Krebs on Security
AUGUST 14, 2020
R1 RCM Inc. [ NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc. , Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide.
Troy Hunt
AUGUST 14, 2020
It's an extra early one this week and on review, I do look a bit. dishevelled! I run through a whole bunch of things from this week's Twitter timeline and there's some great audience questions this week too so thanks very much everyone for the engagement. Next we'll do it at the other end of the day again and I'm sure there'll be a heap of new stuff to cover before then.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 14, 2020
The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread.
Adam Levin
AUGUST 12, 2020
Cybercriminals are increasingly registering email addresses with legitimate services and using them in the commission of business email compromise (BEC) attacks. A recent study of hacking methods published by Barracuda found that more than 6,000 email accounts using legitimate services had been linked to more than 100,000 BEC attacks on roughly 6,600 organizations this year. .
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
AUGUST 11, 2020
Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! At least 17 of the bugs squashed in August’s patch batch address vulnerabilities Microsoft rates as “critical,” meaning they can be exploited by miscreants or malware to gain complete,
Tech Republic Security
AUGUST 12, 2020
Moving on from passwords to strong authentication and adaptive access policies is key to improving security without hurting productivity, especially given the increase in remote working.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
AUGUST 14, 2020
Unsubscribe links in the footers of unwanted emails present an ideal trap for hackers. In the latest episode of Third Certainty, Adam Levin explains how to deal with unwanted and unsolicited emails without compromising cybersecurity. The post The Dangers of Unsubscribe Links – Third Certainty #25 appeared first on Adam Levin.
Krebs on Security
AUGUST 12, 2020
Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including ev
Tech Republic Security
AUGUST 13, 2020
Organizations must quickly adopt the zero trust mindset of "never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report.
Schneier on Security
AUGUST 13, 2020
Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" Â deliberate attempts to direct moral judgement against their target.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Adam Shostack
AUGUST 12, 2020
At Defcon’s biohacking village, there was an interesting talk on Includes No Dirt threat modeling. I thought this slide was particularly interesting. As threat modeling moves from an idea through pilots and deployments, and we develop the organizational disciplines of threat modeling, the question of ‘when do we do this’ comes up. There’s good appsec focused answers like ‘every sprint’, or ‘in line with your waterfall, but those answers aren’t univ
Security Affairs
AUGUST 8, 2020
Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. A team of Chinese experts from Sky-Go, the Qihoo 360 division focused on car hacking, discovered 19 vulnerabilities in a Mercedes-Benz E-Class, including some issues that can be exploited by attackers to remotely hack a vehicle.
Tech Republic Security
AUGUST 11, 2020
As researchers race to develop a COVID-19 vaccine, phishing campaigns have landed on a topic ripe for exploitation, says Check Point Research.
Schneier on Security
AUGUST 11, 2020
The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Adam Shostack
AUGUST 13, 2020
I’ll be speaking at the MDIC’s Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. Join us shortly!
Security Affairs
AUGUST 9, 2020
Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. The hackers targeted visitors of several sites using typo-squatted domain names, and modified favicons to inject software skimmers used to steal payment card information.
Tech Republic Security
AUGUST 13, 2020
Companies are too reliant on dated software, the most essential-to-crises staff aren't required attendance at cybersecurity training, and the pandemic exacerbated problems, according to a new report.
Schneier on Security
AUGUST 14, 2020
This is a current list of where and when I am scheduled to speak: I'm giving a keynote address at the Cybersecurity and Data Privacy Law virtual conference on September 9, 2020. The list is maintained on this page.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
AUGUST 10, 2020
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
Security Affairs
AUGUST 11, 2020
A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it. TeamViewer is a popular software application for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.
Tech Republic Security
AUGUST 11, 2020
Most IT leaders say their priorities have shifted since the coronavirus pandemic surfaced around the start of the year, says Hitachi ID.
Schneier on Security
AUGUST 12, 2020
Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Adam Shostack
AUGUST 14, 2020
I have something to disclose: the release of my new course on information disclosure has just launched on Linkedin! To celebrate, I’ve made it easier to disclose the contents by making it free for you link here. Please help me disclose this information to the world!
Security Affairs
AUGUST 13, 2020
Threat Intel firm Group-IB has released an analytical report on the previously unknown APT group RedCurl, which focuses on corporate espionage. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has released an analytical report on the previously unknown APT group RedCurl , which focuses on corporate espionage. In less than three years, RedCurl attacked dozens of targets all over the world — from Russia to Canada.
Tech Republic Security
AUGUST 12, 2020
The breach compromised 28,000 records, exposing such data as names, phone numbers, physical addresses, and email addresses.
Threatpost
AUGUST 11, 2020
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
AUGUST 10, 2020
Qualcomm has released a fix for the flaws in its Snapdragon chip, which attackers might exploit to monitor location or render the phone unresponsive.
Security Affairs
AUGUST 11, 2020
A researcher found multiple flaws in Samsung’s Find My Mobile that could have been chained to perform various malicious activities on Samsung Galaxy Phones. The security researcher Pedro Umbelino from Portugal-based cybersecurity services provider Char49 discovered multiple vulnerabilities in Samsung’s Find My Mobile that could have been chained to perform various malicious activities on Samsung Galaxy Phones. “There are several vulnerabilities in the Find My Mobile package that can ultima
Tech Republic Security
AUGUST 13, 2020
Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.
Threatpost
AUGUST 10, 2020
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
358 
Let's personalize your content