July, 2021

article thumbnail

NSO Group Hacked

Schneier on Security

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there. Amnesty International has a report.

Hacking 363
article thumbnail

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in the breach which really shouldn't have been there; let me list off some headlines to illustrate the point: Ashley Madison Hack: 10,000 Gov’t Officials’ Email Addresses on Leaked Ashley

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

Joseph Steinberg

Recent crippling ransomware attacks have highlighted the tremendous financial price that businesses often pay after suffering a cyber breach; hacker-inflicted damages such as multi-million-dollar ransoms and even larger recovery costs, harmed reputations, and significant downtimes, which, not that many years ago, were topics of only fictional novels and films, have now become part our collective reality.

Insurance 364
article thumbnail

As Ransomware Surge Continues, Where Next for Government?

Lohrman on Security

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Life Cycle of a Breached Database

Krebs on Security

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

Passwords 361
article thumbnail

Companies are losing the war against phishing as attacks increase in number and sophistication

Tech Republic Security

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.

Phishing 218

More Trending

article thumbnail

Welcoming the Dutch Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other

article thumbnail

Q2 Ransomware Roll Up

Digital Shadows

With the closing of another quarter, it’s once again time to have a look back at the cyber threat landscape. The post Q2 Ransomware Roll Up first appeared on Digital Shadows.

article thumbnail

What Does It Take to Be a Cybersecurity Professional?

Lohrman on Security

With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career. Here’s my perspective.

article thumbnail

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

Backups 358
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ransomware attackers are growing bolder and using new extortion methods

Tech Republic Security

IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture's 2021 Cyber Threat Intelligence report.

article thumbnail

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user’s credentials give attackers unfettered access to all of the user’s photos.

article thumbnail

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling. Plus, it's definitely added to our lives in terms of the things it enables us to do; see them in part 5 of my IoT unravelled blog series.

Internet 357
article thumbnail

Threat actors leaked data stolen from EA, including FIFA code

Security Affairs

Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data. The stolen data include the source code of the games, the source code of the FrostBite game engine and debug tools, FIFA 21 matchmaking server code, proprietary EA games frameworks, debug tools, SDK,

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Phishing Used to Get PII, not Just Ransomware

Security Boulevard

With all of the focus on ransomware attacks, it’s easy to forget about the damage done by email phishing. Yet, new research from Vade shows that phishing has seen a meteoric rise in the first half of 2021, including a 281% increase in May and a 284% increase in June. And what they want is. The post Phishing Used to Get PII, not Just Ransomware appeared first on Security Boulevard.

Phishing 145
article thumbnail

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD. Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who ca

Firmware 357
article thumbnail

"Black Widow" digital premier a cover for malware and scams, says Kaspersky

Tech Republic Security

Phishing, malicious files and other forms of fraud have followed the highly awaited movie since it was first delayed due to COVID-19. On the eve of its actual release, the scams have begun anew.

Scams 218
article thumbnail

Hiding Malware in ML Models

Schneier on Security

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models” Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and have a good generalization ability.

Malware 363
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

BrandPost: Defend Against Ransomware With Relationship-Driven Incident Response

CSO Magazine

Cyberattacks are so sophisticated these days that even with the best education and training, employees inadvertently click links or download documents that look all too real. Furthermore, systems are often configured to allow downloads or macros that contain malicious files because employees use these applications and documents to do their everyday work, from wherever they may be working.

Education 145
article thumbnail

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Affairs

A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

article thumbnail

For Hackers, APIs are Low-Hanging Fruit

Security Boulevard

By 2022, API abuses will become the most frequent attack vector, predicts Gartner. We’re already witnessing new API exploits reach the headlines on a near-daily basis. Most infamous was the Equifax breach, an attack that exposed 147 million accounts in 2017. Since then, many more API breaches and major vulnerabilities have been detected at Experian, The post For Hackers, APIs are Low-Hanging Fruit appeared first on Security Boulevard.

article thumbnail

Fake Windows 11 installers now used to infect you with malware

Bleeping Computer

Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [.].

Adware 145
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

HTML smuggling is the latest cybercrime tactic you need to worry about

Tech Republic Security

It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security.

article thumbnail

I Am Parting With My Crypto Library

Schneier on Security

The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporate or personal home if that’s the only option available.

Education 363
article thumbnail

Some URL shortener services distribute Android malware, including banking or SMS trojans

We Live Security

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity.

Banking 145
article thumbnail

The 15 biggest data breaches of the 21st century

CSO Magazine

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21 st Century indicates, they have already reached enormous magnitudes. [ Learn the The 5 types of

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Security and Culture are Key to Digital Transformation

Security Boulevard

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year. This data reflects something every forward-looking business leader already knows–digital transformation (DX) is the key to remaining competitive in 2021 and beyond. However, to fully reap the benefits of digital transformation, organizations must.

article thumbnail

New Windows 10 vulnerability allows anyone to get admin privileges

Bleeping Computer

Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [.].

145
145
article thumbnail

Warning: 1 in 3 employees are likely to fall for a phishing scam

Tech Republic Security

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.

Phishing 216
article thumbnail

More Russian Hacking

Schneier on Security

Two reports this week. The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.

Hacking 363
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.