CSO Magazine

MAY 12, 2021

SOAR: Meaning and definition. SOAR is the name for a relatively new kind of security platform that coordinates information produced by a wide range of security tools and automate much of their analysis and protective responses. SOAR, which stands for security orchestration, automation, and response, is a term coined by Gartner in 2015 and since embraced by the industry as companies grapple with increasing security threats, a tight labor market, and an increasing flood of information they need to

Marketing 112

Marketing 112

eSecurity Planet

MAY 13, 2021

Oil and gas companies have two key areas of concern when addressing cybersecurity, especially in their unmanned remote facilities. They have to supply physical security that denies access to the cyber-physical assets, and they sometimes must employ several cyber defenses depending on the device or system in question. So when you are looking at doing a Zero Trust deployment for critical infrastructure, it is important to be mindful of the fact that a site’s physical security is typically th

Digital transformation 133

Digital transformation Technology Ransomware IoT 133

Krebs on Security

MAY 14, 2021

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. “Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a

Ransomware 364

Ransomware Cryptocurrency Cybercrime Healthcare 364

Schneier on Security

MAY 10, 2021

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “ New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era ,” Cryptographic Quarterly , Spring 1996, author still classified.

360

360

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

MAY 9, 2021

A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much s**t breaks in a connected house when devices become inaccessible? Lots. But hey, at least I've finally automated my aircon!

Encryption 304

Encryption 304

Adam Levin

MAY 14, 2021

Colonial Pipeline paid roughly $5 million to the ransomware group responsible for hacking its systems, contradicting earlier claims. . Bloomberg News reported that the company paid the ransom in cryptocurrency hours after the May 7 cyberattack that shut down the country’s largest fuel pipeline. In exchange for the payment, the hackers responsible provided Colonial with a decryption tool that restored the company’s access to its data. .

Backups 260

Backups Cryptocurrency Ransomware Cybersecurity 260

Schneier on Security

MAY 10, 2021

This is a major story : a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish it. The White House has declared a state of emergency and has created a task force to deal with the problem, but it’s unclear what they can do.

Ransomware 352

Ransomware Cybercrime 352

Tech Republic Security

MAY 11, 2021

Cybersecurity expert discusses the many ways attackers could have gotten access to the Colonial Pipeline company and reminds us why the threat always looms.

Cybersecurity 215

Cybersecurity 215

Security Boulevard

MAY 11, 2021

Humans are the biggest risk to an organization’s cybersecurity posture, and it might be a bigger risk than many realize. According to research from Elevate Security, human behavior had a direct role in 88% of total losses in the largest cybersecurity incidents over the past five years and about two-thirds of major data breaches are. The post Your Security Awareness Training Isn’t Working appeared first on Security Boulevard.

Security Awareness 145

Security Awareness Data breaches Risk Cybersecurity 145

Krebs on Security

MAY 10, 2021

How much is your payroll data worth? Probably a lot more than you think. One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work.

Passwords 286

Passwords Mobile Accountability Marketing 286

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

MAY 14, 2021

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The DC police are the victims of this ransomware, and the criminals have just posted personnel records — “including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories” — for two dozen police officers.

Ransomware 326

Ransomware Cryptocurrency Cybercrime Internet 326

Tech Republic Security

MAY 12, 2021

Government and business both need to step up to combat ransomware attacks against critical systems before they spiral further out of control.

Ransomware 217

Ransomware Government 217

Security Boulevard

MAY 10, 2021

Organizations have flocked from on-premises to the cloud over the past year, and protecting data during the transition has proven to be a monumental task. But now companies must focus on what happens after the migration. The new reality is that these organizations and their cloud providers work under a shared responsibility model, in which…. The post Protecting Cloud Data Throughout Its Lifecycle appeared first on Baffle.

145

145

Hot for Security

MAY 10, 2021

Tulsa, Oklahoma, is reportedly the latest in a long line of American cities to have fallen victim to a ransomware attack. The attack, which occurred on Friday evening, caused the city’s IT security teams to shut down many of Tula’s internal systems over the weekend “out of an abundance of caution” while they worked around the clock at the weekend in an attempt to restore operations from backups.

Ransomware 145

Ransomware Backups Government Internet 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MAY 11, 2021

Microsoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.” Details on their blog.

Risk 325

Risk Artificial Intelligence 325

Tech Republic Security

MAY 12, 2021

Attackers are not only demanding ransom from organizations, but also threatening their customers, users and other third parties.

Ransomware 217

Ransomware 217

Security Affairs

MAY 10, 2021

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites. Starting from January 2020, a threat actor has been adding thousands of malicious exit relays to the Tor network to intercept traffic and carry out SSL stripping attacks on users while accessing mixing websites, The Record first reported.

Cryptocurrency 145

Cryptocurrency Hacking Information Security Cybersecurity 145

Security Boulevard

MAY 8, 2021

Every time there’s a cyberattack like the recent ransomware targeting Colonial Pipeline, industry experts scramble to share thoughts on what could have been done to thwart it, or what the impact of a breach could be. Organizations need to reset themselves to have a post-breach mindset, pre-breach. The post OT and IoT Security: Adopt a Post-Breach Mindset Today appeared first on Nozomi Networks.

IoT 145

IoT Ransomware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Digital Shadows

MAY 12, 2021

Gotta do it for the ‘Gram (Instagram), as the kids might say. After a year in quarantine, you just got. The post How Cybercriminals Can Leverage Your Vaccination Card Selfie first appeared on Digital Shadows.

145

145

Tech Republic Security

MAY 11, 2021

Though it likes to promote itself as being "philanthropic," the DarkSide gang represents a dangerous threat to organizations around the world.

Ransomware 195

Ransomware 195

Bleeping Computer

MAY 10, 2021

After a ransomware attack on Colonial Pipeline forced the company to shut down 5,500 miles of fuel pipeline, the Federal Motor Carrier Safety Administration (FMCSA) issued a regional emergency declaration affecting 17 states and the District of Columbia. [.].

Ransomware 145

Ransomware 145

Graham Cluley

MAY 10, 2021

The 5,500 miles of Colonial Pipeline, which carry over 100 million gallons of fuel every day, from Houston, Texas to the New York Harbor, has been offline since May 7 following a ransomware attack.

Ransomware 145

Ransomware Malware 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

MAY 12, 2021

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.

145

145

Tech Republic Security

MAY 10, 2021

A recent survey found an unusual reason cybersecurity is failing. Experts share what it is and how to correct it.

Technology 213

Technology Cybersecurity 213

Bleeping Computer

MAY 9, 2021

WhatsApp says that it will not delete or deactivate the accounts of users who oppose its latest privacy policy update that requires sharing data with Facebook companies. [.].

Accountability 145

Accountability Technology 145

CyberSecurity Insiders

MAY 12, 2021

Your staff members may fail to notice how they expose their business to security risks. Beware of the most common insider threats and learn how to resist. Let us assume you do your best to protect your business from security risks. But do you know that a good deal of the danger accounts for insiders? Dealing with insider threats is an awfully bad experience for too many businesses so far.

Accountability 144

Accountability Scams Risk Software 144

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

MAY 14, 2021

To say that the world was unprepared for what happened in March of 2020 would be a gross understatement. Nobody needs a reminder of the seismic changes that the coronavirus pandemic introduced. Large enterprises were caught off guard, to be sure. But many small and medium-sized enterprises (SMEs), which typically operate with lean and sometimes. The post Remote Work Lessons Learned appeared first on Security Boulevard.

Cybersecurity 144

Cybersecurity Network Security 144

Tech Republic Security

MAY 12, 2021

A new HP Wolf Security study focuses on shifting cybersecurity threats in the age of remote working as employees use work devices for personal entertainment.

Cybersecurity 178

Cybersecurity 178

Security Affairs

MAY 10, 2021

The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks.

Ransomware 145

Ransomware Energy and Utilities Healthcare Cybercrime 145

eSecurity Planet

MAY 12, 2021

MITRE added a new wrinkle to its latest endpoint detection and response (EDR) evaluations, a test of endpoint security products’ ability to stop an adversarial attack. Previous MITRE evaluations and the first part of the latest evaluation, Carbanak+FIN7 , focused on the ability of vendors to detect attacks and alert security staff. That approach focuses more on the strengths of EDR tools, which essentially add a centralized management layer to endpoint security, the ability to detect and r

Antivirus 143

Antivirus Marketing Malware Cybersecurity 143

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity