Sat.Jul 09, 2022 - Fri.Jul 15, 2022

article thumbnail

Security Vulnerabilities in Honda’s Keyless Entry System

Schneier on Security

Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. […].

Software 318
article thumbnail

Experian, You Have Some Explaining to Do

Krebs on Security

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 303

Troy Hunt

And we're finally done with this trip. 26 days, 14 different accommodations, 5,146km of driving through 4 states and the last 4 weekly vids all done on the road. Travel is great, but right now going home is even better 😊 Next week's vid will be back in my comfy office with good lighting, video, audio and better planning. Until then, here's a (late) weekly update 303: References If you're going to scrape someone else's content, don't embed the images directly

article thumbnail

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

The Last Watchdog

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised. Related: VPNs vs ZTNA. Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark , a supplier of VPN services aimed at the consumer and SMB markets.

VPN 225
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

San Francisco Police Want Real-Time Access to Private Surveillance Cameras

Schneier on Security

Surely no one could have predicted this : The new proposal—championed by Mayor London Breed after November’s wild weekend of orchestrated burglaries and theft in the San Francisco Bay Area—would authorize the police department to use non-city-owned security cameras and camera networks to live monitor “significant events with public safety concerns” and ongoing felony or misdemeanor violations.

article thumbnail

Microsoft Patch Tuesday, July 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.

Internet 212

More Trending

article thumbnail

State-sponsored cyberespionage campaigns continue targeting journalists and media

Tech Republic Security

Journalists have information that makes them particularly interesting for state-sponsored cyberespionage threat actors. Learn more about these threats now. The post State-sponsored cyberespionage campaigns continue targeting journalists and media appeared first on TechRepublic.

Media 207
article thumbnail

Post-Roe Privacy

Schneier on Security

This is an excellent essay outlining the post-Roe privacy threat model. (Summary: period tracking apps are largely a red herring.). Taken together, this means the primary digital threat for people who take abortion pills is the actual evidence of intention stored on your phone, in the form of texts, emails, and search/web history. Cynthia Conti-Cook’s incredible article “ Surveilling the Digital Abortion Diary details what we know now about how digital evidence has been used to prose

article thumbnail

Collaboration and knowledge sharing key to progress in cybersecurity

We Live Security

In a world of ever-evolving cyberthreats, collaboration and knowledge exchange are vital for keeping an edge on attackers. The post Collaboration and knowledge sharing key to progress in cybersecurity appeared first on WeLiveSecurity.

article thumbnail

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

Dark Reading

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Secure remote help can be powerful but may not be cheap

Tech Republic Security

Use the new Windows Remote Help app to support remote and hybrid employees from Microsoft Endpoint Manager securely without a VPN. The post Secure remote help can be powerful but may not be cheap appeared first on TechRepublic.

VPN 188
article thumbnail

WhatsApp warns users: Fake versions of WhatsApp are trying to steal your personal info

Malwarebytes

WhatsApp boss Will Cathcart is warning users of the popular messaging app to be on their guard after the WhatsApp Security Team discovered bogus apps packing a hidden punch in the form of malware. Outside the safety of the walled garden. App stores do whatever they can to try and prevent bogus programs making it onto the storefront. While the majority of apps on legitimate stores are likely safe, rogues do get through.

Mobile 143
article thumbnail

10,000 organisations targeted by phishing attack that bypasses multi-factor authentication

The State of Security

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.

article thumbnail

New Highly-Evasive Linux Malware Infects All Running Processes

eSecurity Planet

Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit , the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” and “remote capabilities over SSH.”.

Malware 140
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Nearly half of enterprise endpoint devices present significant security risks

Tech Republic Security

Organizations are struggling to manage devices and stay ahead of vulnerabilities, patches and attacks, according to a new report from Adaptiva and the Ponemon Institute. The post Nearly half of enterprise endpoint devices present significant security risks appeared first on TechRepublic.

Risk 173
article thumbnail

Survey Surfaces Raft of Industrial IoT Security Challenges

Security Boulevard

A survey of 800 senior IT managers, senior IT security managers and project managers responsible for industrial internet-of-things (IIoT)/operational technology (OT) found 94% reported their organization experienced a security incident in the last 12 months. The survey, conducted by Barracuda Networks, also found 87% of organizations that experienced an incident were impacted for more than.

IoT 141
article thumbnail

Password recovery tool infects industrial systems with Sality malware

Bleeping Computer

A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs). [.].

Passwords 145
article thumbnail

Fortinet addressed multiple vulnerabilities in several products

Security Affairs

Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Brave uses Goggle to show only cybersecurity websites

Tech Republic Security

The independent search engine introduced its new feature that filters results. The post Brave uses Goggle to show only cybersecurity websites appeared first on TechRepublic.

article thumbnail

Experian FAILs yet Again — Hackers can Change Your Email Address

Security Boulevard

Credit reporting agency Experian has a nasty vulnerability. Why do we put up with this? The post Experian FAILs yet Again — Hackers can Change Your Email Address appeared first on Security Boulevard.

article thumbnail

Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign

Malwarebytes

This blog was authored by Roberto Santos and Hossein Jazi. The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that we attribute with high confidence to UAC-0056 (AKA UNC2589, TA471). This threat group has repeatedly targeted the government entities in Ukraine via phishing campaigns following the same common tactics, techniques and procedures (TTPs).

article thumbnail

Mangatoon data breach exposes data from 23 million accounts

Bleeping Computer

Manga comic reading app Mangatoon has suffered a data breach that exposed the account information of 23 million users after a hacker stole it from an Elasticsearch database. [.].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

20 VPN subscriptions and bundles on sale now

Tech Republic Security

Keep your internet connection behind lock and key with these 20 VPN subscriptions and bundles offered through TechRepublic Academy. The post 20 VPN subscriptions and bundles on sale now appeared first on TechRepublic.

VPN 157
article thumbnail

Celebrating Emoji Day in CyberSecurity!

Thales Cloud Protection & Licensing

Celebrating Emoji Day in CyberSecurity! divya. Thu, 07/14/2022 - 06:57. It's that day of the year again - the time? when we celebrate ?? Emoji Day on ?? 17 July. You might be wondering ??, what is Emoji Day, and what does it have to do with cybersecurity??? And you might think ?? why should security ?? professionals even care? Well, emojis are everywhere and used in all types of digital communication ???

article thumbnail

Hackers targeting journalists across the World

CyberSecurity Insiders

All these days we have seen hackers targeting companies, individuals, politicians and celebrity stalwarts. But now, security research conducted by Proofpoint says that APT groups are now after journalists across the world and are interested in gaining access to classical information, n sources, manipulate their news drafts and postings and use their credentials to get into the networks of media outlets.

Media 130
article thumbnail

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Security Affairs

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside in the UEFI firmware shipped with over 70 product models, including several ThinkBook models. A remote attacker can trigger these flaws to execute arbitrary code on the vulnerable systems in the early stages of the boot avoiding the detection of s

Firmware 129
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Critical infrastructure IIoT/OT security projects suffer high rates of failure

Tech Republic Security

Barracuda found that 93% of organizations in the areas of IIoT/OT have experienced a failed security project. The post Critical infrastructure IIoT/OT security projects suffer high rates of failure appeared first on TechRepublic.

Internet 157
article thumbnail

How One Company Survived a Ransomware Attack Without Paying the Ransom

eSecurity Planet

The first signs of the ransomware attack at data storage vendor Spectra Logic were reports from a number of IT staffers about little things going wrong at the beginning of the day. Matters steadily worsened within a very short time and signs of a breach became apparent. Screens then started to display a ransom demand, which said files had been encrypted by the NetWalker ransomware virus.

article thumbnail

These five apps can wipe off all your Mobile Security worries

CyberSecurity Insiders

Smart Phones have become a necessity these days, but the security concerns they offer are many. Especially, the Pegasus software surveillance revelations have left many in the mobile world baffled. And the highlight in the discovery was a Saudi Prince using the NSO Group built software to spy on Amazon Chief Jeff Bezos and leaking his personal life details as texts and photos to the media.

Mobile 130
article thumbnail

Holy Ghost ransomware operation is linked to North Korea

Security Affairs

Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware attacks against small businesses in multiple countries.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.