CSO Magazine

MARCH 18, 2021

Editor's note: This article, originally published in July, 2018, has been updated to more accurately reflect recent trends. Deepfake definition. Deepfakes are fake videos or audio recordings that look and sound just like the real thing. Once the bailiwick of Hollywood special effects studios and intelligence agencies producing propaganda, like the CIA or GCHQ's JTRIG directorate, today anyone can download deepfake software and create convincing fake videos in their spare time.

Risk 145

Risk Software 145

The Hacker News

MARCH 15, 2021

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the best DDoS protection software solutions.

DDOS 144

DDOS Software Marketing 144

TrustArc

MARCH 19, 2021

by Dr. Gary Edwards, Advisor to TrustArc, and Amanda Lee, Product Marketing Manager Respecting privacy is a cornerstone of trust, a central pillar on which brand reputation stands. From TrustArc’s Global Privacy Benchmarks survey in 2020, we learned that the majority of senior executives in large enterprises around the globe give themselves high marks for doing […].

Marketing 104

Marketing 104

Schneier on Security

MARCH 17, 2021

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger.

Cryptocurrency 359

Cryptocurrency Media Government Firewall 359

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Telecommunications 357

Telecommunications Mobile Wireless Accountability 357

Joseph Steinberg

MARCH 15, 2021

The MAC address “device filtering” feature of your LAN’s router is unlikely to provide you with any significant security benefits – and, if you enable the feature, it may cause you heartaches. Recently, I participated in a (virtual) discussion about the security of home networks – an important topic as hundreds of millions of people around the world continue to work remotely due to the ongoing COVID-19 pandemic.

Wireless 301

Wireless Artificial Intelligence Encryption Passwords 301

Schneier on Security

MARCH 15, 2021

Interesting research: “ Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System “: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet

Engineering 351

Engineering Internet Internet 351

Krebs on Security

MARCH 17, 2021

If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous. Here’s the story of one such goof committed by Fiserv [ NASDAQ:FISV ], a $15 billion firm that provides online banking software and other technology solutions to thousands of financial institutions.

Banking 290

Banking Accountability Software Mobile 290

Lohrman on Security

MARCH 14, 2021

Cyber Attacks 363

Cyber Attacks 363

Tech Republic Security

MARCH 19, 2021

Find out why cloud computing is leading IT security pros to reevaluate their in-house cybersecurity practices as well as resources provided by managed service providers.

Cybersecurity 205

Cybersecurity Risk 205

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

MARCH 19, 2021

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money — in this case, $16 off an anonymous prepaid credit card — and a few lies, you can forward the text messages from any phone to any other phone.

Authentication 287

Authentication Accountability Mobile Advertising 287

Krebs on Security

MARCH 15, 2021

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

Passwords 279

Passwords Accountability Hacking Data breaches 279

Security Boulevard

MARCH 19, 2021

If 2020 has taught us anything, it’s that anything can happen. Honestly, how many of us had, “I will do my best to avoid a global pandemic,” as a New Year’s resolution for 2020? That said, the chances that 2021 will be even more unpredictable are slim. So, we might as well indulge in setting. The post 3 Cybersecurity Goals for CISOs appeared first on Security Boulevard.

CISO 145

CISO Cybersecurity Phishing Mobile 145

Tech Republic Security

MARCH 16, 2021

The security company said the attacks were attributed to RedDelta and Mustang Panda, both of which are allegedly based in China.

Telecommunications 218

Telecommunications 218

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

MARCH 18, 2021

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector.

Internet 267

Internet Internet Engineering 267

Hot for Security

MARCH 19, 2021

The hacker who claimed responsibility for breaching the live video streams of 150,000 CCTV cameras at police departments, hospitals, and well-known businesses has been charged by the US Department of Justice with hacking more than 100 companies. Read more in my article on the Hot for Security blog.

Hacking 145

Hacking Data breaches 145

We Live Security

MARCH 18, 2021

The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication. The post Beware Android trojan posing as Clubhouse app appeared first on WeLiveSecurity.

Authentication 145

Authentication Malware Mobile 145

Tech Republic Security

MARCH 17, 2021

App developers need to implement workarounds and create an understanding of the benefits of shared data, according to a new survey from AppsFlyer and Mobile Marketing Association.

Mobile 180

Mobile Marketing 180

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

MARCH 17, 2021

Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter. [.].

Technology 145

Technology 145

Google Security

MARCH 17, 2021

Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for our users, customers, and the internet at large. In the first iteration of the prize, we awarded $100,000 to the winning write-up about a security vulnerability in GCP.

Engineering 145

Engineering Authentication Accountability Internet 145

Security Boulevard

MARCH 13, 2021

Protected with 2FA? Think Again. Two-factor authentication (2FA) is certainly a best practice for corporate security, but cybercriminals are also quite good at defeating it, often without a user’s knowledge. However 2FA is not a panacea and just like cyber awareness training, it is just one part of a total protection program. Assessing the risk […].

Phishing 145

Phishing Authentication Risk 145

Tech Republic Security

MARCH 16, 2021

Isolating your hardware and your applications is a more effective way to prevent malware from infecting your critical endpoints, says HP.

Malware 208

Malware 208

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MARCH 18, 2021

The Federal Bureau of Investigation has published its annual report on cybercrime affecting victims in the U.S., noting a record number of complaints and financial losses in 2020 compared to the previous year. [.].

Cybercrime 145

Cybercrime 145

The Hacker News

MARCH 15, 2021

The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement.

Encryption 145

Encryption 145

Security Boulevard

MARCH 17, 2021

Language. English. Tags: . <a href='/blog?tag=Cybersecurity'>Cybersecurity</a> <a href='/blog?tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=IT Security'>IT Security</a> Protecting customer data from loss and leakage has become a top priority for enterprises over the past decade.

Data breaches 144

Data breaches Ransomware Financial Services CISO 144

Tech Republic Security

MARCH 17, 2021

Cybercriminals know they can make money with ransomware and keep getting bolder with their demands, says Palo Alto Networks' Unit 42.

Ransomware 207

Ransomware 207

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

CyberSecurity Insiders

MARCH 18, 2021

Spanish Data Protection Agency aka Agencia Espanola De Protection De Datos (AEPD) has penalized Vodafone Spain for failing to protect the data of its customers and for indulging in fraudulent telemarketing tactics. The amount pronounced by AEPD against Vodafone is $9.72m is highest fine ever witnessed in a country against a multinational firm. The telecommunication company will face a collective penalty because of 4 separate discrepancies in following rules – Two fines counting to $7.16m f

Telecommunications 144

Telecommunications IoT Mobile Marketing 144

We Live Security

MARCH 15, 2021

From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for? The post PayPal fraud: What merchants should know appeared first on WeLiveSecurity.

Scams 145

Scams 145

Bleeping Computer

MARCH 18, 2021

Previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple. [.].

Accountability 144

Accountability Malware Software 144

Tech Republic Security

MARCH 15, 2021

A Home.com survey found that while most understood the value and necessity of the investment in new tools and gadgets, there were quite a few who worried the technology would facilitate some kind of hack.

Technology 174

Technology Hacking 174

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk