Sat.Jun 04, 2022 - Fri.Jun 10, 2022

article thumbnail

Top-Ranked New Jersey School District Cancels Final Exams Following Ransomware Cyberattack

Joseph Steinberg

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. In addition to having cancelled finals, the district, which ranks in many surveys as being among the top 50 school districts in the country, has been forced to revert for its final days of instruction for the 201-2022 academic year to using paper, pencils, and pre-computer-era overhead projectors instead of its usual

article thumbnail

KrebsOnSecurity in New Netflix Series on Cybercrime

Krebs on Security

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of “ swatting ” — wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 298

Troy Hunt

I somehow ended up blasting through an hour and a quarter in this week's video with loads of discussion on the CTARS / NDIS data breach then a real time "let's see what the fuss is about" with news that one of our state's digital driver's licenses (DDL) may be easily forgeable. I think the whole discussion is actually really interesting when looked at through the lens of how on balance, a digitised license compares to a physical one.

article thumbnail

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

The Last Watchdog

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Humans and identity are constants in the ever-changing world of cybersecurity

Tech Republic Security

Businesses now compete as ecosystems and the veracity of information must be protected, officials tell the audience at the RSA Conference Monday. The post Humans and identity are constants in the ever-changing world of cybersecurity appeared first on TechRepublic.

article thumbnail

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email. In October 2018, prosecutors in the Southern District of California named four Adconion employees — Jacob Bychak , Mark Manoogian , Petr Pacas , and Mohammed Abdul Qayyum

More Trending

article thumbnail

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

The Last Watchdog

Reducing the attack surface of a company’s network should, by now, be a top priority for all organizations. Related: Why security teams ought to embrace complexity. As RSA Conference 2022 gets underway today in San Francisco, advanced systems to help companies comprehensively inventory their cyber assets for enhanced visibility to improve asset and cloud configurations and close security gaps will be in the spotlight.

article thumbnail

Tech pros have low confidence in supply chain security

Tech Republic Security

A new report from ISACA finds that 53% of respondents believe supply chain issues will stay the same or worsen over the next six months. The post Tech pros have low confidence in supply chain security appeared first on TechRepublic.

207
207
article thumbnail

Killnet: The Hactivist Group That Started A Global Cyber War

Digital Shadows

Since the beginning of the Russia-Ukraine war, hacktivism has experienced a substantial resurgence, with many hacktivist groups being created in. The post Killnet: The Hactivist Group That Started A Global Cyber War first appeared on Digital Shadows.

DDOS 145
article thumbnail

Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day

Security Boulevard

While malicious email attachments are nothing new, there’s reason to be particularly cautious when it comes to the new zero-day vulnerability, dubbed Follina, found in Microsoft Word, for which the tech giant almost immediately issued a workaround. The reason this vulnerability is so serious is that all a user needs to do is open the. The post Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with the infected systems.

Malware 144
article thumbnail

Thousands of unprotected Elasticsearch databases are being ransomed

Tech Republic Security

The internet-facing instances are currently being accessed by attackers who remove the vulnerable databases and leave a ransom note instead. The post Thousands of unprotected Elasticsearch databases are being ransomed appeared first on TechRepublic.

Internet 202
article thumbnail

Hottest new cybersecurity products at RSA 2022

CSO Magazine

Every year, global security vendors use the RSA Conference (RSAC) to exhibit new products and capabilities. This year, the show returns as an in-person event (with a virtual component) in San Francisco after going all-virtual in 2021 due to the pandemic. At RSAC 2022, starting June 6, new product showcases are dominated by identity and access security, SaaS services and security operations center ( SOC ) enhancements.

article thumbnail

U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers

The Hacker News

U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Artificial Intelligence and Security: What You Should Know

Dark Reading

Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.

article thumbnail

A cybercriminal stole 1 million Facebook account credentials over 4 months

Tech Republic Security

A large-scale phishing attack was uncovered by PIXM, as well as the person who had been carrying out the attacks. The post A cybercriminal stole 1 million Facebook account credentials over 4 months appeared first on TechRepublic.

article thumbnail

Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme

Trend Micro

In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices.

article thumbnail

Tesla Fails Yet Again: Hackers can Steal Cars via NFC

Security Boulevard

Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time. The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Boulevard.

Software 141
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

GitLab addressed critical account take over via SCIM email change

Security Affairs

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account. The vulnerability impacts all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. R

article thumbnail

iOS 16 cheat sheet: Complete guide for 2022

Tech Republic Security

Learn about the new features available with iOS 16, and how to download and install the latest version of Apple’s mobile operating system. The post iOS 16 cheat sheet: Complete guide for 2022 appeared first on TechRepublic.

Mobile 191
article thumbnail

New PACMAN hardware attack targets Macs with Apple M1 CPUs

Bleeping Computer

A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. [.].

article thumbnail

Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS

Security Boulevard

A nasty zero-click, zero-day RCE bug remains unpatched in Windows. Dubbed “Follina,” Microsoft’s done diddly-squat about it. The post Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS appeared first on Security Boulevard.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

article thumbnail

A third of organizations hit by ransomware were forced to close temporarily or permanently

Tech Republic Security

A recent survey reveals many organizations close either temporarily or permanently after a ransomware attack. Learn more about how you can protect your business ransomware attacks. The post A third of organizations hit by ransomware were forced to close temporarily or permanently appeared first on TechRepublic.

article thumbnail

Poisoned CCleaner search results spread information-stealing malware

Bleeping Computer

Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program. [.].

Malware 144
article thumbnail

6 top vulnerability management tools and how they help prioritize threats

CSO Magazine

Not only has vulnerability management changed considerably over the years, but so have the systems on which enterprise security teams must identify and patch. Today there are systems on-premises, IoT devices, public and private clouds, and substantially more custom applications. No more do vulnerability management systems just focus on networks and private hosted applications.

IoT 137
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups, they’re leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Following the attacks of the Killnet Collective, the group responsible for the attacks against major government resources and law enforcement, a new group has been ident

article thumbnail

Ransomware: A Beginner’s Guide to Threat Detection

Tech Republic Security

If you have been following the news, you’ll have most certainly been bombarded by the term ransomware. Almost every week, another large company publicly discloses being impacted by this type of attack. Due to the increased awareness of ransomware, one may think that this is a new phenomenon. But it’s not. This whitepaper introduces you. The post Ransomware: A Beginner’s Guide to Threat Detection appeared first on TechRepublic.

article thumbnail

Online gun shops in the US hacked to steal credit cards

Bleeping Computer

Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites. [.].

article thumbnail

Russia warned the West against cyber attacks and threatened direct military warfare

CyberSecurity Insiders

Russia is saying that western nations like the United States and the UK are launching cyber attacks on its critical infrastructure in the name of “Glory of Ukraine”. The Putin-led nation warned about direct military warfare if the west doesn’t tone down its acts, as it might lead to serious consequences. As soon as Vladimir Putin started invading Ukraine in the last week of February this year, the entire world, including developed nations such as UK and USA, was against the war.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.