Krebs on Security

AUGUST 16, 2022

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.

Data breaches 246

Data breaches Banking Cybercrime Marketing 246

Schneier on Security

AUGUST 18, 2022

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a user’s login credentials or causing Chrome to send all saved passwords to an attacker’s webserver. But these attacks had to be carefully crafted for specific operating systems and software versions and lacked the flexibility to work across platforms.

Passwords 342

Passwords Software Cybersecurity Hacking 342

Troy Hunt

AUGUST 18, 2022

Right off the back of a visit to our wedding venue (4 weeks and counting!) and a few hours before heading to the snow (yes, Australia has snow), I managed to slip in a weekly update earlier today. I've gotta say, the section on Shitexpress is my favourite because there's just so much to give with this one; a service that literally ships s**t with a public promise of multiple kinds of animal s**t whilst data that proves only horse s**t was ever shipped, a promise of 100% anonymity whils

Passwords 228

Passwords Accountability 228

Tech Republic Security

AUGUST 18, 2022

By using a legitimate service like AWS to create phishing pages, attackers can bypass traditional security scanners, says Avanan. The post How phishing attacks are exploiting Amazon Web Services appeared first on TechRepublic.

Phishing 189

Phishing Cybersecurity 189

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

AUGUST 18, 2022

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote cont

Scams 312

Scams Phishing Accountability Banking 312

Schneier on Security

AUGUST 17, 2022

This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

Passwords 284

Passwords Malware 284

Tech Republic Security

AUGUST 19, 2022

Security expert explains how IT leaders can work with employees to ensure security strategies and techniques are actually implemented. The post How to strengthen the human element of cybersecurity appeared first on TechRepublic.

Cybersecurity 188

Cybersecurity 188

CSO Magazine

AUGUST 18, 2022

Google Cloud has claimed to have blocked the largest Layer 7 (HTTPS) DDoS attack to date after a Cloud Armor customer was targeted by a series of attacks that peaked at 46 million requests per second (rps). Google stated the attack, which occurred on June 1, was at least 76% larger than the previously reported HTTPS DDoS record and showed characteristics that link it to the M?

DDOS 142

DDOS 142

Security Boulevard

AUGUST 18, 2022

A survey of 722 C-level executives published today by PwC finds 40% of business leaders now rank cybersecurity as being the number one serious risk their organizations face today. In addition, 58% of corporate directors said they would benefit most from enhanced reporting around cybersecurity and technology. Nearly half of respondents (49%) said as a.

Risk 142

Risk Cybersecurity Technology 142

Bleeping Computer

AUGUST 18, 2022

Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers. [.].

145

145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

AUGUST 17, 2022

Jack Wallen walks you through the process of deploying a Bitwarden vault server with the help of Docker containers. The post How to deploy the Bitwarden self-hosted server with Docker appeared first on TechRepublic.

177

177

eSecurity Planet

AUGUST 19, 2022

Cyber attackers continue to up their game. One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). The new attack method, reported by Sophos researchers yesterday, is already growing in use. The “cookie-stealing cybercrime spectrum” is broad, the researchers wrote, ranging from “entry-level criminals” to advanced adversaries, using various techniques.

Authentication 140

Authentication Password Management Passwords Malware 140

CyberSecurity Insiders

AUGUST 18, 2022

Everything Everywhere shortly and widely known as EE, a UK based company that offers super-fast telecom and data network services based on 5G says that it has officially blocked 200 million phishing texts and over 11 million scammed calls to its users in the month of this year’s July alone. The revelation comes just after a couple of days when another network provider revealed scamsters are circulating fake messages induced with the Apple Pay, Evri and NHS links that aren’t genuine in real and,

Phishing 140

Phishing Scams Banking Mobile 140

Dark Reading

AUGUST 19, 2022

To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.

Technology 137

Technology Cybersecurity 137

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

AUGUST 19, 2022

Learn the problem with facial recognition as well as software and hardware alternatives to the technology. The post Alternatives to facial recognition authentication appeared first on TechRepublic.

Authentication 175

Authentication Technology Software 175

eSecurity Planet

AUGUST 17, 2022

A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference. Zhenpeng Lin, a PhD student, and a team of researchers worked on an alternative approach to the infamous Dirty Pipe vulnerability that affected Linux kernel versions 8 and later. Dity Pipe is a major flaw that allows attackers to elevate least-privileged accounts to the maximum level (root) by exploiting the way the kernel uses pipes to pass data.

Software 140

Software Accountability Risk Network Security 140

Bleeping Computer

AUGUST 18, 2022

A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind. [.].

DDOS 138

DDOS 138

Security Boulevard

AUGUST 19, 2022

Several high-profile cyberattacks in recent years revealed growing levels of security risk in the automotive sector. The industry needs to quickly increase awareness of the current attack surface, often through the installed base of network assets, including machines and devices on plant floors. The Risks in the Automotive Sector Successful attacks create not only financial.

Cybersecurity 137

Cybersecurity Risk Manufacturing 137

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

AUGUST 18, 2022

Learn about the top facial recognition technology vendors. Find out how it works, what it can and can't do, and its current state. The post Facial recognition: Top software vendors appeared first on TechRepublic.

Software 168

Software Technology Artificial Intelligence 168

CyberSecurity Insiders

AUGUST 17, 2022

A recent survey conducted by IBM has discovered that companies can save millions incurred from data breaches, just by automating their cybersecurity posture. The report that goes with the title ‘IBM Cost of Data Breach Report’ stated that organizations can save for themselves about $3.05 million per data breach, if they take the help of the technology of Artificial Intelligence (AI) along with Automation.

Data breaches 136

Data breaches Artificial Intelligence Cyber Risk Technology 136

Bleeping Computer

AUGUST 19, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of bugs actively exploited by hackers, with the new flaws disclosed by Apple. Microsoft, SAP, and Google. [.].

Cybersecurity 137

Cybersecurity 137

Security Affairs

AUGUST 18, 2022

Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google announced to have blocked the largest ever HTTPs DDoS attack that hit one of its Cloud Armor customers. The IT giant revealed that the attack reached 46 million requests per second (RPS). The attack took place on June 1st, at 09:45, it started with more than 10,000 requests per second (rps) and targeted a customer’s HTTP/S Load Balancer.

DDOS 135

DDOS Hacking Information Security 135

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

AUGUST 15, 2022

Doron Hendler, CEO and co-founder of RevealSecurity, explains the right way and the wrong way to detect malicious behavior. The post In security, there is no average behavior appeared first on TechRepublic.

156

156

Digital Shadows

AUGUST 18, 2022

Now over 20-years-old, the Honker Union of China (HUC) is one of the originals of Chinese hacktivism. But when it. The post Honker Union: Has the grandfather of Chinese Hacktivism returned? first appeared on Digital Shadows.

134

134

Bleeping Computer

AUGUST 19, 2022

The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information. [.].

Hacking 135

Hacking Accountability 135

Security Boulevard

AUGUST 19, 2022

“VPNs on iOS are a scam.” That’s what an angry security researcher would have you believe. The post VPNs Don’t Work on iOS — and Apple Doesn’t Care appeared first on Security Boulevard.

Scams 131

Scams VPN Security Awareness Mobile 131

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

AUGUST 18, 2022

Browser extensions are amazing tools but sometimes not what they pretend to be. Some are in fact malicious and might be a great risk to the user or his/her data. The post Browser extension threat targets millions of users appeared first on TechRepublic.

Risk 156

Risk Malware Cybersecurity 156

eSecurity Planet

AUGUST 15, 2022

Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain , according to NCC researchers. The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC researchers have done on compromised CI/CD pipelines.

Software 132

Software Risk Marketing Encryption 132

SecureList

AUGUST 16, 2022

On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index (PyPI), the most popular Python repository among software developers. The malicious packages were intended to steal developers’ personal data and credentials. Following this research, we used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI.

Passwords 131

Passwords Banking Malware Accountability 131

Security Boulevard

AUGUST 18, 2022

Small and medium-sized businesses (SMBs) have an opportunity to protect themselves against the scourge of ransomware by following guidance offered by the Blueprint for Ransomware Defense released by the Ransomware Task Force (RTF) from the Institute for Security and Technology (IST). A sizable number of cyberattacks (43%) “target small businesses, but only 14% are prepared.

Small Business 130

Small Business Ransomware Technology Security Awareness 130

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk