Schneier on Security

FEBRUARY 9, 2021

MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. “The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report sha

Software 357

Software 357

Joseph Steinberg

FEBRUARY 7, 2021

People living in many different areas of the USA are reporting receiving to their homes in recent days unexpected shipments of COVID-19 protection supplies – such as packs of surgical masks and face shields – products that they never ordered. While some folks who receive such items may feel lucky – protective gear can sometimes be difficult to find in local stores – these “gifts” appear to be part of a cyber-scam, sometimes known as “ brushing ,” about which you should be familiar.

Scams 348

Scams Artificial Intelligence Identity Theft Cybersecurity 348

Adam Levin

FEBRUARY 8, 2021

An Android app with over 10 million installations spread malware to its users in a recent update. Barcode Scanner is an app available in the Google Play store for Android devices. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. The app has been a popular download among Android users for several years and before the most recent update had never engaged in questionable practices.

Mobile 303

Mobile Advertising Malware Risk 303

Krebs on Security

FEBRUARY 9, 2021

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws. Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems w

DNS 288

DNS Backups Software Phishing 288

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 10, 2021

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the company’s data, among last year’s top earners, there were groups like Ryuk, Maze (now-defunct), Doppelpaymer, Netwalker ( disrupted by authorities ), Conti, and REvil (aka Sodinokibi).

Ransomware 299

Ransomware Cryptocurrency 299

Joseph Steinberg

FEBRUARY 11, 2021

It seems like every day that I see social media posts in which people share photos of the official COVID-19 vaccine card that they have received after being vaccinated against the novel coronavirus that has inflicted tremendous suffering worldwide over the past year. While it is easy to understand why people are eager to celebrate their vaccinations, sharing photos of your physical vaccination card (in the USA, The CDC “COVID-19 Vaccination Record Card”) opens the door for multiple potential pro

Media 344

Media Artificial Intelligence Social Engineering Manufacturing 344

Lohrman on Security

FEBRUARY 7, 2021

332

332

Schneier on Security

FEBRUARY 12, 2021

Sonja Drummer describes (with photographs) two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second is for integrity: hashed lines written above and below a block of text ensure that no one can add additional text at a later date.

Authentication 292

Authentication 292

The Hacker News

FEBRUARY 12, 2021

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain.

System Administration 145

System Administration Data breaches Engineering Accountability 145

Tech Republic Security

FEBRUARY 11, 2021

When workers need to get things done in a dangerous locale, sometimes they have to be distant. This opens up plenty of cybersecurity hazards. We spoke with one expert about how to achieve that security.

Cyber Risk 209

Cyber Risk Risk Cybersecurity 209

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Hot for Security

FEBRUARY 12, 2021

Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients Hackers bragged about the poor state of firm’s security. Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy ses

Data collection 145

Data collection Data breaches Ransomware 145

Schneier on Security

FEBRUARY 8, 2021

Hackers are exploiting zero-day in SonicWall: In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.” In Monday’s update, SonicWall representatives said the company’s engineering team confirmed that the submission by NCC Group included a “critical zero-day” in the SMA 100 s

Hacking 289

Hacking Engineering Cybersecurity 289

Bleeping Computer

FEBRUARY 9, 2021

A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [.].

Hacking 145

Hacking Software 145

Tech Republic Security

FEBRUARY 8, 2021

A Comparitech report found that Japan and the UAE have the most expensive identities available on illicit marketplaces at an average price of $25.

215

215

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

FEBRUARY 9, 2021

Ensure the security of your organization’s sensitive data with this data loss prevention checklist, intended to help mitigate both internal and outsider threats. For companies worldwide, it has become essential to safeguard sensitive information such as Personally Identifiable Information (PII), Protected Health Information (PHI), and customer financial information.

Unstructured Data 145

Unstructured Data Risk Education Marketing 145

Schneier on Security

FEBRUARY 12, 2021

A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.

Manufacturing 277

Manufacturing Firewall Media Passwords 277

Hot for Security

FEBRUARY 9, 2021

Ransomware gang Conti blamed for attack on Florida-based Leon Medical Center Malware delivered via a poisoned document mistakenly opened by staff member. The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.

Healthcare 145

Healthcare Ransomware Insurance Malware 145

Tech Republic Security

FEBRUARY 7, 2021

Data loss is the number one result of a fruitful phishing campaign, but account compromises and ransomware attacks can threaten your organization as well, says Proofpoint.

Phishing 194

Phishing Accountability Ransomware 194

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

FEBRUARY 9, 2021

A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [.].

Hacking 145

Hacking Software 145

Security Boulevard

FEBRUARY 7, 2021

“The Hitchhiker’s Guide to the Galaxy,” by Douglas Adams, could actually be a guide to cybersecurity if read in a different context. The crux of the problem in present-day cybersecurity practice is summed up in this exchange from the book: After seven and a half million years of computing, “The answer to the Great Question of. The post Cybersecurity 2021: Asking the Right Question appeared first on Security Boulevard.

Cybersecurity 145

Cybersecurity CISO Malware 145

The Hacker News

FEBRUARY 8, 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category.

Software 145

Software 145

Tech Republic Security

FEBRUARY 8, 2021

There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You'll need to issue a global policy.

188

188

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

FEBRUARY 8, 2021

A remote hacker managed to gain access to computer systems at the water treatment plant in Oldsmar, Florida, and briefly increased the amount of sodium hydroxide in the water by a dramatic amount.

Authentication 144

Authentication Hacking 144

Security Affairs

FEBRUARY 7, 2021

Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. The attack is possible because the machines use a smart card payment system that leverages insecure technology, the MIFARE Classic smart cards.

Hacking 144

Hacking Technology Software Engineering 144

We Live Security

FEBRUARY 10, 2021

This month’s relatively humble bundle of security updates fixes 56 vulnerabilities, including a zero-day bug and 11 flaws rated as critical. The post Microsoft patches actively exploited Windows kernel flaw appeared first on WeLiveSecurity.

144

144

Tech Republic Security

FEBRUARY 12, 2021

Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?

Insurance 215

Insurance Cybersecurity 215

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Boulevard

FEBRUARY 9, 2021

Cyberattacks on transportation OT systems could disrupt port management, customs approval processes or facilitate the import of illegal goods. The post The Cyber Risks of Transportation’s Connected OT/IoT Systems appeared first on Nozomi Networks. The post The Cyber Risks of Transportation’s Connected OT/IoT Systems appeared first on Security Boulevard.

Cyber Risk 144

Cyber Risk IoT Risk Cybersecurity 144

Graham Cluley

FEBRUARY 11, 2021

British police have arrested eight men in connection with a series of SIM-swapping attacks which saw criminals hijack the social media accounts of well-known figures and their families. Read more in my article on the Tripwire State of Security blog.

Media 144

Media Accountability Cryptocurrency Mobile 144

Bleeping Computer

FEBRUARY 7, 2021

Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship. However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users. [.].

Encryption 145

Encryption Risk Mobile 145

Tech Republic Security

FEBRUARY 9, 2021

Local officials said someone took over their TeamViewer system and dangerously increased the levels of lye in the town's water.

218

218

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk