Joseph Steinberg

JULY 8, 2021

Recent crippling ransomware attacks have highlighted the tremendous financial price that businesses often pay after suffering a cyber breach; hacker-inflicted damages such as multi-million-dollar ransoms and even larger recovery costs, harmed reputations, and significant downtimes, which, not that many years ago, were topics of only fictional novels and films, have now become part our collective reality.

Insurance 364

Insurance Cyber Insurance Cybersecurity Small Business 364

Threatpost

JULY 5, 2021

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware. InfoSec Insider Malware

Ransomware 136

Ransomware InfoSec Malware 136

The State of Security

JULY 7, 2021

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing, on its own, cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis, and are required by standards such as PCI, […]… Read More.

Penetration Testing 106

Penetration Testing Cyber Risk Risk 106

Schneier on Security

JULY 6, 2021

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time.

Password Management 362

Password Management Passwords 362

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JULY 5, 2021

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other

Government 361

Government Data breaches 361

Krebs on Security

JULY 7, 2021

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.

Backups 348

Backups Software Engineering 348

Schneier on Security

JULY 8, 2021

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s network.

Ransomware 355

Ransomware Malware Firewall Encryption 355

Troy Hunt

JULY 6, 2021

A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn't understand, namely devoting a bunch of my time to creating things for the community. Not for money, not for glory, but for the love of technology and for the joy of seeing it make a difference to people.

Media 289

Media Technology 289

Krebs on Security

JULY 9, 2021

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside. Now it appears the crime — known variously as “ ATM smash-and-grab ” or “ chain gang ” attacks — is rapidly increasing in other states.

Banking 346

Banking Insurance Surveillance Risk 346

Tech Republic Security

JULY 9, 2021

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.

Phishing 216

Phishing Scams Cybersecurity 216

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

JULY 5, 2021

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught.

335

335

Graham Cluley

JULY 8, 2021

Security researchers report that a notorious North Korean hacking group has been targeting engineers working in the defence industry. Read more in my article on the Tripwire State of Security blog.

Engineering 145

Engineering Hacking Malware 145

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Software 310

Software Ransomware System Administration Authentication 310

Tech Republic Security

JULY 9, 2021

Ransomware attacks are rampant, with thousands taking place every single day. Learn how a zero-trust security model can protect your organization.

Ransomware 217

Ransomware 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

JULY 8, 2021

Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here’s what might change the calculus. The post Ransomware: To pay or not to pay? Legal or illegal? These are the questions … appeared first on WeLiveSecurity.

Ransomware 145

Ransomware 145

Graham Cluley

JULY 7, 2021

While the world continues to wait for Kaseya to issue an update to patch VSA installations against a vulnerability exploited by the REvil ransomware gang, security researchers spotted a malware campaign which is taking advantage of the vacuum.

Malware 145

Malware Ransomware 145

Bleeping Computer

JULY 7, 2021

Researchers have bypassed Microsoft's emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed. [.].

145

145

Tech Republic Security

JULY 8, 2021

Ransomware attacks are getting bigger and harder to defend against. Tom Merritt lists the top five more things about ransomware you need to know.

Ransomware 215

Ransomware 215

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JULY 9, 2021

Do you deploy security products to protect your organization against data breaches as part of your infrastructure cybersecurity strategy? If so, it’s important to ensure there are no critical gaps in your security stack. If you consider the category of breach protection critical, you should shift from a product-oriented to a protection-oriented mindset.

Data breaches 145

Data breaches Cybersecurity Antivirus Software 145

We Live Security

JULY 7, 2021

ESET Research uncovers an active malicious campaign that uses new versions of old malware, Bandook, to spy on its victims. The post Bandidos at large: A spying campaign in Latin America appeared first on WeLiveSecurity.

Malware 145

Malware 145

Graham Cluley

JULY 5, 2021

Hundreds - if not thousands - of companies have been by a huge supply-chain REvil ransomware attack that struck on Friday July 2nd, just as companies in the United States were closing down for the Independence Day holiday weekend.

Ransomware 145

Ransomware Malware 145

Tech Republic Security

JULY 8, 2021

Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.

210

210

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

JULY 7, 2021

Cyberattacks on hospitals are rising, and patients are worried. Is my personal data at risk? Could ransomware or hackers effectively shut down the ER near me? Consider these findings from a March 2021 report by cybersecurity provider Morphisec: About one in five Americans said their health care was affected by cyberattacks last year. Nearly. The post How to Protect Medical Devices from Ransomware appeared first on Security Boulevard.

Ransomware 145

Ransomware Risk Cybersecurity IoT 145

The Hacker News

JULY 8, 2021

This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers.

145

145

Malwarebytes

JULY 9, 2021

Sometimes readers ask us how to send an anonymous email or how criminals and scammers manage to send anonymous emails. Since this is not an easy question to answer, because, for starters, there are several ways to interpret the question, I’ll try to give you some information here. Interpret the question. Sending an anonymous letter via snail-mail was easy.

Encryption 145

Encryption VPN Accountability Advertising 145

Tech Republic Security

JULY 7, 2021

A new phishing campaign claims to offer a security update for Kaseya's VSA software but actually tries to install malware, says Malwarebytes.

Malware 216

Malware Ransomware Phishing Software 216

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JULY 8, 2021

The recent rash of API security incidents (Peloton, Experian, Clubhouse, etc.) has no doubt forced many security and development teams to take a closer look at their API security posture to ensure they are not the next headline. Creating an inventory of all APIs exposed to external audiences is the most common starting point that […]. The post API Security Need to Know: Top 5 Authentication Pitfalls appeared first on Cequence.

Authentication 145

Authentication Risk 145

The Hacker News

JULY 3, 2021

Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims.

Passwords 145

Passwords 145

We Live Security

JULY 3, 2021

As news breaks about the supply-chain ransomware attack against Kaseya's IT management software, here’s what we know so far. The post Kaseya supply‑chain attack: What we know so far appeared first on WeLiveSecurity.

Ransomware 145

Ransomware Software Cybersecurity 145

Tech Republic Security

JULY 6, 2021

Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.

194

194

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity