The Vote Joe app, used by the Biden 2020 Presidential campaign to better engage with voters, was found to be leaking potentially sensitive information about voters, such as their political affiliations and past voting choices.The iOS app also didn't enforce email verification which would let anybody, including non-US citizens, download the app and have

A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.On September 10th, the Duesseldorf University hospital in Germany suffered a ransomware attack after threat actors exploited a software vulnerability in "a commercial add-on software that is common in the market and used worldwi

The U.S. Department of Justice announced today charges against five Chinese nationals fort cyberattacks on more than 100 companies, some of them being attributed to state-backed hacking group APT41.APT41 is one of the oldest threat groups, known primarily for cyber-espionage operations against a variety of entities, including software developers, gaming comp

Actors behind a pill scam campaign are trying a new technique, betting on unconventional representation of URLs in spam messages to keep them undetected by email protection systems and URL block lists.In a massive campaign observed by security researchers, the operators put in some effort to ensure wider reach of their messages promoting dubious pharmaceutic

I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections.  To place the device into a restricted environment is definitively better than power

In a fast-changing world, stopping to assess your success isn’t really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to constantly improving so as to not to get caught behind the times and therefore exposed.How to Make Sure You’ve Got the Momentum You NeedI’d li

Risk management is an important element in using data to get ahead of cybersecurity risks before they happen. The costs of protecting an enterprise of any size against cyber attacks continue to rise. Once a business truly understands the consequences of an incident, its leaders must decide how to manage the risk. They can choose to accept, reduce or av

Google Chrome is adding a new feature that will make it easier for users to reset stored passwords that have been detected as compromised in data breaches.Since 2018, Apple has supported the /.well-known/change-password feature as a way for web sites to specify the page that is used to reset or change passwords on the site.This feature has been used by Safar

Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?Today, the world's biggest organizations rely on specific technology to run their daily business operations, which are supported by mission-critical applications. These applications are represented by vendors like SAP and

​A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company.As computer users become more aware and educated on standard phishing techniques and templates, threat actors need to continually evolve their methods to develop innovative ways to trick users in

University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.Established in 1994, the University Hospital is a New Jersey state-owned teaching hospital that provides medical care to residents.The hospital runs on a $626 million budget and has over 3,500 employees, 519 lice

The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices.First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president.The bipartisan legislation is backed b

While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps. Leave it to a global pandemic to disrupt industries many of us have assumed to be stalwart. Companies fortunate enough not to traffic in hard goods are realizing they can survive (and cut significant costs) by moving to w

The current top trends in security and risk management for threat-facing, disruption and the organization have been detailed at the Gartner Security and Risk Virtual Summit.Speaking at the event, research VP Peter Firstbrook pointed at “mega trends that are beyond your control,” which include: the skills gap, regulation and privacy

The importance of security culture can be seen now more than ever. Many of us work remotely; there are app concerns; and the lines between personal and business use of devices and networks are blurred, challenging our cyber resilience. Therefore, despite all the great tools, frameworks and protective measures in place, we need to ensure people are doin