Sat.Jan 30, 2021 - Fri.Feb 05, 2021

article thumbnail

Another SolarWinds Orion Hack

Schneier on Security

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks : Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S.

Hacking 363
article thumbnail

Practical Ways Older Adults Can Manage Their Security Online

Lohrman on Security

364
364
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “ SMS Bandits ,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

Phishing 358
article thumbnail

Weekly Update 229

Troy Hunt

This week's update comes to you amongst the noisy backdrop of the garden being literally chopped up by high pressure hose (which I think my beautiful Rhode Broadcaster mic successfully excluded). As I say in the intro, it appears the horticulture industry is a little like the software one where you get cowboys who in this case, put in plants that were way too big and whose roots now threaten to break through the tiles and the house itself, Little Shop of Horrors style.

IoT 307
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

More SolarWinds News

Schneier on Security

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.

article thumbnail

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

The Last Watchdog

It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. Related: The quickening of cyber warfare. The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.

Phishing 252

LifeWorks

More Trending

article thumbnail

Online Retailers That Cancel Purchases Continue To Utilize Personal Information Gathered During The Attempted Transactions

Joseph Steinberg

While we have become somewhat accustomed to the data collection practices of online retailers seeking to analyze our purchase histories in order to better target their marketing efforts, many people may not realize that even some well-known retailers also use data provided by people whose purchases the retailer itself cancelled. To understand the significance of the issue, please consider a recent experience of mine: The week of Black Friday weekend, I ordered a new refrigerator from an online r

Retail 249
article thumbnail

Georgia’s Ballot-Marking Devices

Schneier on Security

Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked (enough to change the outcome). Then this would have been detected in the audit, and (in principle) Georgia would have been able to recover by doing a full recount.

Hacking 357
article thumbnail

Security chaos engineering helps you find weak links in your cyber defenses before attackers do

Tech Republic Security

Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.

article thumbnail

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

The Last Watchdog

The cybersecurity operational risks businesses face today are daunting, to say the least. Related: Embedding security into DevOps. Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of.

Risk 154
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

La Cybersécurité pour les Nuls: Best-Selling “Cybersecurity For Dummies” Book Now Available In French

Joseph Steinberg

Cybersecurity For Dummies , the best-selling cybersecurity guide written by Joseph Steinberg for general audiences, is now available in French. Like its English, German, and Dutch counterparts, the French edition, entitled La Cybersécurité pour les Nuls , helps people stay cyber-secure regardless of their technical skillsets. Readers of the book learn what threats exist, as well as how to identify, protect against, detect, and respond to such threats.

article thumbnail

Barcode Scanner app on Google Play infects 10 million users with one update

Malwarebytes

Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner.

Adware 145
article thumbnail

6 enterprise security software options to keep your organization safe

Tech Republic Security

Enterprise security software is essential to protecting company data, personnel, and customers. Learn about some of the popular options available for your organization.

Software 216
article thumbnail

Google Chrome sync feature can be abused for C&C and data exfiltration

Zero Day

A security researcher has found a malicious Chrome extension in the wild abusing the Chrome Sync process.

145
145
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Fake WhatsApp app may have been built to spy on iPhone users – what you need to know

Hot for Security

A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data. Read more in my article on the Hot for Security blog.

Spyware 145
article thumbnail

New Chrome Browser 0-day Under Active Attack—Update Immediately!

The Hacker News

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

article thumbnail

Cybersecurity pros should switch from Indicators of Compromise to Indicators of Behavior

Tech Republic Security

Security experts suggest using IOBs to move from reacting to a cyberattack to preventing the incident.

article thumbnail

Webdev tutorials site SitePoint discloses data breach

Zero Day

SitePoint admits data breach after one million user creds were sold on a hacking forum last December.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Going Passwordless: Cybersecurity for the New Decade

Security Boulevard

The past year has put digital identity challenges, security and passwords under scrutiny. This report explains why passwordless is the future. Passwords are deeply ingrainetd in all aspects of our digital reality. A year ago, NordPass estimated that the average person had 70 to 80 passwords. And yet, password compromises and shared secrets remain the.

article thumbnail

Cybersecurity firm Stormshield hacked. Data (including source code) stolen

Graham Cluley

French cybersecurity firm Stormshield has revealed that it has suffered a security breach, and hackers have accessed sensitive information.

article thumbnail

91% of enterprise pros experienced an API security incident in 2020

Tech Republic Security

"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.

213
213
article thumbnail

Google patches an actively exploited Chrome zero-day

Zero Day

Google Chrome 88.0.4324.150 released with a fix. Users advised to update.

145
145
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Android emulator abused to introduce malware onto PCs

Malwarebytes

Emulators have played a part in many tech-savvy users’ lives. They introduce a level of flexibility that not only allows another system to run on top of a user’s operating system—a Windows OS running on a MacBook laptop, for example—but also allows video gamers to play games designed to work on a different platform than the one they own. Recently, ESET revealed a campaign that targeted users of NoxPlayer, a popular Android emulator for PCs and Macs.

Malware 145
article thumbnail

Kobalos – A complex Linux threat to high performance computing infrastructure

We Live Security

ESET researchers publish a white paper about unique multiplatform malware they’ve named Kobalos. The post Kobalos – A complex Linux threat to high performance computing infrastructure appeared first on WeLiveSecurity.

Malware 145
article thumbnail

Account takeover attacks spiked in 2020, Kaspersky says

Tech Republic Security

The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.

article thumbnail

Google paid $6.7 million to bug bounty hunters in 2020

Zero Day

Sum is up from the $6.5 million the company paid security researchers a year before, in 2019.

145
145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Chrome zero-day browser bug found – patch now!

Naked Security

Google is playing its cards close to its chest to avoid giving too much away.

145
145
article thumbnail

Exploiting a bug in Azure Functions to escape Docker

Security Affairs

Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker to escalate privileges and escape the Docker container that hosts them.

Hacking 145
article thumbnail

DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks

Tech Republic Security

Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.

Media 207
article thumbnail

Trucking company Forward Air said its ransomware incident cost it $7.5 million

Zero Day

Even if the company recovered from the ransomware attack, the incident left a mark on its Q4 2020 bottom line.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!