Sat.May 22, 2021 - Fri.May 28, 2021

article thumbnail

AI Is Everywhere — Should We Be Excited or Concerned?

Lohrman on Security

Artificial intelligence is slowly transforming many areas of life — and fast — but we all need to pay attention. Reactions are all over the map, and AI will be used for both good and evil.

article thumbnail

Complete Cyber Security Jargons by Appknox

Appknox

Cyberattacks are getting common and their impact is quite severe. Security breaches are no longer limited to a few large tech companies. Cybercriminals have rapidly altered tactics and started targeting several Small and Medium Enterprises (SMEs) as well.

131
131
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Welcoming the Trinidad & Tobago Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future.

article thumbnail

The Story of the 2011 RSA Hack

Schneier on Security

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

Hacking 270
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Employers are watching remote workers and they're monitoring these activities

Tech Republic Security

While many employers are tapping technologies to monitor workflows, a new report highlights potential drawbacks and even resentment among surveilled employees.

article thumbnail

SolarWinds Hackers Targeting Government Agencies Via Email

Security Boulevard

Threat actor Nobeliumm, the state-backed Russian group of cybercriminals behind last year’s SolarWinds hacking campaign, has launched a new attack targeting government agencies, think tanks, consultants and non-governmental organizations, according to Microsoft and various news outlets. In a blog post published late Thursday night, Tom Burt, Microsoft’s vice president of customer security and trust, said.

More Trending

article thumbnail

Malware exploited macOS zero-day flaw to secretly take screenshots. Update to Big Sur 11.4 now

Hot for Security

Apple Mac users are being advised to update their operating system as a matter of priority, after malicious hackers have discovered a way of bypassing the privacy protections built into Apple Macs. The vulnerability , allows attackers to gain permissions on vulnerable Macs without users’ granting explicit consent. Specifically, as security researchers at Jamf explain , versions of the XCSSET malware hunt for installed apps for which the targeted user may already have granted permission to

Malware 145
article thumbnail

Docker expands its trusted container offerings

Tech Republic Security

We all use container-based images to build applications, but can you trust them? Docker's expansion of its trusted content offering, the Docker Verified Publisher Program, will make it easier.

194
194
article thumbnail

Introducing Half-Double: New hammering technique for DRAM Rowhammer bug

Google Security

Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler Today, we are sharing details around our discovery of Half-Double , a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory. Rowhammer is a DRAM vulnerability whereby repeated accesses to one address can tamper with the data stored at other addresses.

article thumbnail

Protecting the Hybrid Cloud With Zero-Trust

Security Boulevard

Cloud security is tough enough, but hybrid cloud adds a few extra challenges, such as visibility between cloud platforms and the difficulty of remaining current with compliance protocols for industry and government regulations. Is zero-trust the answer for hybrid cloud security and its unique challenges? Bill Malik, VP of infrastructure strategies with Trend Micro, addressed.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Apple fixes macOS zero?day bug that let malware take secret screenshots

We Live Security

You would do well to update to macOS Big Sur 11.4 post-haste. The post Apple fixes macOS zero‑day bug that let malware take secret screenshots appeared first on WeLiveSecurity.

Malware 144
article thumbnail

Shift left security is helpful, but one expert says it's not enough

Tech Republic Security

It's critical to plug cybersecurity vulnerabilities before bad guys get wind of them. To make that happen, businesses should encourage security and developer teams to collaborate, says an expert.

article thumbnail

VMware warns of critical bug affecting all vCenter Server installs

Bleeping Computer

VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. [.].

145
145
article thumbnail

Grandchild of Rowhammer: ‘Half-Double’ Tactic Flips Farther Bits

Security Boulevard

Rowhammer has a new variant. And it’s been made easier: DDR4 memory is getting denser, so the individual bits are physically closer together. The post Grandchild of Rowhammer: ‘Half-Double’ Tactic Flips Farther Bits appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

5 Tips to get Better Efficacy out of Your IT Security Stack

Webroot

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous term; everyone wants it to be better, but what exactly does that mean? And how do you properly measure it?

Phishing 143
article thumbnail

Homeland Security unveils new cybersecurity requirements for pipeline operators

Tech Republic Security

Owners and operators will have to identify any gaps in their security and report new incidents to key federal agencies because of the Colonial Pipeline ransomware attack.

article thumbnail

Wormable Windows HTTP vulnerability also affects WinRM servers

Bleeping Computer

A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service. [.].

145
145
article thumbnail

Security News In Review: Data Breaches, Data Poison, and Big Data

Security Boulevard

This week’s news roundup is all about data. Kicking things off is a recently announced breach at Mercari, predictions for “data poisoning” becoming a big attack vector, and the possibility of a national data breach disclosure law. . Read on for the news. The post Security News In Review: Data Breaches, Data Poison, and Big Data appeared first on Security Boulevard.

Big data 144
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

I hacked my friend’s website after a SIM swap attack

We Live Security

Here’s how easily your phone number could be stolen, why a successful SIM swap scam is only the beginning of your problems, and how you can avoid becoming a victim of the attack. The post I hacked my friend’s website after a SIM swap attack appeared first on WeLiveSecurity.

Hacking 143
article thumbnail

Expert: Biden's executive order on cybersecurity is a good start toward protecting organizations

Tech Republic Security

Cybersecurity expert says it all starts with process. The regulations will make it easier for companies to report breaches.

article thumbnail

Apple addresses three zero-day flaws actively exploited in the wild

Security Affairs

Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is aware of a report that this issue may have been actively exploited.” reads the security advisories published by Apple for the abov

Malware 142
article thumbnail

Ransomware Gang Frees Irish Medical Data—but Leak Threat Remains

Security Boulevard

Ireland’s Health Service Executive suffered a catastrophic ransomware attack last week. But now the gang seems to have had a change of heart. The post Ransomware Gang Frees Irish Medical Data—but Leak Threat Remains appeared first on Security Boulevard.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Cryptocurrency trading bots: Strengthening Cybersecurity and minimizing risks

CyberSecurity Insiders

This blog was written by an independent guest blogger. A staggering $1.9 billion in cryptocurrency was stolen by criminals in 2020, a recent report by Finaria reveals. Fortunately, despite the growth of the crypto market, crypto crime has decreased by 57% since 2019, dropping to $1.9 billion. The widespread recent implementation of stronger security measures also means crypto-criminals stole 160% more in value in 2019 than in 2020, despite the similar number of crimes.

article thumbnail

FBI warns of Conti ransomware attacks against healthcare organizations

Tech Republic Security

The attacks have targeted US healthcare and first responder networks with ransom demands as high as $25 million, says the FBI.

article thumbnail

French police seized dark web marketplace Le Monde Parallèle

Security Affairs

Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation is another success of national police in the fight against cybercrime activity in the dark web. It is the third large French-speaking platform seized by the local police after Black Hand in 2018 and French Deep Web Market in 2019.

article thumbnail

WooCommerce Credit Card Swiper Hides in Plain Sight

Security Boulevard

Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment information. This is, of course, a tell-tale sign that there is something seriously wrong with the website and likely a case of credit card exfiltration.

eCommerce 143
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

How to prepare for the demise of Windows NT LAN Manager

CSO Magazine

Older protocols are hard to kill. From consumer-based protocols like SMBv1 to network-based protocols like Windows NT LAN Manager (NTLM), we typically need time and planning to move off protocols that we rely on. Many of us are still using NTLM to authenticate to our networks especially for remote access during the pandemic. This old but well-used protocol was the default for network authentication in the Windows NT 4.0 operating system.

article thumbnail

SolarWinds hackers resurface to attack government agencies and think tanks

Tech Republic Security

Operating in Russia, the Nobelium cybercrime group has targeted 3,000 email accounts across more than 150 organizations, says Microsoft.

article thumbnail

FBI: APT hackers breached US local govt by exploiting Fortinet bugs

Bleeping Computer

The Federal Bureau of Investigation (FBI) says the webserver of a US municipal government was breached by state-sponsored attackers after hacking a Fortinet appliance. [.].

article thumbnail

Code Itself Is a Growing Security Threat

Security Boulevard

As the pace of digitization across the global economy accelerates, companies are creating more and more software. This is putting greater pressure on internal teams to deliver on schedule, within budget and to stay ahead of security vulnerabilities. This pressure falls on software engineers, most of whom are already spread thin balancing the demand for.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.