Sat.Nov 06, 2021 - Fri.Nov 12, 2021

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information.

Ransomware Attacks and Response: What You Need to Know Now

Lohrman on Security

Not only is ransomware the top cybersecurity story in 2021, but new twists, turns and countermeasures keep coming. Here are the latest headlines and what news you need

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MacOS Zero-Day Used against Hong Kong Activists

Schneier on Security

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1

Are Cyber Insurers Cybersecurity’s New Enforcers?

Security Boulevard

Recent ransomware attacks have dominated the headlines this year. Predictions estimate that the financial impact caused by ransomware could reach $265 billion globally by 2031.

More Trending

Sophos finds new malware being distributed through email

CyberSecurity Insiders

Sophos, a cloud-native data security firm, has discovered in its research that a new malware is being distributed through threatening email.

Microsoft Patch Tuesday, November 2021 Edition

Krebs on Security

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software.

Researcher Details Vulnerabilities Found in AWS API Gateway

Dark Reading

AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them

Risk 114

Advice for Personal Digital Security

Schneier on Security

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” ” It’s pretty good. Uncategorized cybersecurity risk assessment security analysis threat models

Risk 198

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Flaws in the Nucleus embedded TCP/IP stack puts critical systems at risk

CSO Magazine

Security researchers have uncovered serious vulnerabilities in the TCP/IP stack of a real-time operating system (RTOS) called Nucleus that's used in safety-critical devices across many industry verticals.

Risk 113

Red Teams and the Value of Open Source PoC Exploits

Security Boulevard

Red Teams are a necessary part of a good cybersecurity program. The Red Team is offensive security, explained Richard Tychansky, a security researcher speaking at (ISC)2 Security Congress.

Firms Will Struggle to Secure Extended Attack Surface in 2022

Dark Reading

Companies are relying more heavily on third parties, remote employees, and partners, expanding their attack surface area beyond traditional boundaries

114
114

Drones Carrying Explosives

Schneier on Security

We’ve now had an (unsuccessful) assassination attempt by explosive-laden drones. Uncategorized assassinations drones Iran

178
178

Which countries are most (and least) at risk for cybercrime?

CSO Magazine

The risk of cybercrime is not spread equally across the globe.

Loosening the Grip of Ransomware

Security Boulevard

The specter of ransomware is currently looming large. Barely a day goes by without headlines announcing the latest big name whose data’s been ‘kidnapped’ by cybercriminals—and imagine the number of victims that we don’t hear about!

Open Source Project Aims to Detect Living-Off-the-Land Attacks

Dark Reading

The machine learning classifier from Adobe can determine whether system commands are malicious and classify them using a variety of tags useful for security analysts

113
113

Google takes a bold step toward securing your Gmail, but not without many complaints

CyberSecurity Insiders

This blog was written by an independent guest blogger. Many Gmail users were recently greeted with a message that alerted them that 2-step verification will be required to log into their accounts starting on November 9th (today).

What's next in Congress for cybersecurity after enactment of the infrastructure bill

CSO Magazine

Editor's note: This article, posted earlier today, had been updated to include the passage of the Infrastructure Investment and Jobs Act. On Friday, Congress passed one of President Biden's signature pieces of legislation, the $1 trillion Infrastructure Investment and Jobs Act.

Sophisticated Android spyware PhoneSpy infected thousands of Korean phones

Security Affairs

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign.

Why Self-Learning AI Is Changing the Paradigm of ICS Security

Dark Reading

By focusing on the organization rather than the threat, AI can identify subtle changes in your digital environment that point to a cyber threat

Hackers Targeted Hong Kong Apple Devices in Widespread Attack

WIRED Threat Level

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more. Security Security / Cyberattacks and Hacks

Media 112

4 tools to prevent leaks in public code repositories

CSO Magazine

Secrets stored in Git repositories have been a thorn in the side of developers and a go-to source for attackers for a long time.

Why 86% of Organizations Are Increasing Their Investment in Active Directory Security

Security Boulevard

New EMA Research Highlights the Rise of Active Directory Exploits Active Directory is getting a lot of buzz in business and tech news outlets lately—but not in a good way.

Edge Chat With Cisco Secure CTO TK Keanini on Achieving Better Security Outcomes

Dark Reading

Now is the time for organizations to rethink their security strategies with a platform- and architecture-based approach in mind. Keanini explains

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong.

Why are people so bad at risk assessment? Blame the brain

CSO Magazine

Almost four decades have passed since the release of Brain, one of the first computer viruses that traveled the world.

DNSSEC: The Secret Weapon Against DNS Attacks 

Security Boulevard

The domain name system (DNS) is known as the phone book of the internet, quickly connecting users from their devices to their desired content. But what appears to most users as seamless and instantaneous actually offers multiple opportunities for bad actors to slip through the cracks.

DNS 111

3 Ways to Deal With the Trojan Source Attack

Dark Reading

These scripts and commands provide short-term fixes for blocking the Trojan Source attack that abuses Unicode to inject malicious backdoors in source code

114
114

Health Care Sector facing Identity theft threat in Canada Provinces

CyberSecurity Insiders

Canada Province’s Privacy Commissioner has issued a statement that the healthcare sector in the region was facing immense threats related to identity theft.

How to spot and block cryptominers on your network

CSO Magazine

A friend recently traveled to Iceland and came back with the knowledge that the country is a key hub for Bitcoin mining due to its cheap thermal energy source. Your computer or your network’s computers could also be an ideal spot for cryptomining.

Experts found 14 new flaws in BusyBox, millions of devices at risk

Security Affairs

Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks. Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new critical vulnerabilities in BusyBox.

4 Tips to Secure the OT Cybersecurity Budget You Require

Dark Reading

OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late

How AI fights fraud in the telecom industry

Tech Republic Security

Americans lost $29.8 billion in phone fraud over the past year. Can AI fraud detection change this

156
156

5 IT risk assessment frameworks compared

CSO Magazine

From a cybersecurity standpoint, organizations are operating in a high-risk world. The ability to assess and manage risk has perhaps never been more important.