Sat.Aug 21, 2021 - Fri.Aug 27, 2021

article thumbnail

Surveillance of the Internet Backbone

Schneier on Security

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.

Internet 355
article thumbnail

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 258

Troy Hunt

A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style). Lots of little things this week, hoping next week will be the big "hey, Pwned Passwords just passed 1 billion", stay tuned for that one 😊 References You probably should have an OnlyFans account (no, not in the way it sounds like you should.

article thumbnail

Cyber in Afghanistan: Tech’s Vital Role in Kabul Evacuation

Lohrman on Security

The desperate images coming out of Afghanistan following the Taliban’s takeover last weekend underline the importance of technology and the real-life impacts when planning goes well — or not so well.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Interesting Privilege Escalation Vulnerability

Schneier on Security

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer.

Software 318
article thumbnail

How to create a hidden, nearly undeletable folder in Windows 10

Tech Republic Security

It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.

214
214

More Trending

article thumbnail

More and More Companies Are Getting Hit with Ransomware

Heimadal Security

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments. What motivates the ransomware actors to become even more […].

article thumbnail

Details of the Recent T-Mobile Breach

Schneier on Security

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked.

Mobile 331
article thumbnail

Ransomware demands and payments skyrocket

Tech Republic Security

According to a ransomware report, the average ransom payment in the first half of 2021 jumped to $570,000. Learn more in TechRepublic's Karen Roby interview with writer Lance Whitney.

article thumbnail

AI-Fueled Deep Fakes Signal New Era of Cybercrime

Security Boulevard

Information manipulation has been around since Chinese general Sun Tzu wrote “The Art of War” in 550 BC. The Russians routinely use disinformation tactics to destabilize democracies. Events like the 2020 U.S. elections or COVID-19 vaccinations highlight how political opponents and rogue nations actively practice disinformation campaigns to undermine confidence in governments and science, sowing.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Man impersonates Apple support, steals 620,000 photos from iCloud accounts

We Live Security

The man was after sexually explicit photos and videos that he would then share online or store in his own collection. The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity.

article thumbnail

T-Mobile confirms fifth data breach in three years

Graham Cluley

T-Mobile has confirmed media reports from earlier this week that it had suffered a serious data breach. And it's not just existing T-Mobile users who should be alarmed, but former and prosepective customers as well.

article thumbnail

Tech companies pledge to help toughen US cybersecurity in White House meeting

Tech Republic Security

Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.

article thumbnail

Cloud Workload Security

Security Boulevard

Cloud observability and security are quickly becoming mainstays necessary to manage and secure cloud-based applications and infrastructure. At Black Hat 2021, Datadog announced their new Cloud Workload Security offering, providing real-time eBPF-powered threat detection across containers and hosts. Datadog’s Nick Davis, senior product manager for cloud workload security, and Mitch Ashley discuss how the solution.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Details of US State Department Cyber Attack

CyberSecurity Insiders

The US Department of Defense Cyber Command has disclosed in a tweet that the US State Department was hit by a cyber attack, just a couple of weeks ago, hinting at a serious data breach. However, for security reasons, the source did not reveal the nature of the attack and its impact on the operations taken up by the state department. Cybersecurity Insiders has learnt that the attack could have taken place in the first week of August and a state funded hacking gang seems to be behind the incident.

article thumbnail

Beyond the pandemic: Why are data breach costs at an all?time high?

We Live Security

It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity.

article thumbnail

Google and mobile operating systems top list of privacy concerns, says Kaspersky

Tech Republic Security

Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.

Mobile 187
article thumbnail

Cybercriminals Inducing Insiders to Plant Malware

Security Boulevard

Those who manage insider threat programs just got a healthy reminder from researchers at Abnormal Security who detailed how their deployed tools detected a new insider recruitment tactic—this time involving ransomware. Insider recruitment, be it sponsored by a nation-state, competitor or criminal enterprise, is not new. The means by which the adversary approaches the target.

Malware 145
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

The T-Mobile data breach: A timeline

CSO Magazine

Telecommunications giant T-Mobile has warned that information including names, dates of birth, US Social Security numbers (SSNs), and driver’s license/ID of almost 50 million individuals comprising current, former, or prospective customers has been exposed via a data breach. While many details of the incident (including its root cause) remain unclear as of August 19, immediate fallout suggests this incident might be one of the most significant of recent times, not least due to the number of reco

article thumbnail

New zero-click iPhone exploit used to deploy NSO spyware

Bleeping Computer

Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. [.].

Spyware 145
article thumbnail

Security alert: The threat is coming from inside your Docker container images

Tech Republic Security

Five malicious Docker container images were recently detected on Docker Hub, totaling more than 120,000 pulls.

217
217
article thumbnail

Cyber Attack on Crypto Exchange brings $97 million loss to customers

CyberSecurity Insiders

Japan-based Cryptocurrency Exchange Company named ‘Liquid’ was reportedly hit by a cyber attack after which the cyber crooks managed to pull $97 million directly from the e-wallets of several customers. Highly placed sources suspect a well known cyber criminal gang behind the attack and have launched a separate investigation that also includes security veterans from the law enforcement.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

4 most dangerous emerging ransomware threat groups to watch

CSO Magazine

New research from Palo Alto Networks’ Unit 42 has identified four emerging ransomware groups that have the potential to become bigger problems in the future. These are AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0. [ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the latest from CSO by signing up for our newsletters.

article thumbnail

The Top 10 Highest Paying Jobs in Information Security – Part 2

The State of Security

Information security is an exciting and rapidly growing field for individuals who are interested in protecting users and their data. In an effort to map out the industry as a possible career choice, we recently conducted research into the top 10 infosec jobs based on overall pay grade. We now continue with the second part of our two-part series. #5: […]… Read More.

article thumbnail

Risk officers and board members don't agree on use of tech and data in business

Tech Republic Security

Survey by EY finds that board members are interested in spending more money on technology and data analytics for risk management.

Risk 190
article thumbnail

Banking’s Digital Future Raises Security Concerns

Security Boulevard

As the global financial services industry undergoes a seismic shift, disruption is prompting the industry to replace traditional practices, with emphasis on the inevitable digital future banks will have to embrace. In a report from Deloitte, nearly three-quarters (73%) of respondents said they fear their organizations would lose competitive advantage if they fail to adopt.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

How attackers could exploit breached T-Mobile user data

CSO Magazine

T-Mobile has confirmed a data breach that impacted nearly 50 million people, including current, former and prospective subscribers. The exposed details differed across different types of customers, so the level of risk users are exposed to varies. Victims of the T-Mobile or any other breach where personal data is stolen should be aware of follow-on attacks and take steps to mitigate them.

Mobile 144
article thumbnail

T-Mobile CEO: Hacker brute-forced his way through our network

Bleeping Computer

Today, T-Mobile's CEO Mike Sievert said that the hacker behind the carrier's latest massive data breach brute forced his way through T-Mobile's network after gaining access to testing environments. [.].

Mobile 144
article thumbnail

Windows 365 Business: How this new tool can help your organization

Tech Republic Security

Simon Bisson tried out the new Microsoft 365 tool, which allows you to create virtual machines for your staff working from home. Here's what he learned.

165
165
article thumbnail

Mobile Security companies are lining up for protection against Pegasus Malware

CyberSecurity Insiders

As the Pegasus malware nuisance is slowly found politically gripping the entire world, companies offering security solutions to mobile users are getting busy in finding out a solution that helps protect against the infection repercussions caused by the Pegasus Malware. Recently, Zimperium, a US based technology company, was assigned with the duty by Department of Defense and the responsibility was to deliver a comprehensive Mobile Protection against the said spying tool.

Mobile 142
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.