Joseph Steinberg

FEBRUARY 11, 2021

It seems like every day that I see social media posts in which people share photos of the official COVID-19 vaccine card that they have received after being vaccinated against the novel coronavirus that has inflicted tremendous suffering worldwide over the past year. While it is easy to understand why people are eager to celebrate their vaccinations, sharing photos of your physical vaccination card (in the USA, The CDC “COVID-19 Vaccination Record Card”) opens the door for multiple potential pro

Media 363

Media Artificial Intelligence Social Engineering Manufacturing 363

Krebs on Security

FEBRUARY 10, 2021

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect of the incident seems to be that we learned about it at all.

Hacking 356

Hacking Media Cybersecurity Ransomware 356

Security Boulevard

FEBRUARY 15, 2021

In January 2020, no one could have predicted how unpredictable the coming year would be. But despite the seismic changes to the way we work, the biggest network security threats to organizations were mostly the same old threats we’ve been facing for the past five years. Yet even the largest enterprises with the most advanced, The post Network Security: 5 Fundamentals for 2021 appeared first on Security Boulevard.

Network Security 145

Network Security Cybersecurity 145

We Live Security

FEBRUARY 15, 2021

High-severity and critical bugs disclosed in 2020 outnumber the sum total of vulnerabilities reported 10 years prior. The post Record‑breaking number of vulnerabilities reported in 2020 appeared first on WeLiveSecurity.

140

140

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Hot for Security

FEBRUARY 12, 2021

Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients Hackers bragged about the poor state of firm’s security. Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy ses

Data collection 145

Data collection Data breaches Ransomware 145

Schneier on Security

FEBRUARY 13, 2021

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the m

Surveillance 362

Surveillance Internet Internet Government 362

Troy Hunt

FEBRUARY 16, 2021

As I progressively make my house smarter and smarter , I find I keep butting against the intersection of where smart stuff meets dump stuff. Take light globes, for example, the simplest circuit you can imagine. Pass a current through it, light goes on. Kill the current, light goes off. We worked that out back in the 19th century and everything was fine. until now.

IoT 350

IoT 350

Tech Republic Security

FEBRUARY 24, 2021

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.

Ransomware 217

Ransomware Healthcare 217

Lohrman on Security

FEBRUARY 14, 2021

361

361

The Hacker News

FEBRUARY 25, 2021

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

Accountability 145

Accountability Cybersecurity 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

FEBRUARY 9, 2021

MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. “The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report sha

Software 362

Software 362

Joseph Steinberg

FEBRUARY 7, 2021

People living in many different areas of the USA are reporting receiving to their homes in recent days unexpected shipments of COVID-19 protection supplies – such as packs of surgical masks and face shields – products that they never ordered. While some folks who receive such items may feel lucky – protective gear can sometimes be difficult to find in local stores – these “gifts” appear to be part of a cyber-scam, sometimes known as “ brushing ,” about which you should be familiar.

Scams 363

Scams Artificial Intelligence Identity Theft Cybersecurity 363

Security Boulevard

FEBRUARY 28, 2021

Businesses, employees and their customers rely on social media interactions more than ever since COVID-19 arrived. However, social media usage should raise certain privacy concerns. For most users, it comes down to a level of trust. In other words, users trust that social media platforms will protect and secure their personal information and data. Which, The post Social Media Risks Increasing in 2021 appeared first on Security Boulevard.

Media 145

Media Risk Accountability 145

Tech Republic Security

FEBRUARY 9, 2021

All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.

Media 216

Media DDOS Internet Internet 216

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Lohrman on Security

FEBRUARY 7, 2021

347

347

The Hacker News

FEBRUARY 24, 2021

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.

Ransomware 145

Ransomware Data breaches Cybersecurity 145

Schneier on Security

FEBRUARY 15, 2021

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside. The interaction plays out almost exactly like it did in the department — when Devermont starts asking questions, Fair turns on the music.

Media 356

Media Accountability Hacking 356

Zero Day

FEBRUARY 9, 2021

New "dependency confusion" technique, also known as a "substitution attack," allows threat actors to sneak malicious code inside private code repositories by registering internal library names on public package indexes.

145

145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

FEBRUARY 28, 2021

. A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. Serious Linux Vulnerability. Last month a newly discovered critical vulnerability in 'sudo', a fundamental program present in all Linux and Unix operating systems caught my eye. The sudo vulnerability aka CVE-2001-3156 , seemed to go under the radar after it was announced and patches were released on 26th January 2021.

Energy and Utilities 145

Energy and Utilities Ransomware DDOS Accountability 145

Tech Republic Security

FEBRUARY 11, 2021

When workers need to get things done in a dangerous locale, sometimes they have to be distant. This opens up plenty of cybersecurity hazards. We spoke with one expert about how to achieve that security.

Cyber Risk 210

Cyber Risk Risk Cybersecurity 210

CyberSecurity Insiders

FEBRUARY 9, 2021

Ensure the security of your organization’s sensitive data with this data loss prevention checklist, intended to help mitigate both internal and outsider threats. For companies worldwide, it has become essential to safeguard sensitive information such as Personally Identifiable Information (PII), Protected Health Information (PHI), and customer financial information.

Unstructured Data 145

Unstructured Data Risk Education Marketing 145

The Hacker News

FEBRUARY 12, 2021

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain.

System Administration 145

System Administration Data breaches Engineering Accountability 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

FEBRUARY 4, 2021

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks : Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S.

Hacking 356

Hacking Software Banking Risk 356

Graham Cluley

FEBRUARY 11, 2021

British police have arrested eight men in connection with a series of SIM-swapping attacks which saw criminals hijack the social media accounts of well-known figures and their families. Read more in my article on the Tripwire State of Security blog.

Media 145

Media Accountability Cryptocurrency Mobile 145

Security Boulevard

FEBRUARY 15, 2021

Phishing attacks rose 220 per cent during the height of the Covid-19 pandemic compared to the yearly average -Gulf Business Continue reading. The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Kratikal Blog. The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Security Boulevard.

Phishing 145

Phishing Cyber threats 145

Tech Republic Security

FEBRUARY 8, 2021

A Comparitech report found that Japan and the UAE have the most expensive identities available on illicit marketplaces at an average price of $25.

215

215

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

FEBRUARY 5, 2021

Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner.

Adware 145

Adware Mobile Malware 145

Hot for Security

FEBRUARY 5, 2021

A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data. Read more in my article on the Hot for Security blog.

Spyware 145

Spyware Malware 145

Schneier on Security

FEBRUARY 17, 2021

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.). Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less track

VPN 354

VPN 354

The Hacker News

FEBRUARY 4, 2021

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

Engineering 145

Engineering 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software