Joseph Steinberg

JULY 8, 2021

Recent crippling ransomware attacks have highlighted the tremendous financial price that businesses often pay after suffering a cyber breach; hacker-inflicted damages such as multi-million-dollar ransoms and even larger recovery costs, harmed reputations, and significant downtimes, which, not that many years ago, were topics of only fictional novels and films, have now become part our collective reality.

Insurance 363

Insurance Cyber Insurance Cybersecurity Small Business 363

Threatpost

JULY 5, 2021

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware. InfoSec Insider Malware

Ransomware 136

Ransomware InfoSec Malware 136

The State of Security

JULY 7, 2021

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing, on its own, cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis, and are required by standards such as PCI, […]… Read More.

Penetration Testing 106

Penetration Testing Cyber Risk Risk 106

Schneier on Security

JULY 6, 2021

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time.

Password Management 363

Password Management Passwords 363

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

JULY 5, 2021

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other

Government 361

Government Data breaches 361

Krebs on Security

JULY 7, 2021

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.

Backups 356

Backups Software Engineering 356

Schneier on Security

JULY 8, 2021

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s network.

Ransomware 359

Ransomware Malware Firewall Encryption 359

Troy Hunt

JULY 6, 2021

A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn't understand, namely devoting a bunch of my time to creating things for the community. Not for money, not for glory, but for the love of technology and for the joy of seeing it make a difference to people.

Media 310

Media Technology 310

Krebs on Security

JULY 9, 2021

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside. Now it appears the crime — known variously as “ ATM smash-and-grab ” or “ chain gang ” attacks — is rapidly increasing in other states.

Banking 352

Banking Insurance Surveillance Risk 352

The Last Watchdog

JULY 7, 2021

The video game industry saw massive growth in 2020; nothing like a global pandemic to drive people to spend more time than ever gaming. Related: Credential stuffers exploit Covid 19 pandemic. Now comes a report from Akamai detailing the extent to which cyber criminals preyed on this development. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019.

Accountability 257

Accountability Mobile Passwords Authentication 257

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JULY 5, 2021

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught.

347

347

Troy Hunt

JULY 3, 2021

This week is a bit of everything again, although the main difference this time was an update on the COVID situation we're facing in Australia. We've been largely virus-free (relative speaking) but as a result, vaccine rollout has been really slow (as in about 5% of the country being covered) and following some outbreaks of the Delta strain this past couple of weeks, everyone is feeling a bit nervous.

IoT 279

IoT 279

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Software 326

Software Ransomware System Administration Authentication 326

Javvad Malik

JULY 7, 2021

Logan Paul and his brother Jake Paul are what you could call social media celebrities. They amassed over 20 million followers across YouTube, Vine, Instagram, and others over the years through different types of content, sketches, and pranks. To anyone over the age of 35, they probably are considered a fad, forgettable, a representation of all that is wrong with the “youth” these days – if they know of them at all.

CISO 221

CISO Phishing Media Security Awareness 221

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JULY 9, 2021

Ransomware attacks are rampant, with thousands taking place every single day. Learn how a zero-trust security model can protect your organization.

Ransomware 218

Ransomware 218

Lohrman on Security

JULY 4, 2021

Guy Perelmuter offers an insightful, easy to read, helpful guide to present and future technology in business areas ranging from the future of jobs to AI and from cryptocurrencies to quantum computing.

Cryptocurrency 214

Cryptocurrency Technology 214

Malwarebytes

JULY 9, 2021

Sometimes readers ask us how to send an anonymous email or how criminals and scammers manage to send anonymous emails. Since this is not an easy question to answer, because, for starters, there are several ways to interpret the question, I’ll try to give you some information here. Interpret the question. Sending an anonymous letter via snail-mail was easy.

Encryption 145

Encryption VPN Accountability Advertising 145

Security Affairs

JULY 9, 2021

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. The insurance firm paid a $40 ransom to restore access to its files following the ransomware attack. According to Bloomberg, CNA Financial opted to pay the ransom two weeks after the security breach because it was not able to restore its operations.

Data breaches 145

Data breaches Insurance Ransomware Identity Theft 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 8, 2021

Phishing, malicious files and other forms of fraud have followed the highly awaited movie since it was first delayed due to COVID-19. On the eve of its actual release, the scams have begun anew.

Scams 218

Scams Malware Phishing 218

The Hacker News

JULY 9, 2021

Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection.

Cybercrime 145

Cybercrime Malware 145

We Live Security

JULY 8, 2021

Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here’s what might change the calculus. The post Ransomware: To pay or not to pay? Legal or illegal? These are the questions … appeared first on WeLiveSecurity.

Ransomware 145

Ransomware 145

Graham Cluley

JULY 8, 2021

Security researchers report that a notorious North Korean hacking group has been targeting engineers working in the defence industry. Read more in my article on the Tripwire State of Security blog.

Engineering 145

Engineering Hacking Malware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JULY 7, 2021

An analysis by Sophos suggests that the latest attack is similar to one that Kaseya endured in 2018.

Software 218

Software Ransomware 218

The Hacker News

JULY 8, 2021

This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers.

145

145

Zero Day

JULY 8, 2021

RaaS groups are hiring negotiators whose primary role is to force victims to pay up.

Ransomware 145

Ransomware 145

SecureList

JULY 7, 2021

New findings. Our previous story regarding WildPressure was dedicated to their campaign against industrial-related targets in the Middle East. By keeping track of their malware in spring 2021, we were able to find a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant with the same version (1.6.1) and a set of modules that include an orchestrator and three plugins.

Malware 145

Malware Encryption Hacking Architecture 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JULY 8, 2021

Ransomware attacks are getting bigger and harder to defend against. Tom Merritt lists the top five more things about ransomware you need to know.

Ransomware 217

Ransomware 217

The Hacker News

JULY 9, 2021

While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims' computers.

Phishing 145

Phishing Malware 145

We Live Security

JULY 7, 2021

ESET Research uncovers an active malicious campaign that uses new versions of old malware, Bandook, to spy on its victims. The post Bandidos at large: A spying campaign in Latin America appeared first on WeLiveSecurity.

Malware 145

Malware 145

SecureList

JULY 7, 2021

Summary. Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client machine that runs the Windows Print Spooler service.

Accountability 145

Accountability Risk Ransomware Technology 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity