Sat.Feb 25, 2023 - Fri.Mar 03, 2023

article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.

Hacking 273
article thumbnail

Nick Weaver on Regulating Cryptocurrency

Schneier on Security

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space—with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space has grown over the past decade with very little regulatory oversight.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Top 10 open-source security and operational risks of 2023

Tech Republic Security

Many software companies rely on open-source code but lack consistency in how they measure and handle risks and vulnerabilities associated with open-source software, according to a new report. The post Top 10 open-source security and operational risks of 2023 appeared first on TechRepublic.

Risk 206
article thumbnail

Organizations Struggle With CCPA, CPRA, GDPR Compliance

Security Boulevard

The vast majority—92% of companies across all verticals, states and business sizes—are still unprepared for compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), while a similar percentage (91%) are unprepared for GDPR compliance. A report from Cytrio revealed these organizations are still using time-consuming and error-prone manual processes to.

IoT 139
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

Naked Security

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.

Hacking 144
article thumbnail

Side-Channel Attack against CRYSTALS-Kyber

Schneier on Security

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack. The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this is just a side-channel attack.

More Trending

article thumbnail

Cybersecurity in wartime: how Ukraine's infosec community is coping

CSO Magazine

Whenever shells rain down on Ukraine, Yuriy Gatupov's colleagues put a '+' sign in a chat room. Then, the pluses are counted. "We check if everybody is alive," he says. Gatupov, the owner of two cybersecurity companies, says it is vital to stay connected during a time of war. With Russia now controlling around 18% of Ukraine's territory including Donbas and Crimea, tech workers face formidable challenges.

InfoSec 137
article thumbnail

The Bridge to Zero Trust

CyberSecurity Insiders

No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. If you suffer a breach, the loss of data is only the first of many issues you will be facing. You also have to navigate reputational damage, lost revenue, and the potential for fines and sanctions from regulatory agencies.

article thumbnail

Fooling a Voice Authentication System with an AI-Generated Voice

Schneier on Security

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank.

article thumbnail

Google Workspace admins can now use client-side encryption on Gmail and Calendar

Tech Republic Security

Organizations subject to government regulations can gain more control over their own security. The post Google Workspace admins can now use client-side encryption on Gmail and Calendar appeared first on TechRepublic.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Hacked home computer of engineer led to second LastPass data breach

CSO Magazine

Password management company LastPass, which was hit by two data breaches last year , has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches infected the engineer's home computer with a keylogger , which recorded information that enabled a cyberattack that exfiltrated sensitive inform

article thumbnail

US Marshals Ransomware Hack is ‘Major Incident’

Security Boulevard

The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly). The post US Marshals Ransomware Hack is ‘Major Incident’ appeared first on Security Boulevard.

Hacking 130
article thumbnail

White House Announces New National Cybersecurity Strategy

SecureWorld News

Cybersecurity is one of the most pressing challenges in the 21st century. As cyber threats grow more sophisticated and diverse, countries need a robust and coordinated strategy to defend their interests and values in cyberspace. Which is why the Biden Administration has released its first National Cybersecurity Strategy. The strategy was crafted by the Office of the National Cyber Director (ONCD), a new agency created by Congress in 2021 to oversee and coordinate federal cybersecurity efforts.

article thumbnail

1Password is looking to a password-free future. Here’s why

Tech Republic Security

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely. The post 1Password is looking to a password-free future. Here’s why appeared first on TechRepublic.

Passwords 150
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Dish Network confirms ransomware attack behind multi-day outage

Bleeping Computer

Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday. [.

article thumbnail

Cybersecurity headlines trending on Google

CyberSecurity Insiders

CISA of the United States has issued a warning to all public and private entities to stay away from the Royal Ransomware group. They issued an advisory as a part of StopRansomware Campaign and issued some tips that help raise the defense-line against such cyber threats. Royal Ransomware gang has been active since September 2022 and demands a sum ranging between $1m to $11 million that needs to be paid in Bitcoins.

article thumbnail

National Cybersecurity Strategy | Contrast Security

Security Boulevard

Time for the gloves to come off, the U.S. government said on Thursday in a newly aggressive policy on cybersecurity that has — mostly — thrilled cybersecurity experts. The post National Cybersecurity Strategy | Contrast Security appeared first on Security Boulevard.

article thumbnail

How security leaders can effectively manage Gen Z staff

CSO Magazine

In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations. Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the ages of 11 and 28. This means they grew up experiencing a much faster rate in which technology evolves.

Education 126
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Chinese hackers use new custom backdoor to evade detection

Bleeping Computer

The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year. [.

Hacking 140
article thumbnail

Attackers Were on Network for 2 Years, News Corp Says

Dark Reading

The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.

126
126
article thumbnail

Microsoft FAIL: ‘BlackLotus’ Bootkit Breaks Secure Boot

Security Boulevard

The BlackLotus malware targets UEFI Secure Boot. For a mere $5000, you too can own it. The post Microsoft FAIL: ‘BlackLotus’ Bootkit Breaks Secure Boot appeared first on Security Boulevard.

Malware 123
article thumbnail

Best and worst data breach responses highlight the do's and don'ts of IR

CSO Magazine

In theory, enterprises should not only have security measures in place to prevent a data breach but should also have detailed plans for a response in the event of a breach. And they should periodically conduct drills to test those plans. Industry-wide best practices for incident response are well established. “In general, you want breach responses to be fairly timely, transparent, communicate with victims in a timely manner, prevent further harm to victims as best as they can do that, and tell s

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

BidenCash market leaks over 2 million stolen credit cards for free

Bleeping Computer

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. [.

Marketing 133
article thumbnail

Apple iPhone Vulnerability let hackers steal photos, messages and files

CyberSecurity Insiders

Apple Inc has issued an update that it will soon release the fix to the two newly discovered vulnerabilities that are plaguing iPhone users for the past two weeks. According to an update released by privacy experts at VPNOverview, these two bugs have the potential of handing over fraudulent access to cyber criminals, thus allowing them to steal photos, messages and files.

Banking 123
article thumbnail

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Trend Micro

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.

Malware 122
article thumbnail

Economic pressures are increasing cybersecurity risks; a recession would amp them up more

CSO Magazine

Predictions on whether or when the global economy will fall into a recession continue to swirl. Even if one doesn’t hit anytime soon, economic volatility, more cautious corporate spending plans, and employee layoffs are already in play. For security chiefs, such news portends a tougher road ahead. CISOs have never had an easy time — they’ve certainly faced inordinate challenges in recent years working to secure an ever-expanding and more distributed technology and data landscape.

Risk 124
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

LastPass: The crooks used a keylogger to crack a corporatre password vault

Naked Security

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

Passwords 138
article thumbnail

Aruba Networks fixes six critical vulnerabilities in ArubaOS

Bleeping Computer

Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. [.

120
120
article thumbnail

The mobile malware threat landscape in 2022

SecureList

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new mobile ransomware Trojans Trends of the year Mobile attacks leveled off after decreasing in the second half of 2021 and remained around the same level throughout 2022.

Mobile 119
article thumbnail

New cyberattack tactics rise up as ransomware payouts increase

CSO Magazine

While phishing , business email compromise (BEC) , and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and adversary in the middle (AitM) phishing proxies that bypass multi-factor authentication,” said

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.