Sat.Jun 26, 2021 - Fri.Jul 02, 2021

article thumbnail

What is the dark web? How to access it and what you'll find

CSO Magazine

Dark web definition. The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period in 2015 and found that 57% host illicit material.

article thumbnail

3 Steps to Strengthen Your Ransomware Defenses

The Hacker News

The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cyber investments are growing, but not enough

Tech Republic Security

64% of respondents to PwC's latest CEO survey expect a jump in reportable ransomware and software supply chain incidents this year, and only 55% are prepared to respond.

article thumbnail

More Russian Hacking

Schneier on Security

Two reports this week. The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.

Hacking 363
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and i

article thumbnail

Welcoming the Slovak Republic Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come.

More Trending

article thumbnail

Risks of Evidentiary Software

Schneier on Security

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it. The software engineers proposed a three-part test.

Software 349
article thumbnail

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD. Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who ca

Firmware 359
article thumbnail

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront. Related: Equipping Security Operations Centers (SOCs) for the long haul. Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time.

Risk 149
article thumbnail

You don't have to be a tech expert to become a cybersecurity pro

Tech Republic Security

Attention to detail, creativity and perseverance are key traits for a good white hat hacker. These positions are in high demand.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Insurance and Ransomware

Schneier on Security

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

Insurance 303
article thumbnail

We Infiltrated a Counterfeit Check Ring! Now What?

Krebs on Security

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it.

Scams 285
article thumbnail

Shutdown Kaseya VSA servers now amidst cascading REvil attack against MSPs, clients

Malwarebytes

A severe ransomware attack reportedly taking place now against the popular Remote Monitoring and Management software tool Kaseya VSA has forced Kaseya into offering urgent advice: Shutdown VSA servers immediately. “We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today,” Kaseya wrote on Friday afternoon.

article thumbnail

Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million

Tech Republic Security

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

NFC Flaws in POS Devices and ATMs

Schneier on Security

It’s a series of vulnerabilities : Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader — rather than swipe or insert it — to make a payment or extract money from a cash machine.

Firmware 296
article thumbnail

How to bypass the Windows 11 TPM 2.0 requirement

Bleeping Computer

Microsoft now requires a computer to have a TPM 2.0 module to install Windows 11. However, new Registry entries have been discovered that allow you to bypass the TPM requirement and minimum memory and secure boot requirements. [.].

145
145
article thumbnail

Chinese hacking group impersonates Afghan president to infiltrate government agencies

Zero Day

The APT has been accused of infiltrating the country’s security council.

article thumbnail

More than 3.5 million people needed worldwide to work in cybersecurity

Tech Republic Security

Expert says attacks are getting bigger and more aggressive than before. Instead of being like a burglary, they're more like a home invasion.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Fancy Bear Is Trying to Brute-Force Hundreds of Networks

WIRED Threat Level

While SolarWinds rightly drew attention earlier this year, Moscow's Fancy Bear group has been on a password-guessing spree this whole time.

Passwords 145
article thumbnail

NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers

The Hacker News

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the U.K.

Hacking 145
article thumbnail

Second colossal LinkedIn “breach” in 3 months, almost all users affected

Malwarebytes

LinkedIn has reportedly been breached— again —following reports of a massive sale of information scraped from 500M LinkedIn user profiles in the underground in May. According to Privacy Shark, the VPN company who first reported on this incident , a seller called TomLiner showed them he was in possession of 700 million Linkedin user records. That means almost all (92 percent) of LinkedIn’s users are affected by this.

article thumbnail

Cybersecurity study: SolarWinds attack cost affected US companies an average of $12 million

Tech Republic Security

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Common Facebook scams and how to avoid them

We Live Security

Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed. The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity.

Scams 145
article thumbnail

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

The Hacker News

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.

Firmware 145
article thumbnail

CISA releases new ransomware self-assessment security audit tool

Bleeping Computer

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET). [.].

article thumbnail

Windows 11: Understanding the system requirements and the security benefits

Tech Republic Security

Security is a big part of Windows 11, but so is delivering productivity and a good experience with all the security features turned on.

210
210
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New LinkedIn breach exposes data of 700 Million users

Security Affairs

A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users. A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total 756M users, is available for sale on forums on the dark web. The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experi

article thumbnail

New ransomware highlights widespread adoption of Golang language by cyberattackers

Zero Day

The latest version of Go is being used to prevent reverse-engineering attempts.

article thumbnail

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

The Hacker News

Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.

145
145
article thumbnail

Americans lost $29.8 billion to phone scams in the past year, study finds

Tech Republic Security

The number of spam calls, the number of people losing money to them and the total amount of money lost In the past year are all record setting.

Scams 208
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!