Sat.Jun 26, 2021 - Fri.Jul 02, 2021

article thumbnail

What is the dark web? How to access it and what you'll find

CSO Magazine

Dark web definition. The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period in 2015 and found that 57% host illicit material.

article thumbnail

3 Steps to Strengthen Your Ransomware Defenses

The Hacker News

The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cyber investments are growing, but not enough

Tech Republic Security

64% of respondents to PwC's latest CEO survey expect a jump in reportable ransomware and software supply chain incidents this year, and only 55% are prepared to respond.

article thumbnail

More Russian Hacking

Schneier on Security

Two reports this week. The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.

Hacking 361
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD. Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who ca

Firmware 340
article thumbnail

Welcoming the Slovak Republic Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come.

More Trending

article thumbnail

Risks of Evidentiary Software

Schneier on Security

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it. The software engineers proposed a three-part test.

Software 313
article thumbnail

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and i

article thumbnail

How to bypass the Windows 11 TPM 2.0 requirement

Bleeping Computer

Microsoft now requires a computer to have a TPM 2.0 module to install Windows 11. However, new Registry entries have been discovered that allow you to bypass the TPM requirement and minimum memory and secure boot requirements. [.].

145
145
article thumbnail

More than 3.5 million people needed worldwide to work in cybersecurity

Tech Republic Security

Expert says attacks are getting bigger and more aggressive than before. Instead of being like a burglary, they're more like a home invasion.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

NFC Flaws in POS Devices and ATMs

Schneier on Security

It’s a series of vulnerabilities : Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader — rather than swipe or insert it — to make a payment or extract money from a cash machine.

Firmware 278
article thumbnail

Second colossal LinkedIn “breach” in 3 months, almost all users affected

Malwarebytes

LinkedIn has reportedly been breached— again —following reports of a massive sale of information scraped from 500M LinkedIn user profiles in the underground in May. According to Privacy Shark, the VPN company who first reported on this incident , a seller called TomLiner showed them he was in possession of 700 million Linkedin user records. That means almost all (92 percent) of LinkedIn’s users are affected by this.

article thumbnail

Common Facebook scams and how to avoid them

We Live Security

Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed. The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity.

Scams 145
article thumbnail

You don't have to be a tech expert to become a cybersecurity pro

Tech Republic Security

Attention to detail, creativity and perseverance are key traits for a good white hat hacker. These positions are in high demand.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Insurance and Ransomware

Schneier on Security

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

Insurance 279
article thumbnail

CISA releases new ransomware self-assessment security audit tool

Bleeping Computer

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET). [.].

article thumbnail

One Medical: Sorry-not-Sorry for Leaking your Personal Info

Security Boulevard

Primary care med-tech firm One Medical sent email to countless customers, with hundreds of other customer email addresses visible in the To: field. The post One Medical: Sorry-not-Sorry for Leaking your Personal Info appeared first on Security Boulevard.

article thumbnail

Americans lost $29.8 billion to phone scams in the past year, study finds

Tech Republic Security

The number of spam calls, the number of people losing money to them and the total amount of money lost In the past year are all record setting.

Scams 203
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

The Hacker News

Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.

145
145
article thumbnail

One billion dollars lost by over-60s through online fraud in 2020, says FBI

Hot for Security

According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. Read more in my article on the Hot for Security blog.

Internet 145
article thumbnail

Shutdown Kaseya VSA servers now amidst cascading REvil attack against MSPs, clients

Malwarebytes

A severe ransomware attack reportedly taking place now against the popular Remote Monitoring and Management software tool Kaseya VSA has forced Kaseya into offering urgent advice: Shutdown VSA servers immediately. “We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today,” Kaseya wrote on Friday afternoon.

article thumbnail

Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million

Tech Republic Security

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Microsoft admits to signing rootkit malware in supply-chain fiasco

Bleeping Computer

Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control IPs. [.].

Malware 145
article thumbnail

LinkedIn Leaks 93% of Users’ Data—Refuses Blame for Breach

Security Boulevard

LinkedIn is fighting a crescendo of criticism over a huge data breach. But when is a breach not a “breach”? The post LinkedIn Leaks 93% of Users’ Data—Refuses Blame for Breach appeared first on Security Boulevard.

article thumbnail

Twitter now lets users set security keys as the only 2FA method

We Live Security

You can now secure your account with a physical security key as your sole 2FA method, without any additional 2FA option. The post Twitter now lets users set security keys as the only 2FA method appeared first on WeLiveSecurity.

article thumbnail

Windows 11: Understanding the system requirements and the security benefits

Tech Republic Security

Security is a big part of Windows 11, but so is delivering productivity and a good experience with all the security features turned on.

207
207
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

New LinkedIn breach exposes data of 700 Million users

Security Affairs

A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users. A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total 756M users, is available for sale on forums on the dark web. The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experi

article thumbnail

4 Warning Signs of an Insecure App

Security Boulevard

The “golden age of digital transformation” is upon us, and companies around the globe are scurrying to meet consumers on the digital frontier. For developers, it is a virtual gold rush, as businesses overhaul their infrastructure to meet consumers where they are—their mobile phones. For most, this means developing a mobile app. Unfortunately, the byproduct.

article thumbnail

Russian hackers had months-long access to Denmark's central bank

Bleeping Computer

Russian state hackers compromised Denmark's central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected. [.].

Banking 145
article thumbnail

Cybersecurity study: SolarWinds attack cost affected US companies an average of $12 million

Tech Republic Security

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.