Krebs on Security

OCTOBER 31, 2021

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.

Software 363

Software Information Security Encryption Government 363

Schneier on Security

OCTOBER 21, 2021

Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in. It turns out that the VP had approved over 10 different push-based messages for logins that he was not involved in.

Authentication 342

Authentication Ransomware Social Engineering Engineering 342

Lohrman on Security

OCTOBER 10, 2021

By almost any measure, the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here’s a roundup of the numbers.

Data breaches 337

Data breaches 337

Tech Republic Security

OCTOBER 18, 2021

CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner's IT Symposium.

Technology 218

Technology Engineering 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Graham Cluley

OCTOBER 21, 2021

The US Government has issued an alert to organisations about the threat posed by the BlackMatter ransomware group. Read more in my article on the Tripwire State of Security blog.

Government 145

Government Ransomware Malware 145

We Live Security

OCTOBER 26, 2021

Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom. The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Schneier on Security

OCTOBER 12, 2021

I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday. American Airlines Flight 4817 from Indianapolis — operated by Republic Airways — made an emergency landing at LaGuardia just after 3 p.m., and authorities took a suspicious passen

339

339

Bleeping Computer

OCTOBER 28, 2021

A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions. [.].

145

145

Tech Republic Security

OCTOBER 6, 2021

Unrelated to other recent problems Facebook has had, this particular batch of data was scraped from profiles, meaning it's publicly available knowledge. That doesn't stop it from being dangerous.

218

218

Security Boulevard

OCTOBER 21, 2021

Mark Zuckerberg has been added as a defendant to D.C.’s Cambridge Analytica privacy complaint—this time, it’s personal. The post Zuckerberg Accused Personally in Cambridge Analytica Next Shoe appeared first on Security Boulevard.

Social Engineering 145

Social Engineering Engineering Risk Government 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

CSO Magazine

OCTOBER 26, 2021

Every organization wants to keep its employees’ cybersecurity skills up to date, but for many, the cost of advanced formal trainings can break the budget. At the SANS Institute, for instance, considered by many to be the gold standard for professional trainings, courses can cost more than $5,000 per person. At high profile conferences like Black Hat, even one- or two-day sessions can range to close to $4,000.

Banking 145

Banking Cybersecurity 145

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Passwords 351

Passwords Phishing Accountability Mobile 351

Schneier on Security

OCTOBER 22, 2021

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures. Recent findings highlight this cluster’s extensive knowledge of telecommunications protocols, including the emulation of these protocols to facilitate command and control (C2

Telecommunications 337

Telecommunications Architecture Mobile Hacking 337

Appknox

OCTOBER 13, 2021

SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime.

145

145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 22, 2021

Immersed in the throes of a cyberattack is not the time to figure out how to respond. An expert offers suggestions on how to create a company-specific incident-response plan.

Small Business 217

Small Business 217

Security Boulevard

OCTOBER 14, 2021

In early October 2021, director of the NSA and U.S. Cyber Command General Paul Nakasone spoke at the 2021 Mandiant Cyber Defense Summit. In his speech, Nakasone detailed numerous ongoing influence operations and outlined how the entities he commands are tackling nation-state threats. He noted that the main challenge his organizations face can be summed.

Social Engineering 145

Social Engineering Artificial Intelligence Engineering Risk 145

CSO Magazine

OCTOBER 21, 2021

Magecart definition. Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information. This is known as a supply chain attack. The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [ How much does a data breach cost?

CSO 145

CSO Data breaches Software 145

Krebs on Security

OCTOBER 14, 2021

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication

Education 335

Education Computers and Electronics Hacking Media 335

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

OCTOBER 9, 2021

The U.S. District Court for the Eastern District of Virginia has charged three men with money laundering and aggravated identity theft after allegedly conducting a business email compromise (BEC) scheme. [.].

Identity Theft 145

Identity Theft Banking Scams 145

Webroot

OCTOBER 13, 2021

Malware leaps from the darkness to envelop our lives in a cloak of stolen information, lost data and worse. But to know your enemy is to defeat your enemy. So we peered over the ledge leading to the dark web and leapt. The forces we sought are disruptors – without warning, they disturb our businesses and our connections to family and friends. And darkness we found – from million-dollar ransoms to supply chain attacks, these malware variants were The 6 Nastiest Malware of 2021.

Malware 145

Malware Small Business Antivirus Ransomware 145

Tech Republic Security

OCTOBER 26, 2021

Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.

Data breaches 218

Data breaches Mobile Malware Software 218

Security Boulevard

OCTOBER 5, 2021

Hackers broke into the massive telephony interconnection service run by Syniverse—a huge, yet invisible, chunk of infrastructure. The post Syniverse Hack: Billions of Users’ Data Leaks Over Five Years appeared first on Security Boulevard.

Hacking 145

Hacking IoT Mobile Risk 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

eSecurity Planet

OCTOBER 4, 2021

A surprising 91.5 percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. WatchGuard, which sells network security , intelligence and endpoint protection solutions, included that finding in its recently-released Internet Security Report , which is based on data coming in from t

Encryption 145

Encryption Malware Ransomware Firewall 145

Malwarebytes

OCTOBER 18, 2021

On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY’s editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching headline: “ The next big cyberthreat isn’t ransomware. It’s killware. And it’s just as bad as it sounds.”. But while “killware” sounds scary, the term itself is unhelpful when describing the many types of cyberattacks that, like USA TODAY wrote, “can literally end lives,” and that

Ransomware 145

Ransomware Firewall Antivirus Cybersecurity 145

Bleeping Computer

OCTOBER 1, 2021

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. [.].

Cryptocurrency 145

Cryptocurrency Authentication 145

We Live Security

OCTOBER 5, 2021

ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012. The post UEFI threats moving to the ESP: Introducing ESPecter bootkit appeared first on WeLiveSecurity.

Malware 145

Malware 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

OCTOBER 19, 2021

Two out of three organizations surveyed by ThycoticCentrify were hit by a ransomware attack over the past 12 months, and more than 80% reportedly opted to pay the ransom.

Ransomware 212

Ransomware 212

Security Boulevard

OCTOBER 15, 2021

Data security is top-of-mind for businesses and consumers alike these days. According to the Gartner Hype Cycle for Data Security, 2021, “organizations are accelerating the deployment of sensitive data across multi-cloud architectures, which exposes data beyond traditional network boundaries. This is scaling up the exposure to data residency and privacy risks, and a growth in.

Architecture 145

Architecture Risk Ransomware Malware 145

Security Affairs

OCTOBER 17, 2021

White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software. The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million on a total bonus of up to $1.5 Million by demonstrating vulnerabilities in popular software. The edition of this year took place on October 16 and 17 in the city of Chengdu, participants had three attempts of 5 minutes to demonstrate their exploits.

Hacking 145

Hacking Software Media Information Security 145

Malwarebytes

OCTOBER 22, 2021

For those of you that remember the fuss about the Y2K bug , this story may sound familiar. The Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning to Critical Infrastructure (CI) owners and operators, and other users who get the time from GPS, about a GPS Daemon (GPSD) bug in GPSD versions 3.20 through 3.22. Y2K. If you don’t remember the Y2K bug, let me remind you quickly.

Authentication 145

Authentication System Administration Firmware Passwords 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software