Krebs on Security

FEBRUARY 22, 2022

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they will not pursue charges following revelations that the data had been exposed since 2011 — two years after responsibility for securing the state’s IT systems was centralized within Parson’s own Office of Administration.

Education 328

Education Technology Hacking Media 328

Troy Hunt

FEBRUARY 24, 2022

I feel the need, the need for speed. Faster, Faster, until the thrill of speed overcomes the fear of death. If you're in control, you're not going fast enough. And so on and so forth. There's a time and a place for going fast, and there's no better place to do that than when querying Have I Been Pwned's Pwned Passwords service.

Passwords 292

Passwords Malware 292

Schneier on Security

FEBRUARY 22, 2022

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age — one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations for each. Such a shift is momentous but not without precedent.

Cybersecurity 282

Cybersecurity Surveillance Marketing Encryption 282

Lohrman on Security

FEBRUARY 20, 2022

The FBI recently warned consumers that some QR codes can lead to fraud and steal victim funds if scanned into smartphones. Let’s explore this growing trend.

Phishing 248

Phishing 248

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 25, 2022

The conflict we all feared is expected to bring an increase of cyberattacks, but experts agree that all hope isn’t lost. The post How Russia’s invasion of Ukraine will affect your cybersecurity appeared first on TechRepublic.

Cybersecurity 205

Cybersecurity 205

Graham Cluley

FEBRUARY 25, 2022

The Conti ransomware gang says that it supports the Russian government's invasion of Ukraine. and if anyone launches a retaliatory cyber attack against Russia, they will hit back hard - launching attacks on critical infrastructure.

Ransomware 145

Ransomware Hacking Cyber Attacks Government 145

Malwarebytes

FEBRUARY 24, 2022

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group. Cyclops Blink. The alert issued b y the Cybersecurity & Infrastructure Security Agency (CISA) and an analysis published by the UK’s National Cyber Security Center (NCSC) show Indicators of Compromise (I

Malware 145

Malware Firewall Firmware DDOS 145

Tech Republic Security

FEBRUARY 22, 2022

2021 saw a decrease in mobile malware attacks, yet they have become increasingly sophisticated. Learn more about these threats and how to avoid being a victim. The post 2021 mobile malware evolution: Fewer attacks, escalating dangers appeared first on TechRepublic.

Mobile 206

Mobile Malware 206

Security Boulevard

FEBRUARY 21, 2022

Financially motivated actors appear to have stayed out of the Russia-Ukraine tensions—so far. Those actors “have yet to show their inclination to leverage the conflict for personal gain,” according to researchers at Intel471 who have been monitoring how the current conflict between the two countries is affecting the cybercriminal underground. But it’s too early to.

Security Awareness 144

Security Awareness Risk Government Malware 144

Schneier on Security

FEBRUARY 24, 2022

The story is an old one, but the tech gives it a bunch of new twists : Gemma Brett, a 27-year-old designer from west London, had only been working at Madbird for two weeks when she spotted something strange. Curious about what her commute would be like when the pandemic was over, she searched for the company’s office address. The result looked nothing like the videos on Madbird’s website of a sleek workspace buzzing with creative-types.

Internet 253

Internet Internet 253

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

FEBRUARY 23, 2022

A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues. [.].

Ransomware 143

Ransomware 143

Tech Republic Security

FEBRUARY 24, 2022

Whether the chicken or the egg came first, Beyond Identity’s data suggests that the fastest growing companies are all more likely to take cybersecurity seriously. The post What hyper-growth companies all have in common: They prioritize cybersecurity appeared first on TechRepublic.

Cybersecurity 204

Cybersecurity 204

Security Boulevard

FEBRUARY 23, 2022

2021 was a record year for headling-making cyberattacks. A Chicago-based insurance firm, CNA Financial, paid a $40 million ransom to recover their data; not to mention the attack on Kaseya in which the hackers successfully penetrated the defenses of the widely used software and distributed the malicious files through standard update channels. The probability of a.

Cybersecurity 141

Cybersecurity Insurance Software Phishing 141

Google Security

FEBRUARY 23, 2022

Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux development, and most contributors were students or hobbyists, tinkering with development boards, often without much in the way of documentation. Now 20+ years later, 32-bit ARM's maintainer has downgraded its support level to 'odd fixes ,' while remaining active as a kernel contributor.

Risk 140

Risk Architecture Wireless Software 140

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

FEBRUARY 23, 2022

Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine. [.].

Malware 145

Malware Cybersecurity 145

Tech Republic Security

FEBRUARY 23, 2022

Some banking malware targets mobile devices and can quickly steal money from banking accounts. Meet Xenomorph, a new malware targeting Android and more than 50 banking and financial applications. The post New Xenomorph Android malware targets more than 50 banking and financial applications appeared first on TechRepublic.

Banking 200

Banking Malware Mobile Accountability 200

Security Boulevard

FEBRUARY 24, 2022

Increasingly stringent anti-money laundering (AML) and know your customer (KYC) regulations are sweeping the globe, forcing many organizations to navigate complex and varied regulations for banks and other credit and financial institutions in order to be considered compliant. As global economies continue to emerge from the COVID-19 pandemic, compliance departments also face regulators that are.

Banking 141

Banking Risk Government Cybersecurity 141

We Live Security

FEBRUARY 24, 2022

Hundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number of Ukrainian websites. The post HermeticWiper: New data‑wiping malware hits Ukraine appeared first on WeLiveSecurity.

Malware 141

Malware DDOS 141

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

FEBRUARY 23, 2022

A report released today dives deep into technical aspects of a Linux backdoor now tracked as Bvp47 that is linked to the Equation Group, the advanced persistent threat actor tied to the U.S. National Security Agency. [.].

134

134

Tech Republic Security

FEBRUARY 23, 2022

IBM’s 2022 X-Force Threat Intelligence Index also revealed that ransomware was again the top attack type last year and that manufacturing supply chains were most vulnerable to exploitation. The post Microsoft, Apple and Google top the list of the most spoofed brands in 2021 appeared first on TechRepublic.

Manufacturing 195

Manufacturing Ransomware 195

Security Boulevard

FEBRUARY 23, 2022

In January of 2018, Dr. Kenneth Bramlett, an orthopedic surgeon from Vestavia Hills, Alabama, decided to buy a bit more than a half-million dollars worth of gold coins. He provided his name, address, Social Security number, a copy of his Alabama driver’s license and a personal check from his account to Dillon Gage, a gold. The post Insurance Won’t Pay for Identity Fraud Losses appeared first on Security Boulevard.

Insurance 138

Insurance Accountability Identity Theft Cybercrime 138

Malwarebytes

FEBRUARY 19, 2022

US Senators Richard Blumenthal of Connecticut and Marsha Blackburn of Tennessee have introduced the Kids Online Safety Act (KOSA), legislation that aims to enhance children’s safety online. This follows the The Wall Street Journal (WSJ)’s reporting on the harm Instagram can inflict on teens , which was based on controversial Facebook documents that whistleblower Frances Haugen leaked to the WSJ, and coupled with multiple hearings with social media companies about their failures to pr

Media 134

Media Telecommunications Accountability Advertising 134

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

FEBRUARY 22, 2022

A devious new phishing technique allows attackers to bypass MFA by secretly having victims log in to their accounts directly on attacker-controlled servers using VNC. [.].

Phishing 135

Phishing Software Accountability 135

Tech Republic Security

FEBRUARY 25, 2022

Just when you thought you knew what phishing perils to watch out for, along comes a new spin: consent phishing. Here’s a look at this latest cybersecurity threat. The post Top 5 things to know about consent phishing appeared first on TechRepublic.

Phishing 192

Phishing Cybersecurity 192

Security Boulevard

FEBRUARY 25, 2022

The Ukranian Defense Ministry is calling up volunteers to join a “cyber force”—to defend against Russian attacks. The post Hackers Wanted—Ukraine Government Calls up its ‘Cybercommunity’ appeared first on Security Boulevard.

Government 138

Government IoT Risk Mobile 138

CyberSecurity Insiders

FEBRUARY 22, 2022

Since a Seattle based healthcare company named Sea Mar Community Health Centers has failed to protect the health care information of over 688,000 people, it will have to respond to a lawsuit filed in the district court early this month. According to the sources reporting to our Cybersecurity Insiders, the data breach was detected in June 2021, where a portion of data related to patients was stolen by a hacking gang named Marketo.

Healthcare 133

Healthcare Data breaches Cyber Attacks Cybersecurity 133

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

FEBRUARY 19, 2022

The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free cybersecurity tools and services that can help organizations to reduce cybersecurity risk and increase resilience.

Cybersecurity 133

Cybersecurity Threat Detection Government Risk 133

Tech Republic Security

FEBRUARY 23, 2022

If you're looking to get notified when someone logs into your Linux servers via SSH, Jack Wallen is here to show you how to set this up. The post How to create an email alert for SSH logins appeared first on TechRepublic.

Software 161

Software 161

Security Boulevard

FEBRUARY 25, 2022

The post DevOps vs SRE (Site Reliability Engineer): Rivals or Companions? appeared first on PeoplActive. The post DevOps vs SRE (Site Reliability Engineer): Rivals or Companions? appeared first on Security Boulevard.

Engineering 135

Engineering 135

CSO Magazine

FEBRUARY 25, 2022

The infamous cybercriminal group behind the Conti ransomware has publicly announced its full support for the Russian government while the country's army is invading Ukraine and threatened to strike the critical infrastructure of anyone launching cyberattacks or war actions against Russia. The move comes after Twitter accounts claiming association with the Anonymous hacktivist collective declared "cyberwar" against the Russian government and took credit for distributed denial-of-service (DDoS) at

Government 132

Government DDOS Cybercrime Accountability 132

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk