Schneier on Security

NOVEMBER 22, 2021

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.

Cryptocurrency 316

Cryptocurrency 316

Lohrman on Security

NOVEMBER 21, 2021

As global travel returns, airline rules, checks and tests are hard to track. But get ready for more as travel returns for the holidays and 2022. Here’s the latest.

299

299

Krebs on Security

NOVEMBER 22, 2021

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.

Scams 248

Scams Cybercrime Banking Identity Theft 248

Tech Republic Security

NOVEMBER 23, 2021

Third-party app trackers have become a real problem on Android, and DuckDuckGo is doing something about it. Find out why Jack Wallen believes this is the browser you need to use.

218

218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

NOVEMBER 24, 2021

Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.

Spyware 292

Spyware Hacking Government Malware 292

Bleeping Computer

NOVEMBER 26, 2021

Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling. [.].

Scams 145

Scams 145

Tech Republic Security

NOVEMBER 23, 2021

Though the feds haven't identified any specific known threats, criminals are prone to strike when key employees are traveling or spending time with family and friends.

Government 217

Government Ransomware 217

Schneier on Security

NOVEMBER 26, 2021

Following California’s lead, a new UK law would ban default passwords in IoT devices.

Passwords 281

Passwords IoT 281

Security Boulevard

NOVEMBER 23, 2021

Although the vast majority of businesses are making multi-cloud a strategic priority in 2022 and keeping security top-of-mind, many feel they lack the tools and skills needed to execute on these plans. In fact, additional security complexities have prevented IT leaders from moving to multiple cloud platforms, even though the majority of organizations know that.

Cybersecurity 145

Cybersecurity Network Security 145

Bleeping Computer

NOVEMBER 22, 2021

GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [.].

Data breaches 145

Data breaches Hacking 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

NOVEMBER 22, 2021

Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.

Risk 211

Risk Cybersecurity Accountability 211

We Live Security

NOVEMBER 22, 2021

Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed. The post What to do if you receive a data breach notice appeared first on WeLiveSecurity.

Data breaches 145

Data breaches 145

The Hacker News

NOVEMBER 22, 2021

Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis.

eCommerce 145

eCommerce Malware 145

Bleeping Computer

NOVEMBER 22, 2021

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. [.].

145

145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

NOVEMBER 22, 2021

The hosting company has revealed a security incident that exposed the email addresses and customer numbers of 1.2 million Managed WordPress customers.

216

216

Malwarebytes

NOVEMBER 24, 2021

Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO (fear of missing out) is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after the game launches. There’s a lot of big titles hitting digital storefronts at the moment.

Malware 144

Malware Scams Passwords Cryptocurrency 144

CyberSecurity Insiders

NOVEMBER 23, 2021

The digital operations of the multinational company Bureau Veritas(BV) was brought to a halt when hackers launched a cyber attack on the IT infrastructure of the company that offers lab testing, inspection and certification services. In what is known to our Cybersecurity insiders, the security breach occurred on November 20 of this year and the company took down the servers and data offline in order to prevent any untoward incident such as data leak in the future.

Cyber Attacks 143

Cyber Attacks Artificial Intelligence Manufacturing Encryption 143

Bleeping Computer

NOVEMBER 20, 2021

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. [.].

Hacking 145

Hacking Malware 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

NOVEMBER 22, 2021

When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.

Accountability 203

Accountability 203

Malwarebytes

NOVEMBER 23, 2021

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission (SEC) that it had suffered a security breach. In the notice, it explained it had been compromised via an “unauthorized third-party access to our Managed WordPress hosting environment.” The unknown culprit behind the attack stole up to 1.2 million active and inactive customer data, including email addresses, original WordPress admin passwords, Secure File Transfer Pro

Passwords 144

Passwords Accountability CISO Banking 144

We Live Security

NOVEMBER 25, 2021

‘Tis the season to avoid getting played by scammers hijacking Twitter accounts and promoting fake offers for PlayStation 5 consoles and other red-hot products. The post The triangle of holiday shopping: Scams, social media and supply chain woes appeared first on WeLiveSecurity.

Scams 143

Scams Media Accountability 143

Bleeping Computer

NOVEMBER 21, 2021

The Securities and Exchange Commission (SEC) has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. [.].

Government 144

Government 144

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

NOVEMBER 24, 2021

Safari is a good browser, but it could be better. Unfortunately, one area that requires improvement is the un-Mac-ifying of the privacy settings. Find out what Jack Wallen means by this.

189

189

Security Affairs

NOVEMBER 21, 2021

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks.

DNS 142

DNS Passwords Malware Hacking 142

Security Boulevard

NOVEMBER 22, 2021

BSIMM12 reports increased attention on software security due to recent supply chain disruptions. Get recommendations for managing supply chain risks. The post Effective software security activities for managing supply chain risks appeared first on Software Integrity Blog. The post Effective software security activities for managing supply chain risks appeared first on Security Boulevard.

Software 141

Software Risk 141

Bleeping Computer

NOVEMBER 24, 2021

Microsoft has released the optional KB5007253 Preview cumulative update for Windows 10 2004, Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that claims to fix the 0x000006e4, 0x0000007c, or 0x00000709 network printing errors. [.].

141

141

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

NOVEMBER 23, 2021

Proofpoint finds that bad actors are using SMS messages about package deliveries as the bait in new scams.

Scams 216

Scams 216

Security Affairs

NOVEMBER 26, 2021

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT 140

IoT Wireless DDOS VPN 140

Dark Reading

NOVEMBER 24, 2021

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.

Cyber Risk 139

Cyber Risk Technology Risk 139

Bleeping Computer

NOVEMBER 21, 2021

Microsoft released Windows 10 21H2, the November 2021 Update, last week and you can now download an ISO image for the new version to put aside for emergencies or clean installs. [.].

141

141

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk