Schneier on Security
JULY 28, 2022
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.
Krebs on Security
JULY 29, 2022
The 911 service as it existed until July 28, 2022. 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy so
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
JULY 24, 2022
Like other forms of cyber crime, business email compromise is growing and evolving. Here’s what you need to know.
Tech Republic Security
JULY 28, 2022
The search giant explained that it pushed back its timeline once again because it needs more time for testing to ensure users’ online privacy is protected. The post Google delays removal of third-party cookies in Chrome through 2024 appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JULY 27, 2022
Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualities of a public good and is as indispensable as national highways.
Bleeping Computer
JULY 29, 2022
The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JULY 26, 2022
Keeping track of all of your passwords has never been easier. Learn how to fill and save passwords on your mobile device with 1Password. The post 1Password password manager: How it works with apps appeared first on TechRepublic.
Schneier on Security
JULY 29, 2022
Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There’s an entire industry devoted to undermining all of our security. It needs to be stopped.
Bleeping Computer
JULY 28, 2022
A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. [.].
CSO Magazine
JULY 26, 2022
ISAC and ISAO definition. [Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.] An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups. [ Learn what you need to know about defending critical infrastructure. | Get the latest from CSO by
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JULY 29, 2022
With summer vacations taking employees out of the office, phishing attacks are on the rise. Here are three ways companies can stay prepared. The post Prevent email phishing attacks this summer with 3 defensive measures appeared first on TechRepublic.
CyberSecurity Insiders
JULY 29, 2022
. The next time you are firing an employee for their low performance or doing it for any other reason, please make sure that the data they possess has been handover to you perfectly, i.e. scientifically. Otherwise, they could get involved with threat actors and target your organization with a sophisticated cyber attack that can shut down your organization on a permanent note.
Security Boulevard
JULY 28, 2022
Google’s plan to kill third party cookies is delayed—yet again. And it’s probably not surprising. The post Google ‘Delays Making Less Money’ — Third-Party Cookie Ban on Hold appeared first on Security Boulevard.
CSO Magazine
JULY 27, 2022
Since the pandemic the cyber world has become a far riskier place. According to the Hiscox Cyber Readiness Report 2022 , almost half (48%) of organizations across the U.S. and Europe experienced a cyberattack in the past 12 months. Even more alarming is that these attacks are happening despite businesses doubling down on their cybersecurity spend. Cybersecurity is at a critical inflection point where five megatrends are making the threat landscape riskier, more complicated, and costlier to manag
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JULY 27, 2022
Ducktail malware tries to hijack the accounts of individuals who use Facebook’s Business and Ads platforms, says WithSecure Intelligence. The post Infostealer malware targets Facebook business accounts to capture sensitive data appeared first on TechRepublic.
We Live Security
JULY 27, 2022
It pays to be careful – here’s how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash. The post Cash App fraud: 10 common scams to watch out for appeared first on WeLiveSecurity.
Security Boulevard
JULY 29, 2022
DSIRF GmbH codenamed ‘Knotweed’ by Microsoft and RiskIQ. The post Solved: Subzero Spyware Secret — Austrian Firm Fingered appeared first on Security Boulevard.
CSO Magazine
JULY 25, 2022
Phishing , in which an attacker sends a deceptive email tricks the recipient into giving up information or downloading a file, is a decades-old practice that still is responsible for innumerable IT headaches. Phishing is the first step for all kinds of attacks, from stealing passwords to downloading malware that can provide a backdoor into a corporate network.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
JULY 28, 2022
Since Microsoft’s shutdown of macros in Office apps, attackers are using container file types to deliver malware in one of the largest threat landscape shifts in recent history. The post How attackers are adapting to a post-macro world appeared first on TechRepublic.
Security Affairs
JULY 24, 2022
Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale the stolen data on a the popular hacking forum Breached Forums.
Digital Shadows
JULY 28, 2022
Recent reporting from Microsoft has shone light on the “HolyGhost” ransomware group, a cybercriminal outfit originating from North Korea. While. The post Holy Ghost’s Bargain Basement Approach to Ransomware first appeared on Digital Shadows.
CSO Magazine
JULY 25, 2022
To really secure software, you need to know what's inside its code. That's why a software bill of materials is essential today. It used to be that we didn't worry that much about our code's security. Bad binaries, sure. The code itself? Not so much. We were so foolish. Then came one security slap in the face after another: The SolarWinds software supply chain attack, the ongoing Log4j vulnerability , and the npm maintainer protest code gone wrong have made it clear that we must clean up our soft
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
JULY 27, 2022
If you're looking to get a powerful ERP solution up and running, Jack Wallen has the solution by way of Odoo and Docker. The post How to quickly deploy the Odoo ERP solution with Docker appeared first on TechRepublic.
Bleeping Computer
JULY 29, 2022
CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. [.].
Security Boulevard
JULY 29, 2022
Public proof-of-concepts (POCs) may be helping cybercriminals more than the organizations they were designed to protect. Sophos’ Active Adversary Playbook 2022 provides an in-depth analysis of cyberattacker behavior, tactics and tools from throughout 2021. The report found a number of instances where public proofs-of-concept (POC) of web shell exploits coincided with major spikes in attacks. .
CSO Magazine
JULY 29, 2022
While summer may be vacation season, criminals never take a day off. Researchers are also always busy following their methods and digging into their possible path for exploit. Here are a few interesting research initiatives making headlines this month. Fake Android apps keep popping up in Google Play. When folks download mobile applications from a trusted app source, obviously the expectation is the apps with be safe to use.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
JULY 27, 2022
Beyond the immediate costs of a data breach, almost half of the total costs occur more than a year after the incident, says IBM Security. The post Average cost of data breach surpasses $4 million for many organizations appeared first on TechRepublic.
Bleeping Computer
JULY 27, 2022
Microsoft has linked a threat group it tracks as Knotweed to a cyber mercenary outfit (aka private-sector offensive actor) named DSIRF, targeting European and Central American entities using a malware toolset dubbed Subzero. [.].
CyberSecurity Insiders
JULY 27, 2022
A novel malware named CosmicStrand is said to be targeting the old motherboards offered by Asus and Gigabyte and the crux is that it can survive operating system re-installs and it survives in Unified Extensible Firmware Interface (UEFIs) unlike just the storage drive. Russia-based cybersecurity firm Kaspersky confirmed this news as its researchers have discovered the malware propelling on old Microsoft machines since Dec’16.
Security Affairs
JULY 23, 2022
The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom paymen
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
292 
Let's personalize your content