Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their

Mobile 316

Mobile Phishing Authentication Accountability 316

Schneier on Security

AUGUST 29, 2022

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics. The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.

278

278

Lohrman on Security

AUGUST 28, 2022

The Cybersecurity and Infrastructure Security Agency is getting pushback from critical infrastructure owners and operators on cyber goals and objectives. So what happens next?

Cybersecurity 218

Cybersecurity 218

Tech Republic Security

AUGUST 29, 2022

The offensive security tool used by penetration testers is also being used by threat actors from the ransomware and cyberespionage spheres. The post Sliver offensive security framework increasingly used by threat actors appeared first on TechRepublic.

Ransomware 158

Ransomware Penetration Testing Cybersecurity 158

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

SEPTEMBER 2, 2022

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware README note (see Figure 1).

Ransomware 145

Ransomware Encryption Malware Hacking 145

Schneier on Security

SEPTEMBER 2, 2022

Details are few, but Montenegro has suffered a cyberattack : A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. […]. But the attack against Montenegro’s infrastructure seemed more sustained and extensive, with targets including water supply systems, transportation services and online government services, among many others.

Retail 267

Retail Government Ransomware Information Security 267

Tech Republic Security

AUGUST 29, 2022

A new survey from GitLab also finds that nearly three-quarters of respondents have adopted or are planning to adopt a DevOps platform within the year. The post Security investment, toolchain consolidation emerge as top priorities appeared first on TechRepublic.

155

155

Security Boulevard

SEPTEMBER 2, 2022

How CIOs Can Balance Boldness and Caution By Implementing DevOps Test Data Management. jasonaxelrod. Thu, 09/01/2022 - 12:16. With automated test data, companies can achieve fast, quality software releases, more seamless cloud adoption, and improved data security and privacy for meeting emerging compliance requirements. Josh Harbert. Sep 01, 2022. Too often, modern businesses are forced to choose between the speed of innovation and privacy and security for valuable data.

Data privacy 143

Data privacy Software Data breaches Risk 143

Schneier on Security

SEPTEMBER 1, 2022

Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and install a remote-access tool.

Scams 251

Scams Phishing 251

Bleeping Computer

AUGUST 30, 2022

Threat analysts at McAfee found five Google Chrome extensions that steal track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times. [.].

144

144

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

SEPTEMBER 2, 2022

Traffers are cybercriminals organized in teams whose purpose is to steal a maximum of bankable information from infected computers, which they sell to other cybercriminals. The post Traffers threat: The invisible thieves appeared first on TechRepublic.

Cybercrime 149

Cybercrime Cybersecurity 149

Security Boulevard

SEPTEMBER 2, 2022

An investigation into the breach by Britain's Information Commissioner Office (ICO) concluded that British Airways had violated Europe’s General Data Protection Regulation (GDPR). The post British Airways: A Case Study in GDPR Compliance Failure appeared first on Source Defense. The post British Airways: A Case Study in GDPR Compliance Failure appeared first on Security Boulevard.

Risk 143

Risk Government 143

Schneier on Security

AUGUST 30, 2022

This is good news: The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. “Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locatio

Risk 248

Risk 248

Security Affairs

AUGUST 30, 2022

A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites. A team of researchers from the Georgia Institute of Technology has analyzed the backups of more than 400,000 unique web servers and discovered 47,337 malicious plugins installed on 24,931 unique WordPress websites. The experts studied the evolution of CMS plugins in the production web servers dating back to 2012, to do this they developed an automated framework na

Backups 144

Backups Malware Technology Hacking 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

AUGUST 30, 2022

I must admit I was delighted to receive an email today from UK high street pharmacy Boots telling me I should enable two-factor authentication on my account. Boots customers would have benefited from two-factor authentication a couple of years ago, when hackers attempted to gain access to customers’ Boots Advantage Card accounts, and temporarily stopped … Continue reading "Boots lets down its customers, by only offering SMS-based 2FA".

Authentication 139

Authentication Accountability 139

Security Boulevard

SEPTEMBER 2, 2022

Women make up 51% of the population, but just 24% of the cybersecurity workforce. The good news is that cybersecurity organizations around the world increasingly acknowledge the importance of gender diversity in the workplace. The bad news is that most still struggle with recruitment and hiring of women, with seven out of 10 leaders worldwide. The post Hiring More Women in Cybersecurity is Mission-Critical appeared first on Security Boulevard.

Cybersecurity 137

Cybersecurity Security Awareness 137

Schneier on Security

AUGUST 31, 2022

This is a fun story, detailing the hack a group of high school students perpetrated against an Illinois school district, hacking 500 screens across a bunch of schools. During the process, the group broke into the school’s IT systems; repurposed software used to monitor students’ computers; discovered a new vulnerability (and reported it ); wrote their own scripts; secretly tested their system at night; and managed to avoid detection in the school’s network.

Hacking 219

Hacking Penetration Testing Accountability Software 219

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. The Vx-undergroud researchers shared some images of several confidential documents that appear to be the commercial offer of Intellect.

Surveillance 141

Surveillance Spyware Mobile Hacking 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

AUGUST 27, 2022

Today’s organizations are facing significant threats that can impact a wide range of people, from individual users to the boardroom. Studies show that cyber professionals believe they are missing at least half of the attacks targeting their organization. Most organizations lack the expertise and internal resources to respond effectively to threats. For these reasons, more businesses are seeking out managed security services, like Nisos.

Risk 136

Risk Media Data collection Security Intelligence 136

Appknox

AUGUST 28, 2022

Several companies aren't still aware of the fact that automated mobile app security testing brings better ROI than manual testing. Perhaps, they don't know what aspects of automation testing directly or indirectly impact the ROI. However, we got you covered.

Mobile 136

Mobile 136

Security Boulevard

SEPTEMBER 2, 2022

Ukraine supporters hacked Russia’s biggest ride hailing app, Yandex Taxi. They sent every available cab to a single address, all at once. The post Hackers Hail all Taxis in Moscow — HUGE Gridlock for 3 Hours appeared first on Security Boulevard.

Hacking 135

Hacking Social Engineering Engineering Mobile 135

Security Affairs

AUGUST 30, 2022

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners. Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims.

Malware 141

Malware Cryptocurrency Hacking Technology 141

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

SEPTEMBER 1, 2022

Amid a wave of hacks which has cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 134

Cryptocurrency Hacking 134

We Live Security

AUGUST 30, 2022

Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? The post TikShock: Don’t get caught out by these 5 TikTok scams appeared first on WeLiveSecurity.

Scams 135

Scams Media 135

Security Boulevard

SEPTEMBER 1, 2022

Interview with Mike Manrod, CISO, and Christian Taillon, IT Security Engineer at Grand Canyon Education. The post DHS Calls for “Excellence in Software” in Log4j Report appeared first on Security Boulevard.

Software 133

Software CISO Education Engineering 133

Security Affairs

AUGUST 30, 2022

Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source projects of the IT giant. The company will pay up to $31,337 for vulnerabilities in its projects, while its lowest payout will be $100.

Software 142

Software Passwords Hacking Risk 142

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CyberSecurity Insiders

AUGUST 31, 2022

In what seems to be a startling revelation made by Cybersecurity firm Proofpoint, China has been conducting espionage on Australian defense and energy servers for months, thus stealing intelligence and spying on the activities conducted by the officials. It was a well-planned attack conducted by a hacking group named Red Ladon, say experts from the security firm.

Phishing 133

Phishing Cybersecurity Hacking Software 133

Dark Reading

SEPTEMBER 2, 2022

Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers.

145

145

Digital Shadows

SEPTEMBER 1, 2022

Rising energy bills, inflation, skyrocketing interest rates; the world continues to suffer from a cost of living and economic crisis. The post “I’m tired of living in poverty” – Russian-Speaking Cyber Criminals Feeling the Economic Pinch first appeared on Digital Shadows.

131

131

eSecurity Planet

AUGUST 31, 2022

Vulnerability management systems based on the Common Vulnerability Scoring System (CVSS) v2 scoring system may be misguided, as a new report found that roughly half of the most critical vulnerabilities may be scored incorrectly. “Looking at the past 10 years, in the same midyear period, we see that on average, 51.5 percent of all known 10.0 scored vulnerabilities are unspecified,” Flashpoint noted in its mid-year 2022 Report. “This means organizations could be prioritizing hund

Risk 130

Risk Firewall Data breaches Software 130

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity