Sat.Mar 26, 2022 - Fri.Apr 01, 2022

article thumbnail

Welcoming the Bulgarian Government to Have I Been Pwned

Troy Hunt

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.

article thumbnail

Bypassing Two-Factor Authentication

Schneier on Security

These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection. […].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Follow the 3-2-1 Rules of Data Backups

Adam Levin

When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are: Keep at least three copies of your data: The emphasis here is on at least. Backups are inherently fallible, and can fall prey to malware, ransomware, power surges, and hardware failure. The only way to make sure your data is truly secured is by having backups of your backups.

Backups 293
article thumbnail

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Krebs on Security

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Weekly Update 289

Troy Hunt

Everyone just came for the Ubiquiti discussion, right? This is such a tricky one; if their products sucked we could all just forget about them and go on with our day. But they don't suck - they're awesome - and that makes it hard to fathom how a company that makes such great gear is responding this way to such a well-respected journo. I spend most of this week's video talking about this and perhaps what surprised me most, is even after that discussion there's a bunch of peopl

Passwords 267
article thumbnail

Chrome Zero-Day from North Korea

Schneier on Security

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors.

Hacking 246

More Trending

article thumbnail

How Much Does a Data Breach Cost?

Security Boulevard

According to IBM's Annual Cost of a Data Breach Report 2021 , the average cost of a data breach is around $4.24 million. In the United States and Canada, it's even higher. So what makes data breaches so costly, are business leaders aware of the risks, and what can be done to prevent breaches? . The post How Much Does a Data Breach Cost? appeared first on Security Boulevard.

article thumbnail

PCI DSS v4.0 Resource Hub

PCI perspectives

PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data. The next evolution of the standard- PCI DSS v4.0- is now available. This PCI DSS Resource Hub provides links to both standard documents and educational resources to help organizations become familiar with PCI DSS v4.0.

Education 145
article thumbnail

“Your rubles will only be good for lighting a fire”: Cybercriminals reel from impact of sanctions

Digital Shadows

Since Russia’s invasion of Ukraine in February, the Digital Shadows Photon team has been following multiple aspects of the tragic. The post “Your rubles will only be good for lighting a fire”: Cybercriminals reel from impact of sanctions first appeared on Digital Shadows.

article thumbnail

Ransomware attacks are on the rise, who is being affected?

Tech Republic Security

A report from NCC Group profiles the industries plagued by ransomware as well as the most active hacking groups in February. The post Ransomware attacks are on the rise, who is being affected? appeared first on TechRepublic.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How to evaluate SOC-as-a-service providers

CSO Magazine

If you don’t currently have your own security operations center (SOC), you have two ways to get one: Build your own or use some managed collection of services. In past years the two paths were distinct, and it was relatively easy to make the call based on staffing costs and skills. Now, the SOC-as-a-service (SOCaaS) industry has matured to the point now where the term is falling into disfavor as managed services vendors have become more integral to the practice.

141
141
article thumbnail

Is Increased Remote Working Fueling a Cybersecurity Crisis?

CyberSecurity Insiders

By Chester Avey. The Covid-19 pandemic has caused seismic change for business. Not only have markets and industries had to find ways to adapt, but companies of all sizes have faced an unprecedented scenario. It can be easy to understand then, that cybersecurity may not have been a huge priority for businesses . However, it has now been well established that over the period of the pandemic there has been an enormous rise in cybercrime.

article thumbnail

Spring Framework Remote Code Execution (CVE-2022-22965)

Veracode Security

Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite serious depending on your organization’s use of Spring Framework.

142
142
article thumbnail

Minimizing security risks: Best practices for success

Tech Republic Security

To reduce security threats within your organization, you must prioritize security risk management. Here are some best practices to follow, as well as some top resources from TechRepublic Premium. The post Minimizing security risks: Best practices for success appeared first on TechRepublic.

Risk 207
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards

Bleeping Computer

The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. [.].

Media 141
article thumbnail

What is Shodan? The search engine for everything on the internet

CSO Magazine

Shodan is a search engine for everything on the internet — web cams, water treatment facilities, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs, refrigerators, anything and everything you could possibly imagine that's plugged into the internet (and often shouldn't be). Google and other search engines, by comparison, index only the web.

article thumbnail

7 Tips For Women To Land Their Dream Job in Tech

Security Boulevard

As Women's History Month comes to an end, we reflect on the impact women have made in shaping our industry. At Contrast, women comprise more than a fourth of our workforce, and they are well represented across sales, customer success, marketing, human resources, finance, and product development. To celebrate Women's History Month, we invited some of our women in tech to give advice to others trying to break into the field.

Marketing 132
article thumbnail

Digital Transformation Phase 2: Increased Efficiency and Heightened Security Risk

Tech Republic Security

As digital transformation takes hold, companies must employ zero trust to fully secure the expanded threat layer that drives efficiency. The post Digital Transformation Phase 2: Increased Efficiency and Heightened Security Risk appeared first on TechRepublic.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Critical Sophos Firewall vulnerability allows remote code execution

Bleeping Computer

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. [.].

Firewall 138
article thumbnail

Startup Equity firm invests $525 million in Cybersecurity firm Zimperium

CyberSecurity Insiders

A startup Liberty Strategic Capital, that is into the business of private equity fund, has announced that it has invested $525 million in a Cybersecurity firm, ZIMPERIUM. Sources reporting to Cybersecurity Insiders state that Steven Mnuchin, the former treasurer of United States, found the financial business. And he will now become the chairperson to Zimperium’s board of directors.

article thumbnail

Privilege Elevation and Delegation Management Explained: Definition, Benefits and More

Heimadal Security

A game-changer in the PAM market, PEDM is now on everybody’s lips when talking about more efficient methods to mitigate cybersec risk by properly controlling privileged permissions. Featuring three essential elements: appropriate privileges for appropriate users just at the appropriate time, PEDM dramatically improves your cybersec posture. Read on to gain more knowledge surrounding this […].

Marketing 130
article thumbnail

Phishing attacks exploit free calendar app to steal account credentials

Tech Republic Security

A credential harvesting campaign spotted by INKY at the end of February tried to lure its victims to Calendly, a legitimate and free online calendar app. The post Phishing attacks exploit free calendar app to steal account credentials appeared first on TechRepublic.

Phishing 155
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Critical GitLab vulnerability lets attackers take over accounts

Bleeping Computer

GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. [.].

article thumbnail

New UAC-0056 activity: There’s a Go Elephant in the room

Malwarebytes

This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia. The group is known to have performed a wiper attack in January 2022 on multiple Ukrainian government computers and websites.

article thumbnail

Lapsus$ ransomware group strikes software firm Globant

CyberSecurity Insiders

Laspsus$ ransomware group has revealed some details about its latest victim through its official telegram channel and Argentina-based IT and software firm Globant that has a global business presence seems to have become its latest victim. Lapsus$ claimed that it has stolen about 70GB of Globant’s data, including the company’s software source code, and threatened the company to release more details, if it doesn’t bow down to its ransom demands.

Software 129
article thumbnail

Cybercriminals’ phishing kits make credential theft easier than ever

Tech Republic Security

Phishing attempts are within reach of less tech-savvy attackers, thanks to the rise of phishing kits. Learn where these kits are found, how they work, and how to combat them. The post Cybercriminals’ phishing kits make credential theft easier than ever appeared first on TechRepublic.

Phishing 153
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Why CISOs everywhere should pay attention to the US global threat assessment

CSO Magazine

On March 10, the Senate Select Committee on Intelligence (SSCI) hosted the annual Global Threat Assessment briefing during which representatives of the US intelligence community availed themselves for questions. The intelligence community contingent was led by Director of National Intelligence Avril Haines, who was supported by CIA Director William Burns, DIA Director Lieutenant General Scott Berrier, NSA Director General Paul Nakasone, and FBI Director Christopher Wray.

CISO 128
article thumbnail

Okta: "We made a mistake" delaying the Lapsus$ hack disclosure

Bleeping Computer

Okta has admitted that it made a mistake delaying the disclosure hack from the Lapsus$ data extortion group that took place in January. Additionally, the company has provided a detailed timeline of the incident and its investigation activities. [.].

Hacking 140
article thumbnail

Google Opens new Ad-Targeting API—Topics, ‘Privacy Sandbox’ and FLEDGE

Security Boulevard

Cookies are dead—or, at least, their days are numbered. Instead, Google wants to shape the future of targeted advertising. The post Google Opens new Ad-Targeting API—Topics, ‘Privacy Sandbox’ and FLEDGE appeared first on Security Boulevard.

article thumbnail

Apple and Meta shared data with child hackers pretending to be law enforcement

Tech Republic Security

The two tech companies are believed to have provided hacker groups with user information as part of the impersonation. The post Apple and Meta shared data with child hackers pretending to be law enforcement appeared first on TechRepublic.

147
147
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.