Krebs on Security

MARCH 4, 2021

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.

Cybercrime 363

Cybercrime Hacking Passwords Accountability 363

Schneier on Security

MARCH 1, 2021

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

Risk 357

Risk Government Marketing Software 357

Troy Hunt

MARCH 1, 2021

I'm pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT , now has full and free access to query their government domains across the entire scope of data in HIBP. This is now the 12th government onboarded to HIBP and I'm very happy to see the Portuguese join their counterparts in other corners of the world.

Government 338

Government 338

Tech Republic Security

MARCH 1, 2021

Remote employees have engaged in certain risky behaviors, such as storing sensitive data, using inappropriate admin access and failing to update software, says Tanium.

Software 210

Software 210

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

MARCH 5, 2021

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity.

Hacking 363

Hacking Software Government Internet 363

Schneier on Security

MARCH 2, 2021

This is weird : Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Malware 328

Malware Government 328

Tech Republic Security

MARCH 2, 2021

A new Red Hat report also finds that app development and digital transformation are important to users and that security perceptions have improved.

Digital transformation 211

Digital transformation 211

Krebs on Security

MARCH 2, 2021

PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR handles everything from payroll processing and human resources to health insurance and tax forms for hundreds of “professional employer organizations” (PEOs) that serve more than two million employees.

Ransomware 285

Ransomware Small Business Insurance Software 285

Schneier on Security

MARCH 5, 2021

I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method, and its abstract ends with the provocative sentence: “This destroys the RSA cryptosystem.” It does not. At best, it’s an improvement in factoring — and I’m not sure it’s even that.

293

293

Security Boulevard

MARCH 5, 2021

Today, the United States Attorney for the Southern District of New York, William F. Sweeney, announced the unsealing of a seven count indictment charging John David McAfee, founder of McAfee, and Jimmy Gale Watson, an executive advisor to McAfee, with pump-and-dump schemes, as well as initial coin offering (ICO) touting schemes. Watson was arrested on.

Cybersecurity 145

Cybersecurity 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MARCH 4, 2021

Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.

Phishing 198

Phishing Social Engineering Engineering 198

Krebs on Security

MARCH 2, 2021

Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

Internet 276

Internet Internet Software Education 276

Schneier on Security

MARCH 3, 2021

NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander ‘s parachute. More information.

Encryption 265

Encryption 265

Security Boulevard

MARCH 3, 2021

While I might not be in the IT trenches, over my years in sales I have had the benefit of working alongside IT leaders across multiple industries. I’ve learned first-hand about the problems IT leaders face in their everyday cybersecurity operations. And what is the biggest takeaway? It’s that at small to medium-sized businesses or really any with a blossoming security program, IT leaders’ cybersecurity problems revolve mainly around a lack of three components: people, process, and technology.

Cybersecurity 145

Cybersecurity Technology 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

MARCH 2, 2021

Too many people shrug off SELinux on their data center systems. Jack Wallen says it's time to stop giving into that siren song so your operating systems are weakened.

187

187

Hot for Security

MARCH 3, 2021

A new zero-day vulnerability has been discovered in the popular web browser Chrome, with Google noting that the flaw is being exploited by malicious actors. Users should install the updated version of the browser containing the patch as soon as possible. In traditional Chrome-team fashion, the techies maintaining the world’s most popular web browser for desktops are “delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux.”.

145

145

We Live Security

MARCH 3, 2021

Some perpetrators of online crime and fraud don’t use advanced methods to profit at the expense of unsuspecting victims and to avoid getting caught. The post Not all cybercriminals are sophisticated appeared first on WeLiveSecurity.

Cybercrime 145

Cybercrime 145

The Hacker News

MARCH 4, 2021

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents.

Data breaches 145

Data breaches Cybersecurity Hacking 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

MARCH 4, 2021

Account takeovers and online banking fraud are two types of attacks on the rise against financial institutions and their customers, says Feedzai.

Banking 193

Banking Accountability 193

Security Boulevard

MARCH 1, 2021

Edge computing is proving to be more than just a trend. Research giant Gartner predicts that by 2025, some 75% of enterprise-generated data will be created and processed outside of the traditional data center or cloud. Simply put, the edge is poised to be huge, and with that growth comes new cybersecurity threats. What’s more, The post Edge Computing Growth Drives New Cybersecurity Concerns appeared first on Security Boulevard.

Cybersecurity 145

Cybersecurity 145

Hot for Security

MARCH 1, 2021

Gab, the Twitter-like social networking service known for its far-right userbase, has reportedly been hacked - putting more than 40 million public and private posts, messages, as well as user profiles and hashed passwords, at risk of exposure. Read more in my article on the Hot for Security blog.

Passwords 145

Passwords Risk Hacking Data breaches 145

Bleeping Computer

MARCH 1, 2021

Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. [.].

145

145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

MARCH 5, 2021

A lack of confidence in companies' defenses is prompting 91% of organizations to boost 2021 budgets, according to a new IDG/Insight Enterprises study.

Cybersecurity 187

Cybersecurity 187

Security Boulevard

FEBRUARY 28, 2021

Businesses, employees and their customers rely on social media interactions more than ever since COVID-19 arrived. However, social media usage should raise certain privacy concerns. For most users, it comes down to a level of trust. In other words, users trust that social media platforms will protect and secure their personal information and data. Which, The post Social Media Risks Increasing in 2021 appeared first on Security Boulevard.

Media 145

Media Risk Accountability 145

Trend Micro

FEBRUARY 28, 2021

Povlsomware is a proof-of-concept (POC) ransomware first released in November 2020 which, according to their Github page, is used to “securely” test the ransomware protection capabilities of security vendor products.

Ransomware 144

Ransomware 144

Bleeping Computer

MARCH 2, 2021

Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform for added protection against a wide range of threats. [.].

145

145

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

MARCH 2, 2021

Whether paying ransom for data held hostage makes sense depends on many variables. Experts define the variables and why they're important.

Ransomware 170

Ransomware 170

Security Boulevard

FEBRUARY 28, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s … (more…). The post GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce appeared first on Security Boulevard.

Cyber threats 144

Cyber threats Malware Information Security Security Awareness 144

CSO Magazine

MARCH 2, 2021

The first thing a CISO should remember when considering a new position is that C-level security professionals are a valuable commodity. That means take your time and be picky so you don’t land the wrong job. Or, as the world’s first CISO Steve Katz says, “Don’t go shopping when you’re hungry.

CISO 144

CISO 144

Bleeping Computer

FEBRUARY 27, 2021

Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept (PoC) exploit code for a critical remote code execution (RCE) bug affecting a Windows graphics component. [.].

145

145

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk