Sat.Nov 05, 2022 - Fri.Nov 11, 2022

article thumbnail

6 ways to reduce your IoT attack surface

Tech Republic Security

As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic.

IoT 217
article thumbnail

An Untrustworthy TLS Certificate in Browsers

Schneier on Security

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy : Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.

Spyware 284
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Lawsuit Seeks Food Benefits Stolen By Skimmers

Krebs on Security

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state. Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via stat

article thumbnail

2022 Midterm Election Cybersecurity: Are We Ready?

Lohrman on Security

As we head into the pivotal 2022 midterm elections this week, how prepared are states to ensure votes are properly counted and protected from cyber attacks? Here’s a roundup of recent developments.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Qualys Security Conference 2022: Corralling horses in an expanding edge rodeo

Tech Republic Security

It wasn’t a “Day of Anger” as Qualys used the final leg of its multi-city conference series to discuss the control of edge assets. The post Qualys Security Conference 2022: Corralling horses in an expanding edge rodeo appeared first on TechRepublic.

article thumbnail

Defeating Phishing-Resistant Multifactor Authentication

Schneier on Security

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful.

More Trending

article thumbnail

Mastodon: What you need to know for your security and privacy

Graham Cluley

Mastodon is hot right now. After some years of only being used by geeks (yes, I've had an account for a while now) it's at the tipping point of becoming mainstream. If you're part of the exodus of users leaving Twitter for Mastodon, what are the security and privacy issues that you need to be aware of?

article thumbnail

Top 6 Multi-Cloud Security Solution Providers

Tech Republic Security

If you're in the process of constructing a multi-cloud security plan, these providers can help you avoid the most common pitfalls of multi-cloud security. The post Top 6 Multi-Cloud Security Solution Providers appeared first on TechRepublic.

157
157
article thumbnail

Using Wi-FI to See through Walls

Schneier on Security

This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for the absence of security cameras and other signs that a room is monitored or occupied.

article thumbnail

Cyber Threats to the FIFA World Cup Qatar 2022

Digital Shadows

Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner. The post Cyber Threats to the FIFA World Cup Qatar 2022 first appeared on Digital Shadows.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Mastodon now has over 1 million users amid Twitter tensions

Bleeping Computer

Mastodon, the free, open-source, decentralized micro-blogging social media platform, has surpassed a million monthly active users for the first time in its history. [.].

Media 145
article thumbnail

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.

Firmware 136
article thumbnail

The Conviction of Uber’s Chief Security Officer

Schneier on Security

I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, but until then, this essay on the topic is worth reading.

article thumbnail

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Trend Micro

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.

Hacking 135
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Russian LockBit ransomware operator arrested in Canada

Bleeping Computer

Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide. [.].

article thumbnail

Safely Test Your Malware, Ransomware and Virus Defenses

Security Boulevard

What’s the best way for a company to test its malware defenses in real-life scenarios? The past few years have seen both an uptick in cyberattacks and a dire shortage of security talent. In fact, a 2017 report predicted that by 2020 businesses will be hit by a threat actor every eleven seconds. Not to. The post Safely Test Your Malware, Ransomware and Virus Defenses appeared first on Security Boulevard.

Malware 134
article thumbnail

Cybersecurity threats: what awaits us in 2023?

SecureList

Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future. Those predictions form Kaspersky Security Bulletin (KSB), an annual project lead by Kaspersky experts.

article thumbnail

How to prepare for a SOC 2 audit – it’s a big deal, so you’d better get ready

CSO Magazine

Organizations that want to prove to others – and to themselves – that they have a solid cybersecurity and data privacy program will undergo a SOC 2 audit. As such, a SOC 2 audit is a big deal, and it’s demanding, and it requires some serious preparation. SOC audits were created by the American Institute of CPAs (AICPA) under several evaluation and reporting frameworks comprising the System and Organization Controls headers SOC 1, SOC 2, and SOC 3.Although each of those holds value, many organiza

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsoft WinGet package manager failing due to CDN issues

Bleeping Computer

Microsoft's WinGet package manager is currently having problems installing or upgrading packages due to the Azure Content Delivery Network (CDN) returning a 0-byte database file. [.].

129
129
article thumbnail

Cisco Secure Endpoint Crushed the AV-Comparative EPR Test

Cisco Security

The word is out! Cisco Secure Endpoint’s effectiveness is off the charts in protecting your enterprise environment. This is not just a baseless opinion; however, the facts are rooted in actual test results from the annual AV-Comparative EPR Test Report published in October 2022. Not only did Secure Endpoint knock it out of the park in enterprise protection; but Cisco Secure Endpoint obtained the lowest total cost of ownership (TCO) per agent at $587 over 5 years.

Antivirus 127
article thumbnail

LockBit 3.0 gang claims to have stolen data from Kearney & Company

Security Affairs

The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its financial operations’ overall effectiveness and efficiency.

article thumbnail

Hacker Stole $3B of Bitcoin — Because ‘Crypto’ is Garbage

Security Boulevard

James Zhong admitted to stealing 50,000 bitcoins from the former dark web market, Silk Road. The post Hacker Stole $3B of Bitcoin — Because ‘Crypto’ is Garbage appeared first on Security Boulevard.

Marketing 125
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Worok hackers hide new malware in PNGs using steganography

Bleeping Computer

A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms. [.].

Malware 134
article thumbnail

Cisco Secure Endpoint – looking very positive in recent reports!

Cisco Security

Lots of exciting things happening at Cisco, and for our customers, all to help them better prepare for what’s next. Case in point, we just returned from a very successful Cisco Partner Summit where the spotlight shined on cyber security. When our executives were on stage talking about solutions, the attendees heard a very catchy phrase; “if it’s connected, it’s protected.

Risk 124
article thumbnail

A cyberattack blocked the trains in Denmark

Security Affairs

At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo which provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.

article thumbnail

NSA’s Plea: Stop Using C and C++ (Because You’re Idiots)

Security Boulevard

The C and C++ languages are unsafe. Instead, the NSA would like devs to use memory-safe languages—such as Rust. The post NSA’s Plea: Stop Using C and C++ (Because You’re Idiots) appeared first on Security Boulevard.

CISO 123
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

FBI warns scammers now impersonate refund payment portals

Bleeping Computer

The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy. [.].

123
123
article thumbnail

PCI DSS 4.0 is coming: how to prepare for the looming changes to credit card payment rules

CSO Magazine

For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security. The volume of transactions conducted with general purpose credit cards (American Express, Discover, Mastercard, Visa, UnionPay in China, and JCB in Japan) totaled $581 billion in 2021, up 24.5% year-over-year, according to the Nilson Report.

Banking 123
article thumbnail

Cloud architects are afraid of automation

InfoWorld on Security

Automation is not new, but its use in cloud computing is recent. The idea is to automate tasks that have been traditionally carried out by humans; for example, self-healing a saturated compute server by automatically restarting it on a cloud provider. Or restricting the overuse of some expensive cloud service by finops automation, or having security automation defend against a cloud-borne breach attempt that happens at 3:00 a.m.

120
120
article thumbnail

BSidesKC 2022 – Igor Mezic’s ‘AI And Machine Learning In Network Security’

Security Boulevard

Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesKC 2022 – Igor Mezic’s ‘AI And Machine Learning In Network Security’ appeared first on Security Boulevard.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.