Sat.May 29, 2021 - Fri.Jun 04, 2021

article thumbnail

Don’t feed the trolls and other tips for avoiding online drama

We Live Security

You may not be able to escape internet trolls, but you have a choice about how you will deal with them – here’s how you can handle trolls without losing your cool. The post Don’t feed the trolls and other tips for avoiding online drama appeared first on WeLiveSecurity.

Internet 140
article thumbnail

Why Are Meat Companies Being Targeted By Hackers: A Conversation With Kennedy

Joseph Steinberg

Joseph Steinberg recently discussed with Fox Business Network host and commentator, Kennedy, why hackers are targeting meat companies, pipelines, and other important elements of the US economy’s supply chain… and, what can Americans do to stop such attacks. To listen to the discussion, please either utilize the embedded player below, or click the image underneath it.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Welcoming the Belgian Government to Have I Been Pwned

Troy Hunt

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments.

article thumbnail

The DarkSide Ransomware Gang

Schneier on Security

The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ran

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Using Fake Reviews to Find Dangerous Extensions

Krebs on Security

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

article thumbnail

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Adam Levin

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. . According to the company’s website, “ExaGrid offers a unique approach to ensure that attackers cannot compromise the backup data, allowing organizations to be confident that they can restore the affected primary storage and avoid paying ugly ransoms.

More Trending

article thumbnail

Security and Human Behavior (SHB) 2021

Schneier on Security

Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The forty or so attendees include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, des

Risk 314
article thumbnail

Welcoming the Dominican Republic Government to Have I Been Pwned

Troy Hunt

Continuing with the launch of the Have I Been Pwned Domain Search API to national government cyber agencies, I am very happy to welcome the first Latin American country on board, the Dominican Republic. Their National Cybersecurity Incident Response Team (CSIRT-RD) is the 18th national CERT that has free and open access to domain inquiries across all of its government assets.

article thumbnail

Ransomware: A cheat sheet for professionals

Tech Republic Security

This guide covers the Colonial Pipeline attack, WannaCry, Petya and other ransomware attacks, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom in the event of an infection.

article thumbnail

CVE-2021-30724: CVMServer Vulnerability in macOS and iOS

Trend Micro

We discovered a vulnerability in macOS, iOS, and iPadOS rooted in the CVMServer. The vulnerability, labeled CVE-2021-30724, can allow threat actors to escalate their privilege if exploited.

145
145
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Security Vulnerability in Apple’s Silicon “M1” Chip

Schneier on Security

The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through to the end.

314
314
article thumbnail

Microsoft Office 365 a Major Supply Chain Attack Vector 

Security Boulevard

Performance issues are not the only concern users have about Microsoft Office 365 and Azure cloud services: the office productivity suite also represents a major threat vector and an attractive target for network and supply chain attacks. On a quantitative level, Office 365 draws over 250 million active users, according to Microsoft statistics. Attackers can.

article thumbnail

What to do if you find a lost AirTag

Tech Republic Security

If you find an Apple AirTag that belongs to someone else, learn how to help reunite the lost items with their owner using an iOS or Android device--or, how to prevent the device from tracking you.

214
214
article thumbnail

Kali Linux 2021.2 released with new tools, improvements, and themes

Bleeping Computer

?Kali Linux 2021.2 was released today by Offensive Security and includes new themes and features, such as access to privileged ports, new tools, and a console-based configuration utility. [.].

145
145
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

5 common scams targeting teens – and how to stay safe

We Live Security

From knock-off designer products to too-good-to-be-true job offers, here are five common schemes fraudsters use to trick teenagers out of their money and sensitive data. The post 5 common scams targeting teens – and how to stay safe appeared first on WeLiveSecurity.

Scams 145
article thumbnail

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

Malwarebytes

This blog post was authored by Hossein Jazi. The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. The group conducts cyber espionage operations to target government entities mainly in South Korea. On December 2020, KISA (Korean Internet & Security Agency) provided a detailed analysis about the phishing infrastructure and TTPs used by Kimsuky to target South Korea.

article thumbnail

COVID-19 has transformed work, but cybersecurity isn't keeping pace, report finds

Tech Republic Security

Underprepared, overwhelmed and unable to move forward, security teams are getting pushback from leadership and simply can't catch up to necessary post-pandemic modernization.

article thumbnail

Norton 360 antivirus now lets you mine Ethereum cryptocurrency

Bleeping Computer

NortonLifelock has added the ability to mine Ethereum cryptocurrency directly within its Norton 360 antivirus program as a way to "protect" users from malicious mining software. [.].

Antivirus 145
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Three Common Cybersecurity Threats Small Businesses Should Be Worried About

Security Boulevard

No business is ever too small or too obscure to be attacked. Regardless of the size and nature of operations, all businesses are at risk of cybersecurity threats. The fact. The post Three Common Cybersecurity Threats Small Businesses Should Be Worried About appeared first on Indusface. The post Three Common Cybersecurity Threats Small Businesses Should Be Worried About appeared first on Security Boulevard.

article thumbnail

Suspected Ransomware attack shuts down JBS Meat Processing

CyberSecurity Insiders

Meat processing and distribution came to a standstill due to a cyber attack on the servers of JBS Beef and reports are in that the disruption could cause protein deficiency in countries like Australia, the United States, Canada, and some parts of Europe. . Unconfirmed sources reporting to Cybersecurity Insiders have reported that the attack was of ransomware variant and could take days for the meat processing company to find a resolution. .

article thumbnail

How to combat malicious emails that bypass security and impact your users

Tech Republic Security

Some 3% of employees in organizations researched by Barracuda will click on malicious email links, but it only takes one such incident to open the door to a cyberattack.

197
197
article thumbnail

TrustArc Releases 2nd Annual Global Privacy Benchmarks Report

TrustArc

Findings Show Nearly 75% of Decision-Makers Agree That More Needs to Be Done to Address Growing Privacy Challenges TrustArc released its 2021 TrustArc Global Privacy Benchmarks Report. Now in its second year, the Global Privacy Benchmarks Report highlights how companies’ priorities and strategic approaches to data privacy and security are evolving and what their top challenges […].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Nobelium: The SolarWinds Hackers is Back With Another Cyber Attack

Security Boulevard

Nobelium, the Russian cyber criminal group that is believed to carry out the massive SolarWinds attack, launches a new attack campaign! After a China-based cyber attack targeted Microsoft’s business email servers earlier this year, the tech giant has now issued a warning of an ongoing cyber attack by the Nobelium group. Microsoft warns of a […]. The post Nobelium: The SolarWinds Hackers is Back With Another Cyber Attack appeared first on Kratikal Blogs.

article thumbnail

Food giant JBS Foods shuts down production after cyberattack

Bleeping Computer

JBS Foods, a leading food company and the largest meat producer globally, was forced to shut down production at multiple sites worldwide following a cyberattack. [.].

145
145
article thumbnail

Cybersecurity: There's no such thing as a false positive

Tech Republic Security

All alerts mean something, even if it's just that an employee needs more training. The threat of breach is constant, and those companies who make assumptions about alerts could be in big trouble.

article thumbnail

Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOS

Security Affairs

Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724 , that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and

Hacking 140
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Data Breach at German Supermarket Chain tegut

Security Boulevard

The German supermarket chain "tegut" was recently the target of a cyberattack (source in German) and on April 24 the company activated emergency procedures that shut down their entire central IT network and disconnected it from the internet. While done to limit the exposure of sensitive data, these measures also had side effects including gaps in their supply chain and other services that lasted for weeks.

article thumbnail

Revisiting the NSIS-based crypter

Malwarebytes

This blog post was authored by hasherezade. NSIS (Nullsoft Scriptable Install System) is a framework dedicated to creating software installers. It allows to bundle various elements of an application together (i.e. them main executable, used DLLs, configs), along with a script that controls where are they going to be extracted, and what their execution order is.

Malware 142
article thumbnail

7 tactics for boosting the security of your APIs

Tech Republic Security

Security experts recommend setting basic security standards for all your data feeds, enlisting help from procurement and doing an API inventory.

204
204
article thumbnail

Cyber Attack on New York Transport Authority

CyberSecurity Insiders

New York Metropolitan Transport Authority, well known shortly as MTA was reportedly hit by a cyber attack in April this year and sources report that the incident was limited only to some systems and no employee or customer info was compromised. . As per the report released to the media early today, the attack took place on the MTA servers on April 20th,2021 where hackers reportedly infiltrated the computer network through an exploited zero-day vulnerability. .

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.