Schneier on Security

MAY 11, 2022

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).

Surveillance 296

Surveillance Government 296

Krebs on Security

MAY 10, 2022

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process

Authentication 269

Authentication Engineering Internet Internet 269

Tech Republic Security

MAY 11, 2022

In our digital age, you need to protect your business against advanced fraud techniques. Here's how. The post Protecting payments in an era of deepfakes and advanced AI appeared first on TechRepublic.

218

218

We Live Security

MAY 12, 2022

The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud. The post 10 reasons why we fall for scams appeared first on WeLiveSecurity.

Scams 145

Scams Risk 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MAY 12, 2022

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them.

Surveillance 250

Surveillance Mobile 250

Krebs on Security

MAY 12, 2022

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Government 264

Government Authentication Passwords Mobile 264

Security Boulevard

MAY 11, 2022

With more people looking to cash in on hype surrounding the cryptocurrency market than ever before and an increasing digital workforce which may lack awareness of network security set-ups, cybercriminal activity remains rampant. Bitcoin’s enduring popularity and peak valuation in 2021 has only encouraged heists on crypto exchanges, the use of cryptomining malware, cryptocurrency-related scams , and malware targeting cryptocurrency wallets.

Scams 145

Scams Phishing Cryptocurrency Marketing 145

We Live Security

MAY 9, 2022

LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform. The post Common LinkedIn scams: Beware of phishing attacks and fake job offers appeared first on WeLiveSecurity.

Scams 145

Scams Phishing 145

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Passwords 231

Passwords Authentication Accountability Mobile 231

Tech Republic Security

MAY 11, 2022

Companies need one person in charge of creating a consistent user experience that is strong on safety and trust. The post Why you need to add a trust and safety officer to the leadership team appeared first on TechRepublic.

184

184

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Appknox

MAY 12, 2022

Internet and software giant Google recently recalibrated how it categorizes its Playstore apps. Google's Android applications are tagged with 'nutrition labels' based on the security practices and the data they collect from users to share with third parties.

Mobile 143

Mobile Internet Internet Software 143

Malwarebytes

MAY 10, 2022

On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is an Iranian threat group that has targeted Middle Eastern countries and victims worldwide since at least 2014.

Government 143

Government DNS Telecommunications Accountability 143

Bleeping Computer

MAY 12, 2022

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. [.].

Authentication 143

Authentication 143

Tech Republic Security

MAY 13, 2022

See what features you can expect from Cylance and CrowdStrike to choose the EDR solution that is ideal for your business. The post Cylance vs CrowdStrike: EDR software comparison appeared first on TechRepublic.

Software 169

Software Artificial Intelligence 169

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

MAY 10, 2022

Are you having a doubt that your smartphone has been hacked or is being used by remote hackers for malevolent scams? If so, then watch out for these abnormal behavioral signs to know whether the device has been hacked. When apps are taking longer time to open than usual, it can be a sign that the device has been hacked. However, if the phone is crashing randomly, it can also mean that the device is lacking security updates.

Hacking 139

Hacking Malware Mobile Scams 139

Malwarebytes

MAY 12, 2022

Lincoln College, one of the few rural schools in Illinois, said that it will permanently close on Friday, May 13, after 157 years, partly due to the impacts of the COVID-19 pandemic and partly due to a long recovery after a ransomware attack in December 2021. The institution notified the Illinois Department of Higher Education and Higher Learning Commission and posted a goodbye note on its website. “Lincoln College has survived many difficult and challenging times – the economic crisis of

Ransomware 142

Ransomware Education Backups Software 142

Graham Cluley

MAY 9, 2022

The ransomware attack is likely to impact a number of agricultural machinery brands, including Challenger, Fendt, Ferguson, Massey, and Valtra, in the run-up to a crucial time of year for crop farmers.

Ransomware 140

Ransomware Malware 140

Tech Republic Security

MAY 12, 2022

On average, companies lose $480 worth of productivity per employee per year due to the time spent dealing with password problems, says Beyond Identity. The post How password fatigue can cost organizations time, money and mental energy appeared first on TechRepublic.

Passwords 162

Passwords 162

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

MAY 12, 2022

Nokia, once renowned for its amazing mobile phones, has now developed a testing lab completely dedicated to cybersecurity in the United States. The new Dallas, Texas-based Advanced Security Testing and Research (ASTaR) Lab will be fully based on a 5G network and will be useful in putting IoT products based on 5G to test against known and unknown cybersecurity threats.

Cybersecurity 136

Cybersecurity IoT Cyber Attacks Threat Detection 136

Malwarebytes

MAY 12, 2022

When you’re buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US, with recently announced plans to offer a virtual credit card service for Chrome.

Banking 140

Banking Authentication Accountability Risk 140

Bleeping Computer

MAY 9, 2022

?Hackers continue to target Russia with cyberattacks, defacing Russian TV to show pro-Ukrainian messages and taking down the RuTube video streaming site. [.].

142

142

Tech Republic Security

MAY 9, 2022

BEC is a growing type of cybercrime that generates billions in losses every year. It also involves cryptocurrency more and more, providing an additional layer of anonymity to the cybercriminals. The post FBI: $43 billion in losses are due to Business Email Compromise fraud between 2016 and 2021 appeared first on TechRepublic.

Cryptocurrency 154

Cryptocurrency Cybercrime 154

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

DoublePulsar

MAY 7, 2022

Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen… Continue reading on DoublePulsar ».

Surveillance 132

Surveillance Cybersecurity 132

Malwarebytes

MAY 11, 2022

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, we’ll look at the actively exploited zero-day. Then we’ll discuss two zero-days that are publicly disclosed, but so far no in the wild exploits have been reported.

Authentication 134

Authentication Internet Internet 134

Security Boulevard

MAY 11, 2022

It shouldn’t be news to anyone that people sharing information online are concerned about the safety of their data. Imperva recently conducted a study with YouGov plc regarding consumers’ attitudes towards data, whether they feel in control of their personal data, and if they trust the organizations tasked with protecting this sensitive information.

Cybersecurity 134

Cybersecurity Phishing 134

Tech Republic Security

MAY 13, 2022

You can have a great career helping companies secure their data by becoming a white hat hacker. Try this training to start a fun new career. The post Start a new career in ethical hacking with these 18 training courses appeared first on TechRepublic.

Hacking 148

Hacking 148

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

The Hacker News

MAY 12, 2022

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.

Scams 134

Scams Hacking Cybersecurity 134

We Live Security

MAY 11, 2022

What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold? The post Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap appeared first on WeLiveSecurity.

Cybersecurity 135

Cybersecurity Marketing 135

Dark Reading

MAY 9, 2022

Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.

Cybersecurity 130

Cybersecurity 130

Tech Republic Security

MAY 12, 2022

As the number of ransomware attacks continue to increase, the response at C-level must be swift and decisive. The post Ransomware: How executives should prepare given the current threat landscape appeared first on TechRepublic.

Ransomware 144

Ransomware 144

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk