But President Says Attackers Reside in RussiaPresident Joe Biden says the Russian government was not behind the ransomware attack that struck Colonial Pipeline Co. May 7, but he said attackers living in Russia were involved.Read More Biden: Russian Government Not Behind Colonial Pipeline Attack
Security researchers have discovered a way to leverage Apple’s Find My’s Offline Finding network to upload data from devices, even those that do not have a Wi-Fi or mobile network connection.
The EO is designed to protect federal networks, foster information sharing between the government and private sector, and better respond to cyber incidents. But will it do the trick?Read More Biden’s executive order faces challenges trying to beef up US cybersecurity
Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach
Canonical has made it easy for admins to join Ubuntu Desktop to Active Directory domains. Jack Wallen walks you through the steps.Read More How to connect Ubuntu Linux Desktop 21.04 to an Active Directory domain
Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society.Read More When AI Becomes the Hacker
New capabilities let admins restrict access to resources from privileged access workstations or regions based on GPS location.Read More Microsoft Adds GPS Location to Identity & Access Control in Azure AD
Hi GuysI need your support. I became aware only not that we can nominate SecurityAffairs as Best Personal Blog. I need your support. Please vote Security Affairs as Best Personal cybersecurity Blog at the following link https://docs.google.com/forms/d/e/1FAIpQLSer_6yOZrL8OO6XjJ9yj3Mlq9LvuOakdTZN9ZmhkFCy1aQLdw/viewform The URL is https://securityaffairs.co/ and indicate me Pierluigi Paganini as reference Thank you!Pierluigi Follow me on Twitter: @securityaffairs […]Read More Please vote Security Affairs – 1 day left
The Windows 10 KB5003173 cumulative update may fail to install with an error 0x800f0922 if Microsoft Edge has been previously uninstalled. […]Read More Windows 10 KB5003173 update fails with error 0x800f0922, how to fix
Colonial Pipeline Company has recovered quickly from the ransomware attack suffered less than a week ago and expects all its infrastructure to be fully operational today. […]Read More Colonial Pipeline restores operations, $5 million ransom demanded
Gartner believes it will be four years before the market achieves two-thirds of the position a WSJ Intelligence and Forcepoint survey says is already achieved
Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. Threat actors conducted a spear-phishing campaign using messages that were specifically designed to be […]
The post Organizations in aerospace and travel sectors under attack, Microsoft warns appeared first on Security Affairs.Read More Organizations in aerospace and travel sectors under attack, Microsoft warns
President Joe Biden said Thursday that Vladimir Putin was not connected to a Russia-based criminal cyber attack on a huge US fuel pipeline but that he will raise the issue at an expected summit.
Artists turn 700 misogynistic comments made online into 3,000m-long artworkRead More Cyber-bullying Spawns Artistic Protest
Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. […]Read More Attackers abuse Microsoft dev tool to deploy Windows malware
Business continuity plans that address natural and manmade disasters can help turn a cataclysmic business event into a minor slowdown.Read More Adapting to the Security Threat of Climate Change
A new ransomware operation known as Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars in ransoms. […]Read More Meet Lorenz — A new ransomware gang targeting the enterprise
New research reveals cyber-attacks leave small businesses with big billsRead More Cyber-attacks Cost Small US Businesses $25k Annually
The operation was carried out against an organized group that used online trading platforms to swindle victims out of US$36 million
The post European police bust major online investment fraud ring appeared first on WeLiveSecurity
The head of a website that offers free cybersecurity resources tells a virtual conference what SMBs need to do to improve their maturityRead More Advice for SMBs: Focus on cybersecurity basics
Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that hits its network during late March and disrupted online services and business operations. […]Read More Insurance giant CNA fully restores systems after ransomware attack
Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client, tracked as CVE-2020-3556, that was disclosed in November. The availability of a proof-of-concept exploit code for the zero-day was confirmed by the Cisco Product Security […]
The post Cisco fixes AnyConnect Client VPN zero-day disclosed in November appeared first on Security Affairs.Read More Cisco fixes AnyConnect Client VPN zero-day disclosed in November
Data-conscious online shoppers in the US will ditch a merchant over a single lapse in data securityRead More Consumers Unforgiving of Merchants’ Data Failings
Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them.Read More Beyond MFA: Rethinking the Authentication Key
I didn’t entirely mean to focus on Apple device security for most of this week (see here and here), but new Sophos research should interest any enterprise working to enhance security awareness.Breaking bad
The research looks at 167 counterfeit apps …
Latest episode – listen now!Read More S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]
The administration, public and private sector leaders applaud the initial steps outlined but said more action needs to be taken.Read More Biden issues Executive Order to strengthen nation’s cybersecurity networks
Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows.
The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads.Read More Fresh Loader Targets Aviation Victims with Spy RATs
Data breaches from 2020 show that not much has changed over the last year: businesses continue to struggle with the basics of securing web apps, cloud deployments and educating employees
According to a new study conducted by the leading cybersecurity and compliance company Proofpoint, two-thirds of CISOs declared that their businesses are not prepared to face a targeted cyberattack. More than 1000 Chief Information Security Officers (C…Read More A New Survey Shows that Two Out of Three Global CISOs Are Not Ready to Handle a Targeted Cyberattack
For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” violators would be removed from federal procurement lists, which could kill their chances of selling their products on the commercial market.
I’m a big fan of these sorts of measures. The US government is a big enough market that vendors will try to comply with procurement regulations, and the improvements will benefit all customers of the software…Read More New US Executive Order on Cybersecurity
Since its release three years ago, IBM says DBaaS offerings have gained enormous interest from customers across multiple industries. At THINK this week, it also received several updates.
The post IBM looks to address business AI adoption challenges with AutoSQL and partner program changes first appeared on IT World Canada.Read More IBM looks to address business AI adoption challenges with AutoSQL and partner program changes
Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. […]Read More Cisco fixes 6-month-old AnyConnect VPN zero-day with exploit code
The researchers from Sophos declared that they received a tip-off relating to a fake mobile trading app, this tip leading to the discovery of a server containing “hundreds” of malicious trading, banking, foreign exchange, and cryptocurrency…Read More Fake Android and iOS Malicious Apps Might Be Stealing Your Money
It’s pretty rare that I stumble onto a new service and think, “Whoa! This is exactly what I’ve been missing. And I didn’t even know I was missing it.”Well, my fellow efficiency-obsessed earthlings, I’m ecstatic to report that that magnificent moment…Read More This smart new service brings Google Docs, Trello, and Notion together — in your inbox
On Wednesday, the White House released a statement announcing that President Biden signed an executive order aimed to strengthen the federal government’s cybersecurity defenses. The Biden administration acts on a stack of overlapping cyberattacks…Read More President Biden Signs Executive Order to Strengthen Cyber Defenses
Cybersecurity attackers follow the same principles practiced in warfare for millennia. They show up in unexpected places, seeking out portions of an organization’s attack surface that are largely unmonitored and undefended.Read More Defending the Castle: How World History Can Teach Cybersecurity a Lesson
Company Says It Will Take Several Days for Supply Chain to Return to NormalColonial Pipeline Co. announced Wednesday that it had restarted its operations following a ransomware attack last Friday. The company says it will take several days to restore a…Read More Colonial Pipeline Restarts Operations Following Attack
The Water Services Regulation Authority (better known as Ofwat) which is the UK Government’s department responsible for regulating the privatised water and sewage industry in England and Wales, said it had received 21,486 malicious emails so far this y…Read More Muddy waters. Ofwat reveals it has received 20,000 spam and phishing emails so far this year
Trust Wallet and MetaMask wallet users are being targeted in what looks like an ongoing and aggressive Twitter phishing campaign created in order to steal cryptocurrency funds. MetaMask and Trust Wallet are two of the mobile apps that allow users to cr…Read More Trust Wallet and Metamask Crypto Wallets Users Targeted by a New Scam
The ‘Send My’ exploit can use Apple’s locator service to collect and send information from nearby devices for later upload to iCloud servers.Read More Apple’s ‘Find My’ Network Exploited via Bluetooth
85% of breaches analyzed in the report involved a human elementRead More Record Number of Breaches Detected Amid #COVID19
Organizations in the aerospace and travel sectors have been targeted in the past months in a campaign aimed at infecting victims with remote access Trojans (RAT) and other types of malware, Microsoft warns.
Ofwat, the water services regulator for England and Wales, has revealed that it has received over 20,000 spam and phishing emails so far this year. The Water Services Regulation Authority (better known as Ofwat) which is the government department respo…Read More Ofwat reveals it has received 20,000 spam and phishing emails so far this year
Buying and selling goods and services with cryptocurrency has become one of the most popular financial activities among investors worldwide and that’s because a big part of these blockchain-based units has huge potential to become more valuable over th…Read More Cryptocurrency Exchange App Breakdown Led to Delayed Credits and Duplicate Orders
If your network gets infected with ransomware, follow the steps below to recover essential data: Step 1: Do not pay the ransom because there is no guarantee that the ransomware creators will give you access to your data. Step 2: Find any available back…Read More Here Are the Free Ransomware Decryption Tools You Need to Use [2021 Updated]
Query.AI officially launched on Thursday with a security investigations platform and $4.6 million in seed funding.
The funding came from ClearSky Security, DNX Ventures, and South Dakota Equity Partners, and Query.AI says it will be used to accelerate …
Automation can’t be just about running the process, but must include three important stages
In today’s digitalized business world, we tend to accept the eventuality of a cyberattack as something that just happens sometimes. But while viruses and other online dangers are almost as old as the Internet itself, that doesn’t mean they can’t be sto…Read More Threat Protection 101: What It Is and How You Can Achieve It
According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security.Read More Five Critical Password Security Rules Your Employees Are Ignoring
The best encrypted messaging apps you can (And should) use today Subtitle: Review these apps and choose the one that suits your needs Do you want to know which is the best encrypted messaging app out there and how they protect your valuable data? Then …Read More Encrypted Messaging apps – update article
The Malware Economy Why Malware Attacks Continue to Rise Why Malware as a Business is on the Rise Malware is Everywhere: A closer look at the Malware Economy How to remain safe in the malware economy. The alarming growth of malware attacks in the last …Read More The Malware Economy article (Malware as a Business)
U.K. Foreign Secretary Dominic Raab on Wednesday urged global cooperation to combat cyberattacks by “hostile state actors” and criminal gangs.
Raab also pledged 22 million pounds ($31 million) in support to “vulnerable” countries in Africa and the Indo…
Verizon’s Data Breach Investigations Report (DBIR) covers 2020 — a year like no other. Phishing, ransomware, and innovation caused big problems.Read More Verizon DBIR 2021: “Winners” No Surprise, But All-round Vigilance Essential
The tech giant has warned that the aviation and travel industry is seeing a notable increase in RAT (Remote Access Trojan) cyberattack efforts through phishing emails. A thread of information was posted by the Microsoft Security Intelligence team on th…Read More Hackers Are Now Targeting the Aviation Industry to Harvest Information, Microsoft Warns
President Joe Biden signed an ambitious executive order to dramatically improve the security of the US government networks. President Biden signed an executive order this week to improve the country’s defenses against cyberattacks, it is an important move that comes shortly after the recent wave of attacks, such as the SolarWinds supply chain attack and the […]
The post Biden signed executive order to improve the Nation’s Cybersecurity appeared first on Security Affairs.Read More Biden signed executive order to improve the Nation’s Cybersecurity
Facebook says it’s sticking up for the little guys as it picks a fight with Apple, there are testing times on the trains, and Twitter takes a tip.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” pod…Read More Smashing Security podcast #227: Phishing foul-up, Twitter tip jars, and Facebook’s Apple fury
Used in cyberattacks that can paralyze organizations, ransomware is malicious software that encrypts a computer system’s data and demands payment to restore access. To help organizations protect against ransomware attacks and recover from them if they …Read More NIST Releases Tips and Tactics for Dealing With Ransomware
10+ Free Encryption Software Tools to Protect your Data [Updated 2018] Resources: http://www.techradar.com/news/top-5-best-encryption-tools https://blogs.systweak.com/2017/09/9-best-encryption-software-for-windows/ – for Windows https://www.wire…Read More 9 Free encryption software tools to protect your data – old version +update
Top Online Scams Used by Cyber Criminals to Trick You Here are the Top Online Scams You Need to Avoid Today Subtitle: (Here’s how to avoid falling even in their best designed trap) – Or change Resources: https…Read More Online scams – articol de updatat
Protection against insider risks works when the process involves controlling the data transfer channels or examining data sources.
One approach involves preventing USB flash drives from being copied or sending them over email. The second one concerns p…
Last night, the Biden administration released an executive order on cybersecurity that includes new security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development proce…Read More New Cybersecurity Executive Order: What You Need to Know
FBI/CISA warn about the RaaS network behind the Colonial hack, Colonial restarts operations, and researchers details groups that rent the ransomware.Read More Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags
Norway-based green energy solutions provider Volue has been working on restoring systems after being targeted in a ransomware attack.
Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what’s the latest in a long list of cybercrimes capitalizing on the coronavirus pandemic.
“A new and troubling phenomen…
Wide-ranging measures win praise from industry expertsRead More Biden Executive Order Mandates Zero Trust and Strong Encryption
This week, recurring glitches on the popular cryptocurrency exchange Crypto.com caused multi-day delays for users in receiving their purchased assets. Moreover, those reattempting “declined” or “expired” transactions were charged multiple times for dup…Read More Crypto exchange glitch causes duplicate purchases, delayed credits
East coast fuel pipeline slowly resumes operationsRead More Colonial Pipeline Attackers Linked to Infamous REvil Group
Microsoft will likely abandon Windows 10X, the concept operating system that was to serve as a streamlined, simplified rival to the likes of Chrome OS, according to a recent report.”Microsoft will not be shipping Windows 10X this year and the OS as …Read More Microsoft nixes Windows 10X
CISO Bernie Cowens on Mitigating the Vulnerabilities of Critical Infrastructure FacilitiesAs former CISO of Pacific Gas & Electric, Bernie Cowens knows plenty about cybersecuring the nation’s critical infrastructure. He shares his informed opinion on t…Read More Colonial Pipeline Attack: ‘We’re Simply Unprepared’
ExtraHop finds most enterprises are running insecure SMB protocolRead More Four Year On: Two-thirds of Global Firms Still Exposed to WannaCry
FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. […]
The post US CISA and FBI publish joint alert on DarkSide ransomware appeared first on Security Affairs.Read More US CISA and FBI publish joint alert on DarkSide ransomware
Chinese tech company Xiaomi is no longer on the U.S. trade ban list, Amazon is accused of hiring and firing workers to meet a turnover quota, and Google is building a new data centre in Quebec.Read More Hashtag Trending, May 13, 2021- Xiaomi removed from trade ban list; Amazon “hire-to-fire”; new Google data centre in Quebec
Cyber security affects companies of all sizes in all sectors. Moreover, threats are constantly evolving and your legal and regulatory requirements have become major issues – particularly with the introduction of the the GDPR (General Data Protection Regulation) and NIS Directive. All of this means that regular communication between management and the board regarding cyber security is more important than ever. It’s only by discussing these issues regularly and in a formal environment that you can protect your sensitive data and company interests. As you have probably seen, failure to do that could result in staggering financial penalties. So how shouldRead More 12 cyber security questions to ask your CISO