Boulevard.

article thumbnail

Zero-Day Exploit Use Exploded in 2021

Dark Reading

Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.

article thumbnail

Cybersecurity litigation risks: 4 top concerns for CISOs

CSO Magazine

The threat of litigation is enough to keep any business leader up at night, and the increasing prevalence of data protection, privacy, and cybersecurity legislation and regulation is piling on the pressure for CISOs. According to Norton Rose Fulbright’s latest Annual Litigation Trends Survey of more than 250 general counsel and in-house litigation practitioners, cybersecurity and data protection will be among the top drivers of new legal disputes for the next several years.

CISO 131
article thumbnail

How businesses are reassessing their mobile strategies

Tech Republic Security

Samsung and Oxford Economics study explores how BYOD vs EPD policies can impact SMBs. The post How businesses are reassessing their mobile strategies appeared first on TechRepublic.

Mobile 135
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.