Krebs on Security

APRIL 29, 2022

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Identity Theft 361

Identity Theft Cybercrime Retail Hacking 361

Schneier on Security

APRIL 25, 2022

SMS phishing attacks — annoyingly called “smishing” — are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about. Mine are usually of the form: “thank you for paying your bill, here’s a free gift for you.

Phishing 269

Phishing 269

Lohrman on Security

APRIL 24, 2022

Where next for supply chain disruptions? How will this impact technology projects and plans? Let’s explore.

Technology 237

Technology 237

Tech Republic Security

APRIL 25, 2022

Through multiple breaches, the Lapsus$ cybercriminal group was able to steal source code from T-Mobile, says KrebsOnSecurity. The post T-Mobile hit by data breaches from Lapsus$ extortion group appeared first on TechRepublic.

Data breaches 161

Data breaches Mobile 161

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

APRIL 28, 2022

Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity agencies of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency ( CISA ), Na

Software 143

Software VPN Cybersecurity Internet 143

Schneier on Security

APRIL 29, 2022

New research: “ Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps “: Abstract: In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. And for the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during me

Government 258

Government 258

Tech Republic Security

APRIL 27, 2022

If malicious actors are already on your network, then typical cybersecurity measures aren’t enough. Learn how to further protect your organization’s data with these five facts about zero-trust security from Tom Merritt. The post Top 5 things about zero-trust security that you need to know appeared first on TechRepublic.

Cybersecurity 151

Cybersecurity 151

Bleeping Computer

APRIL 25, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. [.].

Cybersecurity 141

Cybersecurity 141

Schneier on Security

APRIL 28, 2022

Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war: At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea.

Government 215

Government Malware 215

Malwarebytes

APRIL 25, 2022

Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts: Beware of SMS phishing! For those who don’t read Dutch, the warning reads: Never respond to unusual emails or texts! Fraudsters often send e-mails under the guise of renewing your debit card or digipas.

Phishing 138

Phishing Banking Scams Accountability 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

APRIL 26, 2022

Both dualmon and TeamViewer are feature-rich remote desktop software tools. We compare the tools so you can choose the right remote desktop software for your needs. The post Dualmon vs TeamViewer: Remote desktop software comparison appeared first on TechRepublic.

Software 147

Software 147

CSO Magazine

APRIL 28, 2022

Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Some phishing attacks target customers rather than employees, and others simply aim to damage your corporate reputation rather than compromise your systems.

Phishing 136

Phishing Social Engineering Engineering Technology 136

Bleeping Computer

APRIL 25, 2022

The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments. [.].

Malware 134

Malware Phishing 134

Security Boulevard

APRIL 25, 2022

A ridiculously dumb flaw in Java’s signature checking code is patched. This isn’t some crufty legacy Sun code, but actual garbage Oracle sloppiness that’s causing IT people to chase their tails yet again. The post ‘Crypto Bug of the Year’ Fixed — Update Java NOW appeared first on Security Boulevard.

Security Awareness 134

Security Awareness IoT Risk Mobile 134

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

APRIL 26, 2022

Kaspersky found that January and February were a hotbed of cyberattacks for a number of different targeted countries. The post DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine appeared first on TechRepublic.

DDOS 142

DDOS 142

CSO Magazine

APRIL 25, 2022

Larry Pesce remembers the day when the distributed denial of service (DDoS) threat landscape changed dramatically. It was late fall in 2016 when a fellow researcher joined him at the InGuardians lab, where he is director of research. His friend wanted to see how fast Mirai , a novel internet of things (IoT) botnet installer, would take over a Linux-based DVR camera recorder that was popular with medium-size businesses.

DDOS 132

DDOS IoT Internet Internet 132

Bleeping Computer

APRIL 25, 2022

Threat analysts have spotted yet another addition to the growing space of info-stealer malware infections, named Prynt Stealer, which offers powerful capabilities and extra keylogger and clipper modules. [.].

Malware 133

Malware 133

CyberSecurity Insiders

APRIL 29, 2022

Source . . Have you heard of the Colonial Pipeline incident ? . . The cyberattack on the company caused widespread panic throughout the United States and disrupted operations for days. . . Yes, one lapse on a spam email, one inadequate password, one abandoned account, or a malfunctioning asset can cause havoc. . In fact, in the cybersecurity world, you can’t protect something if you have no idea where the threat exists. . .

Cyber Risk 122

Cyber Risk Software Risk IoT 122

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

APRIL 29, 2022

Okta and Microsoft Azure Active Directory are both robust and capable IAM solutions. Okta wins out on ease of use and streamlined implementation; Azure Active Directory is best for existing Azure infrastructures where more complex user access permissions are needed. The post IAM software: Okta vs Azure Active Directory appeared first on TechRepublic.

Software 139

Software 139

Security Boulevard

APRIL 25, 2022

Zero Trust is a great framework to protect our IT assets, operations, and data. It has gained a lot of attention and many followers since the idea was first introduced by John Kindervag , and it has helped organizations as they mature their respective IT security programs. Even government agencies were directed to “advance toward Zero Trust Architecture” in President Biden’s Executive Order on Improving the Nation’s Cybersecurity.

Architecture 121

Architecture Government Cybersecurity 121

Bleeping Computer

APRIL 25, 2022

Microsoft has released the optional KB5011831 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that fixes 26 bugs. [.].

132

132

Digital Shadows

APRIL 28, 2022

The two-month mark of the Russia and Ukraine war has passed, with Russia almost certainly having failed to meet its. The post The Russia – Ukraine war: Two months in first appeared on Digital Shadows.

120

120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

APRIL 28, 2022

This review compares the features of IAM software Okta and Ping. Features include multifactor authentication, threat detection and dashboards. The post Okta vs Ping: IAM software comparison appeared first on TechRepublic.

Software 134

Software Threat Detection Authentication 134

Identity IQ

APRIL 27, 2022

How to Dispose Outdated Electronics to Protect Your Identity. IdentityIQ. Your iPhone is ancient, your laptop is malfunctioning, and your tablet is due for an upgrade. Of course, there comes a time for everyone to toss their old tech and level up to the latest version. But before trashing your old tech, make sure you don’t leave your personal information out there for the taking.

Identity Theft 119

Identity Theft Computers and Electronics Manufacturing Data breaches 119

CSO Magazine

APRIL 25, 2022

Aiming to reduce affiliate fraud and mitigate privacy risks, web and internet security company Akamai has released Audience Hijacking Protector, a cloud-based solution designed to minimize in-browser marketing frauds by blocking unwanted redirections like unauthorized ads and pop-ups. Promising protection from possible revenue loss and disrupted customer experiences, the new hijacking protector, generally available now, offer features to defend against unwanted redirection of customers to compet

Marketing 119

Marketing Internet Internet Risk 119

The State of Security

APRIL 29, 2022

If you are worried about the financial hit of paying a ransom to cybercriminals, wait until you find out the true cost of a ransomware attack. Read more in my article on the Tripwire State of Security blog.

Ransomware 116

Ransomware Malware 116

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

APRIL 29, 2022

Trick attackers into exposing themselves when they breach your systems using decoys that are easy to deploy and act like tripwires. The post Protect your environment with deception and honeytokens appeared first on TechRepublic.

133

133

Bleeping Computer

APRIL 25, 2022

The GHT Coeur Grand Est. Hospitals and Health Care group comprising nine establishments with 3,370 beds across Northeast France has disclosed a cyberattack that resulted in the theft of sensitive administrative and patient data. [.].

Internet 114

Internet Internet 114

Cisco Security

APRIL 28, 2022

In the midst of global change and virtual hiring, the landscape of job searching has changed. We sat down (via WebEx) with recruiting leaders, accessibility experts and career changers at Cisco Secure and Duo Security to find out the top 10 ways to make the virtual job search, application and interview process as easeful as possible. Stay tuned for future topics in this series including advice for career changers and environmental aspects to consider for long-term fulfillment at work. 1.

Engineering 114

Engineering Technology Software Education 114

Security Boulevard

APRIL 25, 2022

A deeper look into Thoma Bravo, the audacious private equity firm that's reshaping the cybersecurity ecosystem. The post Bravo, Thoma Bravo appeared first on Security Boulevard.

Cybersecurity 113

Cybersecurity 113

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk