Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their

Mobile 276

Mobile Phishing Authentication Accountability 276

Schneier on Security

AUGUST 29, 2022

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics. The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.

241

241

Lohrman on Security

AUGUST 28, 2022

The Cybersecurity and Infrastructure Security Agency is getting pushback from critical infrastructure owners and operators on cyber goals and objectives. So what happens next?

Cybersecurity 214

Cybersecurity 214

Tech Republic Security

AUGUST 29, 2022

The offensive security tool used by penetration testers is also being used by threat actors from the ransomware and cyberespionage spheres. The post Sliver offensive security framework increasingly used by threat actors appeared first on TechRepublic.

Ransomware 155

Ransomware Penetration Testing Cybersecurity 155

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

AUGUST 30, 2022

Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. [.].

Malware 145

Malware Phishing 145

Schneier on Security

SEPTEMBER 2, 2022

Details are few, but Montenegro has suffered a cyberattack : A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. […]. But the attack against Montenegro’s infrastructure seemed more sustained and extensive, with targets including water supply systems, transportation services and online government services, among many others.

Retail 231

Retail Government Ransomware Information Security 231

Tech Republic Security

AUGUST 29, 2022

A new survey from GitLab also finds that nearly three-quarters of respondents have adopted or are planning to adopt a DevOps platform within the year. The post Security investment, toolchain consolidation emerge as top priorities appeared first on TechRepublic.

152

152

Bleeping Computer

AUGUST 30, 2022

Threat analysts at McAfee found five Google Chrome extensions that steal track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times. [.].

143

143

Schneier on Security

SEPTEMBER 1, 2022

Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and install a remote-access tool.

Scams 219

Scams Phishing 219

Security Boulevard

SEPTEMBER 2, 2022

An investigation into the breach by Britain's Information Commissioner Office (ICO) concluded that British Airways had violated Europe’s General Data Protection Regulation (GDPR). The post British Airways: A Case Study in GDPR Compliance Failure appeared first on Source Defense. The post British Airways: A Case Study in GDPR Compliance Failure appeared first on Security Boulevard.

Risk 143

Risk Government 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

SEPTEMBER 2, 2022

Traffers are cybercriminals organized in teams whose purpose is to steal a maximum of bankable information from infected computers, which they sell to other cybercriminals. The post Traffers threat: The invisible thieves appeared first on TechRepublic.

Cybercrime 148

Cybercrime Cybersecurity 148

Security Affairs

SEPTEMBER 2, 2022

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware README note (see Figure 1).

Ransomware 140

Ransomware Encryption Malware Hacking 140

Schneier on Security

AUGUST 30, 2022

This is good news: The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. “Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locatio

Risk 216

Risk 216

Security Boulevard

SEPTEMBER 2, 2022

Women make up 51% of the population, but just 24% of the cybersecurity workforce. The good news is that cybersecurity organizations around the world increasingly acknowledge the importance of gender diversity in the workplace. The bad news is that most still struggle with recruitment and hiring of women, with seven out of 10 leaders worldwide. The post Hiring More Women in Cybersecurity is Mission-Critical appeared first on Security Boulevard.

Cybersecurity 137

Cybersecurity Security Awareness 137

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

AUGUST 27, 2022

Today’s organizations are facing significant threats that can impact a wide range of people, from individual users to the boardroom. Studies show that cyber professionals believe they are missing at least half of the attacks targeting their organization. Most organizations lack the expertise and internal resources to respond effectively to threats. For these reasons, more businesses are seeking out managed security services, like Nisos.

Risk 136

Risk Media Data collection Security Intelligence 136

Appknox

AUGUST 28, 2022

Several companies aren't still aware of the fact that automated mobile app security testing brings better ROI than manual testing. Perhaps, they don't know what aspects of automation testing directly or indirectly impact the ROI. However, we got you covered.

Mobile 136

Mobile 136

We Live Security

AUGUST 30, 2022

Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? The post TikShock: Don’t get caught out by these 5 TikTok scams appeared first on WeLiveSecurity.

Scams 133

Scams Media 133

Security Boulevard

SEPTEMBER 1, 2022

Interview with Mike Manrod, CISO, and Christian Taillon, IT Security Engineer at Grand Canyon Education. The post DHS Calls for “Excellence in Software” in Log4j Report appeared first on Security Boulevard.

Software 132

Software CISO Education Engineering 132

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

AUGUST 31, 2022

In what seems to be a startling revelation made by Cybersecurity firm Proofpoint, China has been conducting espionage on Australian defense and energy servers for months, thus stealing intelligence and spying on the activities conducted by the officials. It was a well-planned attack conducted by a hacking group named Red Ladon, say experts from the security firm.

Phishing 133

Phishing Cybersecurity Software Hacking 133

Dark Reading

SEPTEMBER 2, 2022

Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers.

145

145

Digital Shadows

SEPTEMBER 1, 2022

Rising energy bills, inflation, skyrocketing interest rates; the world continues to suffer from a cost of living and economic crisis. The post “I’m tired of living in poverty” – Russian-Speaking Cyber Criminals Feeling the Economic Pinch first appeared on Digital Shadows.

130

130

Graham Cluley

AUGUST 30, 2022

I must admit I was delighted to receive an email today from UK high street pharmacy Boots telling me I should enable two-factor authentication on my account. Boots customers would have benefited from two-factor authentication a couple of years ago, when hackers attempted to gain access to customers’ Boots Advantage Card accounts, and temporarily stopped … Continue reading "Boots lets down its customers, by only offering SMS-based 2FA".

Authentication 128

Authentication Accountability 128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

AUGUST 30, 2022

[ This article was originally published here by Indusface.com ]. Data from a recent report revealed that bots take up two-thirds of internet traffic. However, not all bots are safe and well-intentioned. Research further suggests that of all the web traffic, nearly 40% is bad bot traffic, and around 25% is good bot traffic. Given how destructive bad bots are, it is essential to use a bot protection solution to detect bad bots, manage bot traffic, and mitigate bot threats.?

Marketing 129

Marketing DDOS Advertising Phishing 129

CSO Magazine

AUGUST 31, 2022

So, you read a great tip on the internet and think it would improve your security posture. Before you bring that tip to management, it’s wise to determine if it’s allowed by your security compliance requirements or can become an acceptable exception to your compliance templates. Many of you work for firms that have multiple compliance mandates. The larger and more international your corporation, the more alphabet soup of technology compliance regulations need to be followed: the European Union’s

Insurance 128

Insurance Internet Internet Technology 128

BH Consulting

AUGUST 31, 2022

Since the EU General Data Protection Regulation came into force in May 2018, there hasn’t yet been a way to prove compliance with it. Until now. Luxembourg’s GDPR-CARPA is the first officially recognised certification scheme to be adopted under the regulation. It’s surprising that such a significant development hasn’t received more attention, given the discourse around GDPR certification schemes.

Data privacy 127

Data privacy Data breaches Government Accountability 127

Security Boulevard

AUGUST 30, 2022

Understanding other people’s problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly and easily to stay ahead of their competition. They want to be able to embrace […]. The post How to Support Agile Development Through Cybersecurity Best Practices appeared first on Blog.

Cybersecurity 127

Cybersecurity Software 127

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

CyberSecurity Insiders

AUGUST 28, 2022

North Korea hacking group named Kimsuky is using sophistication to assure that its malware reaches the right targets with great accuracy. According to Kaspersky, Kimsuky hackers are targeting mainly companies and high-profile individuals from the Korean Peninsula. It all begins with a phishing email that is targeted by politicians, diplomats, university research professors, and journalists in North and South Korea.

Malware 129

Malware Phishing Cryptocurrency Hacking 129

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. The Vx-undergroud researchers shared some images of several confidential documents that appear to be the commercial offer of Intellect.

Surveillance 127

Surveillance Spyware Mobile Hacking 127

Graham Cluley

SEPTEMBER 1, 2022

Amid a wave of hacks which has cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 121

Cryptocurrency Hacking 121

Security Boulevard

SEPTEMBER 2, 2022

Digital identities play an important role in an organization’s security program. But the idea of “identity” in APIs can be complex, Jeff Williams, CTO and co-founder at Contrast Security, said in an email interview. “People think of APIs as a way for two software applications to communicate,” Williams explained. For example, if a mobile phone. The post Identity’s Role in API Security appeared first on Security Boulevard.

Mobile 123

Mobile Software Cybersecurity 123

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk