Krebs on Security

MARCH 4, 2021

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.

Cybercrime 363

Cybercrime Hacking Passwords Accountability 363

Schneier on Security

MARCH 1, 2021

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

Risk 362

Risk Government Marketing Software 362

Troy Hunt

MARCH 1, 2021

I'm pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT , now has full and free access to query their government domains across the entire scope of data in HIBP. This is now the 12th government onboarded to HIBP and I'm very happy to see the Portuguese join their counterparts in other corners of the world.

Government 333

Government 333

Tech Republic Security

MARCH 1, 2021

Remote employees have engaged in certain risky behaviors, such as storing sensitive data, using inappropriate admin access and failing to update software, says Tanium.

Software 212

Software 212

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

MARCH 5, 2021

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity.

Hacking 364

Hacking Software Government Internet 364

Schneier on Security

MARCH 5, 2021

I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method, and its abstract ends with the provocative sentence: “This destroys the RSA cryptosystem.” It does not. At best, it’s an improvement in factoring — and I’m not sure it’s even that.

309

309

Tech Republic Security

MARCH 2, 2021

A new Red Hat report also finds that app development and digital transformation are important to users and that security perceptions have improved.

Digital transformation 213

Digital transformation 213

Krebs on Security

MARCH 2, 2021

PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR handles everything from payroll processing and human resources to health insurance and tax forms for hundreds of “professional employer organizations” (PEOs) that serve more than two million employees.

Ransomware 322

Ransomware Small Business Insurance Software 322

Schneier on Security

MARCH 3, 2021

NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander ‘s parachute. More information.

Encryption 285

Encryption 285

Security Boulevard

MARCH 5, 2021

Today, the United States Attorney for the Southern District of New York, William F. Sweeney, announced the unsealing of a seven count indictment charging John David McAfee, founder of McAfee, and Jimmy Gale Watson, an executive advisor to McAfee, with pump-and-dump schemes, as well as initial coin offering (ICO) touting schemes. Watson was arrested on.

Cybersecurity 145

Cybersecurity 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

MARCH 4, 2021

Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.

Phishing 196

Phishing Social Engineering Engineering 196

Krebs on Security

MARCH 2, 2021

Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

Internet 314

Internet Internet Software Education 314

Hot for Security

MARCH 3, 2021

A new zero-day vulnerability has been discovered in the popular web browser Chrome, with Google noting that the flaw is being exploited by malicious actors. Users should install the updated version of the browser containing the patch as soon as possible. In traditional Chrome-team fashion, the techies maintaining the world’s most popular web browser for desktops are “delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux.”.

145

145

Security Boulevard

MARCH 3, 2021

While I might not be in the IT trenches, over my years in sales I have had the benefit of working alongside IT leaders across multiple industries. I’ve learned first-hand about the problems IT leaders face in their everyday cybersecurity operations. And what is the biggest takeaway? It’s that at small to medium-sized businesses or really any with a blossoming security program, IT leaders’ cybersecurity problems revolve mainly around a lack of three components: people, process, and technology.

Cybersecurity 145

Cybersecurity Technology 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MARCH 2, 2021

Too many people shrug off SELinux on their data center systems. Jack Wallen says it's time to stop giving into that siren song so your operating systems are weakened.

190

190

We Live Security

MARCH 3, 2021

Some perpetrators of online crime and fraud don’t use advanced methods to profit at the expense of unsuspecting victims and to avoid getting caught. The post Not all cybercriminals are sophisticated appeared first on WeLiveSecurity.

Cybercrime 145

Cybercrime 145

Malwarebytes

MARCH 3, 2021

Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data includes email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPN apps—SuperVPN, GeckoVPN, and ChatVPN.

VPN 145

VPN Passwords Internet Internet 145

Security Boulevard

MARCH 1, 2021

Edge computing is proving to be more than just a trend. Research giant Gartner predicts that by 2025, some 75% of enterprise-generated data will be created and processed outside of the traditional data center or cloud. Simply put, the edge is poised to be huge, and with that growth comes new cybersecurity threats. What’s more, The post Edge Computing Growth Drives New Cybersecurity Concerns appeared first on Security Boulevard.

Cybersecurity 145

Cybersecurity 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MARCH 4, 2021

Account takeovers and online banking fraud are two types of attacks on the rise against financial institutions and their customers, says Feedzai.

Banking 195

Banking Accountability 195

The Hacker News

MARCH 4, 2021

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents.

Data breaches 145

Data breaches Cybersecurity Hacking 145

Hot for Security

MARCH 1, 2021

Gab, the Twitter-like social networking service known for its far-right userbase, has reportedly been hacked - putting more than 40 million public and private posts, messages, as well as user profiles and hashed passwords, at risk of exposure. Read more in my article on the Hot for Security blog.

Passwords 145

Passwords Hacking Risk Data breaches 145

Security Boulevard

FEBRUARY 28, 2021

Businesses, employees and their customers rely on social media interactions more than ever since COVID-19 arrived. However, social media usage should raise certain privacy concerns. For most users, it comes down to a level of trust. In other words, users trust that social media platforms will protect and secure their personal information and data. Which, The post Social Media Risks Increasing in 2021 appeared first on Security Boulevard.

Media 145

Media Risk Accountability 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

MARCH 5, 2021

A lack of confidence in companies' defenses is prompting 91% of organizations to boost 2021 budgets, according to a new IDG/Insight Enterprises study.

Cybersecurity 183

Cybersecurity 183

The Hacker News

MARCH 1, 2021

Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single year, increasing 66% from 12 billion in 2019. Incredibly, this is a 9x increase from the comparatively "small" amount of 2.

145

145

Trend Micro

FEBRUARY 28, 2021

Povlsomware is a proof-of-concept (POC) ransomware first released in November 2020 which, according to their Github page, is used to “securely” test the ransomware protection capabilities of security vendor products.

Ransomware 143

Ransomware 143

Security Boulevard

FEBRUARY 28, 2021

. A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. Serious Linux Vulnerability. Last month a newly discovered critical vulnerability in 'sudo', a fundamental program present in all Linux and Unix operating systems caught my eye. The sudo vulnerability aka CVE-2001-3156 , seemed to go under the radar after it was announced and patches were released on 26th January 2021.

Energy and Utilities 145

Energy and Utilities Ransomware DDOS Accountability 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

MARCH 2, 2021

Whether paying ransom for data held hostage makes sense depends on many variables. Experts define the variables and why they're important.

Ransomware 173

Ransomware 173

Security Affairs

FEBRUARY 27, 2021

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ?A cybercrime group called ‘Hotarus Corp’ has breached the Ecuador’s largest private bank, Banco Pichincha, and the local Ministry of Finance (the Ministerio de Economía y Finanzas de Ecuador).

Hacking 144

Hacking Banking Ransomware InfoSec 144

CSO Magazine

MARCH 2, 2021

The first thing a CISO should remember when considering a new position is that C-level security professionals are a valuable commodity. That means take your time and be picky so you don’t land the wrong job. Or, as the world’s first CISO Steve Katz says, “Don’t go shopping when you’re hungry.

CISO 144

CISO 144

Security Boulevard

MARCH 1, 2021

Last year, 2020, was a year of accelerated digital transformation with COVID-19 related lockdowns pushing preexisting trends into overdrive. We saw more quantum leaps in cloud adoption, remote work and digital transformation in a single year than we’d seen in the previous decade. Naturally, this shakeup has caused a near-perfect storm in the enterprise security.

Authentication 145

Authentication Digital transformation Cybersecurity Network Security 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity