Security Affairs

MARCH 10, 2021

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations. The news was first reported by Bloomberg News who reported its to Verkada.

Surveillance 110

Surveillance Hacking Banking Firmware 110

Naked Security

MARCH 11, 2021

Caveat utilitor! Caveat emptor! Caveat programmator!

143

143

Krebs on Security

MARCH 8, 2021

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.

Hacking 357

Hacking Technology Software 357

Schneier on Security

MARCH 12, 2021

Really interesting research : “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture.

Architecture 349

Architecture Software 349

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

MARCH 10, 2021

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something. now you are in my @home_assistant setup also :) Thanks @troyhunt pic.twitter.com/4d4Qxnlazl — Jón Ólafs (@jonolafs) March 3, 2021 Awesome!

Passwords 349

Passwords IoT Password Management Data breaches 349

Tech Republic Security

MARCH 10, 2021

Commentary: Enterprises try their best to secure their data, but running on-premises mail servers arguably doesn't do this. So why do they do it, anyway?

Hacking 205

Hacking 205

Schneier on Security

MARCH 8, 2021

Interesting paper: “ Shadow Attacks: Hiding and Replacing Content in Signed PDFs “: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities in PDF viewer implementations.They showed attacks that could modify PDF documents without invalidating the signature.

Hacking 335

Hacking Authentication 335

Troy Hunt

MARCH 12, 2021

A big, big week with a heap of different things on the boil. Cyber stuff, audio stuff, IoT stuff - it's all there! Sorry about the camera being a little blue at the start, if anyone knows why it's prone to do this I'd love to hear from you. But hey, at least the audio is spot on, hope you enjoy this week's video. References Complying with NIST Password Guidelines in 2021 (a piece from this week's sponsor, intro'd by yours truly) We're rapidly going cashless, but not everybody is happy (there are

Passwords 262

Passwords IoT Hacking 262

Tech Republic Security

MARCH 11, 2021

Security analysts and an SEO expert explain how this new approach uses legitimate websites to trick users into downloading infected files.

Malware 195

Malware 195

We Live Security

MARCH 10, 2021

ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world. The post Exchange servers under siege from at least 10 APT groups appeared first on WeLiveSecurity.

Malware 145

Malware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

MARCH 9, 2021

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 2013­2017, which indicates a lack of recent software updates,” the reported stated. 26%!?

Technology 332

Technology Software Malware 332

Bleeping Computer

MARCH 10, 2021

In a major unprecedented incident, data centers of OVH located in Strasbourg, France have been destroyed by fire. Customers are being advised by the company to enact their disaster recovery plans after the fire has rendered multiple data centers unserviceable, impacting websites around the world. [.].

Technology 145

Technology 145

Tech Republic Security

MARCH 11, 2021

Organizations have invested millions in new technology over the past year, yet fewer than one in 10 businesses have trained staff in to use these tools. Little surprise, then, that employees are using them incorrectly - and getting in trouble for it.

Technology 173

Technology 173

Security Boulevard

MARCH 10, 2021

Exploration and evolution are written into the very fabric of humanity. Since the planets in our solar system were named, traveling to Mars has been nothing short of a farfetched dream. However, the rapid rise of digital transformation has changed the world we live in, connecting continents and laying the foundation for meaningful space travel. The post Is Cybersecurity More Difficult Than Going to Mars?

Digital transformation 145

Digital transformation Cybersecurity Cyber Risk CISO 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

MARCH 11, 2021

Science has a paper (and commentary ) on generating 250 random terabits per second with a laser. I don’t know how cryptographically secure they are, but that can be cleaned up with something like Fortuna.

280

280

Hot for Security

MARCH 9, 2021

What’s going on? In case you’ve missed the news – hundreds of thousands of Microsoft Exchange Server systems worldwide are thought to have been compromised by hackers, who exploited zero-day vulnerabilities to steal emails. Victims have included the European Banking Authority. The attacks began seemingly specifically targeting organisations, but has now broadened and escalated dramatically.

Hacking 145

Hacking Small Business Banking Internet 145

Tech Republic Security

MARCH 8, 2021

Cybercriminals are racing to exploit four zero-day bugs in Exchange before more organizations can patch them.

Hacking 217

Hacking 217

Digital Shadows

MARCH 9, 2021

Note: This blog is a part of our MITRE ATT&CK Mapping series in which we map the latest major threat. The post Mapping MITRE ATT&CK to the DPRK Financial Crime Indictment first appeared on Digital Shadows.

Cybercrime 145

Cybercrime 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

MARCH 9, 2021

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.

Hacking 145

Hacking Software Cybersecurity 145

Bleeping Computer

MARCH 10, 2021

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ software. [.].

Software 145

Software 145

Tech Republic Security

MARCH 9, 2021

The SolarWinds incident was a wake-up call for most of the security professionals surveyed by DomainTools.

Cybersecurity 217

Cybersecurity 217

Lohrman on Security

MARCH 7, 2021

Risk 275

Risk Cybersecurity 275

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

MARCH 11, 2021

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it.

144

144

Bleeping Computer

MARCH 11, 2021

Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems. [.].

Malware 144

Malware Hacking 144

Tech Republic Security

MARCH 10, 2021

Criminals have been targeting organizations that run Exchange hoping to breach ones that haven't patched the latest bugs, says ESET.

Cybercrime 183

Cybercrime 183

Security Boulevard

MARCH 11, 2021

Over the years, we have seen an escalation in the series of hacks on health care services, power grids, nuclear plants and our privacy, with no respite. The threat is not just from China alone. It could be from North Korea or, as a matter of fact, from any state or non-state actor. This intent. The post The Future of Cyberwarfare appeared first on Security Boulevard.

Hacking 144

Hacking Security Awareness Risk Government 144

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. Unknown threat actors hacked the Verified forum in January, Crdclub in February, and Exploit and Maza in March, the attackers also leaked stolen data and in some cases they offered it for sale. “Since the beginning of the year, Intel 471 has

Cybercrime 144

Cybercrime DDOS Hacking Passwords 144

Bleeping Computer

MARCH 10, 2021

More state-sponsored hacking groups have joined the ongoing attacks targeting tens of thousands of on-premises Exchange servers impacted by severe vulnerabilities tracked as ProxyLogon. [.].

Hacking 144

Hacking 144

Tech Republic Security

MARCH 9, 2021

WhatsApp, Messenger and Telegram are just a few messaging app options to consider. Tom Merritt lists five things you need to know about messaging apps.

160

160

CyberSecurity Insiders

MARCH 10, 2021

The demand for cybersecurity professionals is currently higher than the number of experts available. Cases of cyber-attacks are rapidly increasing, and businesses have every reason to worry following the recent prediction that damage costs might shoot beyond $6 trillion by the end of 2021. If you’re a skilled security expert, organizations will be clamoring for your services soon.

Cybersecurity 143

Cybersecurity Marketing System Administration Backups 143

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk