Tech Republic Security

JULY 21, 2021

Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just that—a useful tool.

Artificial Intelligence 218

Artificial Intelligence Cybersecurity 218

Krebs on Security

JULY 19, 2021

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

Backups 337

Backups Ransomware Encryption Insurance 337

Daniel Miessler

JULY 23, 2021

There’s massive confusion in the security community around Security Through Obscurity. In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy , meaning if you hide anything, it’s Security Through Obscurity.

Encryption 300

Encryption Information Security 300

Troy Hunt

JULY 21, 2021

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in the breach which really shouldn't have been there; let me list off some headlines to illustrate the point: Ashley Madison Hack: 10,000 Gov’t Officials’ Email Addresses on Leaked Ashley

Accountability 363

Accountability Data breaches Government InfoSec 363

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there. Amnesty International has a report.

Hacking 363

Hacking Spyware Manufacturing Software 363

Lohrman on Security

JULY 18, 2021

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?

Government 363

Government Cyber Attacks Ransomware 363

Troy Hunt

JULY 23, 2021

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC. Plus, she has to put up with all my IoT shenanigans so that made for some fun conversation, along with how our respective homelands are dealing with the current pandemic (less fun, but very important).

IoT 325

IoT 325

Schneier on Security

JULY 23, 2021

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis : The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual.

Surveillance 346

Surveillance Marketing Data collection 346

Krebs on Security

JULY 21, 2021

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today. 60-year-old Mark Herring died of a heart attack after police surrounded his home in response to a swatting attack. Shane Sonderman , of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that’s been “swatting” and harassing people for months in a bid to coerce targe

Accountability 325

Accountability Media Wireless Passwords 325

Tech Republic Security

JULY 20, 2021

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.

Phishing 218

Phishing Mobile 218

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Digital Shadows

JULY 19, 2021

With the closing of another quarter, it’s once again time to have a look back at the cyber threat landscape. The post Q2 Ransomware Roll Up first appeared on Digital Shadows.

Ransomware 145

Ransomware Cyber threats Cybercrime Malware 145

Schneier on Security

JULY 22, 2021

From SentinelLabs , a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.

Encryption 297

Encryption Accountability 297

Krebs on Security

JULY 20, 2021

Peter Levashov, appearing via Zoom at his sentencing hearing today. A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov , a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison.

Antivirus 279

Antivirus Cybercrime Identity Theft Scams 279

Tech Republic Security

JULY 21, 2021

About one-quarter of respondents do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security.

IoT 210

IoT Cybersecurity 210

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JULY 23, 2021

Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [.].

Adware 145

Adware Malware 145

Security Boulevard

JULY 21, 2021

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year. This data reflects something every forward-looking business leader already knows–digital transformation (DX) is the key to remaining competitive in 2021 and beyond. However, to fully reap the benefits of digital transformation, organizations must.

Digital transformation 145

Digital transformation CISO Security Awareness InfoSec 145

We Live Security

JULY 20, 2021

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity.

Banking 145

Banking Malware Mobile 145

Tech Republic Security

JULY 23, 2021

Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.

218

218

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JULY 23, 2021

Twitter has revealed in its latest transparency report that only 2.3% of all active accounts have enabled at least one method of two-factor authentication (2FA) between July and December 2020. [.].

Authentication 145

Authentication Accountability 145

Security Boulevard

JULY 23, 2021

Cyber criminals are taking advantage of the global crisis coronavirus pandemic (COVID-19) to attempt cyber scams! The Wave of Coronavirus Cyber Scams While the world is busy fighting with the coronavirus pandemic (COVID-19), cyber attackers are misusing this global crisis for their malicious use. The outbreak of newly discovered endangering infectious disease coronavirus (COVID-19) has […].

Scams 145

Scams Cyber Attacks 145

CyberSecurity Insiders

JULY 21, 2021

By: Matt Lindley, COO and CISO at NINJIO. The ultimate goal of any effective cybersecurity platform is to make digital safety and awareness second nature to employees. This means companies have to be proactive and instill the right habits, which often means resisting the bad habits that lead to millions of successful cyberattacks every year – from the use of generic and easy-to-crack account credentials to the willingness to click on suspicious links and attachments in emails from untrusted sour

Social Engineering 145

Social Engineering Password Management Passwords Phishing 145

Tech Republic Security

JULY 22, 2021

An attacker who exploits this flaw could use system privileges to install programs, view or delete data, and create accounts with full user rights.

Accountability 217

Accountability 217

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JULY 20, 2021

Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [.].

145

145

Malwarebytes

JULY 22, 2021

A very serious security flaw in immensely popular printer drivers has been disclosed and it could affect many millions of Windows systems. The printer driver was issued by HP, but it’s also in use by Samsung and Xerox. All the affected printers are laser printers. The most surprising about this find is probably that the vulnerability apparently has existed since 2005 and was only found 16 years later.

Software 145

Software Firmware Manufacturing Engineering 145

Security Boulevard

JULY 19, 2021

Best practices for securing the software supply chain. Photo by Andy Li on Unsplash. In the wake of several highly publicized supply chain attacks, regulatory and media focus is shifting to address third-party software risk. The Department of Defense’s Cybersecurity Maturity Model Certification, established on January 31st, 2020, was the first attempt at creating a supply chain security compliance mandate.

Software 145

Software Risk Data breaches Small Business 145

Tech Republic Security

JULY 22, 2021

Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.

218

218

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

JULY 20, 2021

Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices. [.].

145

145

Malwarebytes

JULY 21, 2021

Users with low privileges can access sensitive Registry database files on Windows 10 and Windows 11, leaving them vulnerable to a local elevation of privilege vulnerability known as SeriousSAM or HiveNightmare. Doesn’t sound serious? Reassured that users must already have access to the system and be able to execute code on said system to use this vulnerability?

Authentication 145

Authentication Passwords Accountability Backups 145

Security Boulevard

JULY 19, 2021

In January, we published the Ransomware Pandemic, a report discussing the ever-evolving threat of ransomware and the growing devastation disseminated by these malicious malware strains. The report discussed the future forecast for ransomware and how we imagined the threat would progress in the immediate future. Just six months later, these predictions have already become a.

Ransomware 145

Ransomware Malware Security Awareness Cybersecurity 145

Tech Republic Security

JULY 21, 2021

The findings detail a complex security balancing act between IT teams and users; especially in the age of remote work and virtual collaboration at scale.

Risk 210

Risk Cybersecurity 210

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk