Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Banking 362

Banking Phishing Scams Accountability 362

Lohrman on Security

NOVEMBER 7, 2021

Not only is ransomware the top cybersecurity story in 2021, but new twists, turns and countermeasures keep coming. Here are the latest headlines and what news you need.

Ransomware 336

Ransomware Cybersecurity 336

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Hacking 311

Hacking Firmware Engineering Software 311

The Last Watchdog

NOVEMBER 8, 2021

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers. However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, sto

Healthcare 349

Healthcare Technology Architecture IoT 349

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

NOVEMBER 8, 2021

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

Ransomware 320

Ransomware Cybercrime System Administration Passwords 320

Tech Republic Security

NOVEMBER 10, 2021

After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top.

Ransomware 203

Ransomware 203

Security Boulevard

NOVEMBER 12, 2021

Recent ransomware attacks have dominated the headlines this year. Predictions estimate that the financial impact caused by ransomware could reach $265 billion globally by 2031. That means cyberattacks targeting enterprises and individuals are happening at a rate of about one attack every few seconds. The average ransom payment made by a business to.

Cyber Insurance 145

Cyber Insurance Insurance Ransomware Cybersecurity 145

Krebs on Security

NOVEMBER 9, 2021

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Backups 271

Backups Authentication Passwords Internet 271

Tech Republic Security

NOVEMBER 12, 2021

With an estimated 14% of PPC costs being lost to fraud, all it takes is a look at the advertising budgets of top tech firms to see how much money they're wasting, says PPC Shield.

Advertising 178

Advertising 178

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” It’s pretty good.

Risk 317

Risk Cybersecurity 317

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT Security Guru

NOVEMBER 11, 2021

What keeps OT security specialists up at night? It’s mostly problems from the IT world, says Andy Norton, European Cyber Risk Officer at Armis. Operational technology (OT) used to be the specialist networks nobody in IT bothered with, or perhaps thought they didn’t need to. For a while, that seemed reasonable; OT networks were usually isolated from IT operations, sat behind air gaps, and ran on obscure operating systems.

Cybersecurity 145

Cybersecurity Wireless Cyber Risk Risk 145

We Live Security

NOVEMBER 11, 2021

It’s often said that data breaches are no longer a matter of ‘if’, but ‘when’ – here’s what your organization should do, and avoid doing, in the case of a security breach. The post When the alarms go off: 10 key steps to take after a data breach appeared first on WeLiveSecurity.

Data breaches 145

Data breaches Cybersecurity 145

Tech Republic Security

NOVEMBER 9, 2021

The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti.

Ransomware 216

Ransomware 216

Schneier on Security

NOVEMBER 8, 2021

We’ve now had an (unsuccessful) assassination attempt by explosive-laden drones.

290

290

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

NOVEMBER 9, 2021

Red Teams are a necessary part of a good cybersecurity program. The Red Team is offensive security, explained Richard Tychansky, a security researcher speaking at (ISC)2 Security Congress. During the Red Team process, Tychansky said there are several stages to follow: • The organization and the Red Team (whether in-house or externally contracted) will agree.

Cybersecurity 145

Cybersecurity Social Engineering Engineering Malware 145

Bleeping Computer

NOVEMBER 12, 2021

Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores. [.].

Data breaches 144

Data breaches 144

Tech Republic Security

NOVEMBER 9, 2021

Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. He also shows you how.

217

217

eSecurity Planet

NOVEMBER 12, 2021

Remote work and home offices were an afterthought until the COVID-19 pandemic. They were then vaulted to the forefront of security concerns so quickly that security and IT teams were caught off guard. Now, remote work is likely here to stay even after the pandemic is gone. That means that the temporary solutions put in place over the last 18 months will need to give way to more permanent solutions.

Wireless 143

Wireless Marketing Technology Antivirus 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

NOVEMBER 10, 2021

The specter of ransomware is currently looming large. Barely a day goes by without headlines announcing the latest big name whose data’s been ‘kidnapped’ by cybercriminals—and imagine the number of victims that we don’t hear about! Recently, the well-known camera maker Olympus was allegedly hit by a ransomware attack which is still under investigation; other.

Ransomware 144

Ransomware Mobile Malware Cybersecurity 144

The Hacker News

NOVEMBER 12, 2021

Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads.

Phishing 144

Phishing Malware Banking Ransomware 144

Tech Republic Security

NOVEMBER 9, 2021

One person fingered for the July 2021 attack against Kaseya is in custody, while the other individual is still at large.

Ransomware 205

Ransomware 205

Bleeping Computer

NOVEMBER 8, 2021

Stock trading platform Robinhood has disclosed a data breach after their systems were hacked and a threat actor gained access to the personal information of approximately 7 million customers. [.].

Data breaches 143

Data breaches Hacking 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

NOVEMBER 10, 2021

New EMA Research Highlights the Rise of Active Directory Exploits Active Directory is getting a lot of buzz in business and tech news outlets lately—but not in a good way. AD continues to be a prime target for cybercriminals: Just a few recent examples include AD-related attacks on Sinclair Broadcast Group, camera manufacturer Olympus, The post Why 86% of Organizations Are Increasing Their Investment in Active Directory Security appeared first on Semperis.

Manufacturing 143

Manufacturing Ransomware 143

Malwarebytes

NOVEMBER 12, 2021

This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif (perhaps in reference to Moscow’s emergency hospital ) created a GitHub account and uploaded the first part of the attack on November 8.

Energy and Utilities 143

Energy and Utilities Encryption Accountability 143

Tech Republic Security

NOVEMBER 12, 2021

Americans lost $29.8 billion in phone fraud over the past year. Can AI fraud detection change this?

216

216

Security Affairs

NOVEMBER 10, 2021

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South Korean victims.

Spyware 145

Spyware Mobile Social Engineering Malware 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

NOVEMBER 9, 2021

The domain name system (DNS) is known as the phone book of the internet, quickly connecting users from their devices to their desired content. But what appears to most users as seamless and instantaneous actually offers multiple opportunities for bad actors to slip through the cracks. In April 2021, a troubling report indicated that an. The post DNSSEC: The Secret Weapon Against DNS Attacks appeared first on Security Boulevard.

DNS 141

DNS Internet Internet IoT 141

The Hacker News

NOVEMBER 9, 2021

Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor. The commission-free stock trading and investing platform said the incident happened "late in the evening of November 3," adding it's in the process of notifying affected users.

Data breaches 138

Data breaches 138

Tech Republic Security

NOVEMBER 8, 2021

Europol announced new arrests during its "Operation GoldDust." The suspects may have been heavily involved in the Sodinokibi/REvil and GandCrab ransomware activities.

Ransomware 163

Ransomware 163

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability ( CVE-2021-30869 ) unpatched in macOS Catalina.

Malware 145

Malware Media Surveillance Encryption 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity