Google bans the following cryptocurrency apps for data security

If you are a cryptocurrency enthusiast and are using any of the mining apps to earn more, then this article needs your interest. Google has issued a warning to all users of cryptocurrency apps to look at its latest update that has banned few of the applications for functioning with malicious intentions by misleading innocent mobile users with ‘get rich quick’ schemes.

Therefore, the web search giant has not only issued a ban but also pulled the following applications from the play store, as they were found exploiting the user with malevolent advertisement intentions.

Daily Bitcoin Rewards that offer cloud based mining service to users to upgrade their crypto currency mining capabilities with additional processing power have been banned by Google as it was forcing users to watch ads that earned a good amount of monthly revenue to users.

Following on the list are BitFunds app, Bitcoin Miner, Bitcoin Wallet, Crypto Holic, Bitcoin 2021, MineBit Pro and Ethereum.

Cybersecurity firm Trend Micro says that the apps were found conducting espionage as well and were foxing customers by promising them they reward them with BTC, but haven’t fulfilled the objective till date.

According to Trend Micro, the said apps were seen earning monthly revenue of $115 and an additional revenue of $600 by selling the details gathered through espionage on the dark web.

What’s concerning is that the said 8 apps have already targeted over 4589 users to date and were hard to remove from the phone.

The post Google bans the following cryptocurrency apps for data security appeared first on Cybersecurity Insiders.

August 24, 2021 at 10:57AM

Read More

Ransomware tips by CISA

US Cybersecurity and Infrastructure Security Agency (CISA) has released a fact sheet that offers tips to organizations that help them prevent and respond to ransomware attacks, thus assisting them in avoiding financial loss and loosing customer trust.

Foremost tip is to avoid paying a ransom under all circumstances as it not only encourages crime but also doesn’t guarantee a return of the decryption key for sure.

Second, organizations should well in advance take adequate proactive measures that help them guard against falling victim to ransomware attacks. The measures include taking encrypted backups of data from time to time, maintaining them offline and online, and having a business continuity plan, keeping their software updated with the latest fixes, and configuring devices on a regular note.

For organizations that house sensitive information, they should maintain an inventory of data and ensure that it is well encrypted and is driven by regular security audits. Also, a procedure that enables data breach response and notification should also be followed, along with an incident response and communication plan if any untoward occurs.

If a ransomware strikes organizations, then the business should take measures to secure the network and stop any additional loss of data to hackers.

CISA is recommending victims to take a system image and memory captures of the affected devices and inform the law enforcement such as FBI about the incident and must notify their customers that their data has been exposed and might be misused.

Finally, the ransomware fact sheet released by the CISA concludes with some general information that points towards ransomware incident and response.

The post Ransomware tips by CISA appeared first on Cybersecurity Insiders.

August 24, 2021 at 10:55AM

Read More

Top Cybersecurity Podcasts

Keeping up with the latest cybersecurity industry news and information can be a challenge all on its own. Listening to podcasts is a great way to stay up to date while you’re on the go, or even while you’re working. The (ISC)² team has gathered a collection of top cybersecurity podcasts that support our vision of inspiring a safe and secure cyber world. The cybersecurity experts featured below provide timely industry updates and other insights via engaging conversational platforms.

 

Top Cybersecurity Podcasts

 

Cyber Security Interviews

Personal conversations with cybersecurity experts working in the field today.

20-60 minutes l Google Podcasts, Apple Podcasts, Spotify

 

Cyber Security Today – IT World Canada

Updates on the latest cyber security threats to businesses, data breach disclosures, and security.

3-30 minutes l RSS, Google Podcasts, Apple Podcasts

 

Data Breach Today Podcast – Data Breach Today

Insightful audio interviews with data breach/security leading practitioners and thought leaders.

10-30 minutes l Apple Podcasts

 

Security Now – TWIT

Weekly conversations surrounding hot topics in security today.

1-2 hours l RSS, Google Podcasts, Apple Podcasts, Spotify

 

Security Weekly News – Security Weekly

Bi-weekly information security news including threats, vulnerabilities, and breaches.

30 minutes l RSS, Google Podcasts, Apple Podcasts

 

Shared Security Podcast – Shared Security

Privacy for shared security including social media, smart devices, applications and IoT.

20-30 minutes l RSS, Google Podcasts, Apple Podcasts, Spotify

 

Smashing Security – Graham Cluley

Covering weekly tech news with comedy.

45 minutes – 1 hour l RSS, Google Podcasts, Apple Podcasts, Spotify

 

Social-Engineer Podcast – Security Through Education

Security experts and guests discuss human behavior and its implications for information security.

45 minutes – 1 hour l RSS, Google Podcasts, Apple Podcasts, Spotify

 

Speakeasy Security – ESET

Offering prescriptive advice to everyday internet users in a less technical and more accessible manner.

20-30 minutes l RSS, Google Podcasts, Apple Podcasts, Spotify

 

The Cyberlaw Podcast

Weekly interview series and discussion on the latest events in technology, security, privacy, and government.

45 minutes – 2 hours l RSS, Google Podcasts, Apple Podcasts, Spotify

 

The CyberWire Daily Podcast – Cyberwire Daily

Cybersecurity news and analysis including interviews from experts in academia and research organizations.

25-30 minutes l RSS, Google Podcasts, Apple Podcasts, Spotify

 

Unsupervised Learning – Daniel Miessler

Exploring the intersection of security, technology, and society.

3-30 minutes l Apple Podcasts, Spotify

 

We recommend incorporating a listening format into your continuing education practice. This easy-to-consume way of information gathering is a great way to boost or switch up your weekly routine, plus keep up with your CPE requirements! Simply put on a pair of headphones or gear up your smart speakers to increase your knowledge while performing household chores or on evening walks. By following along with industry leaders, you can improve your daily decision-making processes, knowing that you have the latest industry information.

 

If you have a cybersecurity podcast recommendation, please share it in the comments or tweet it to us @ISC2!

The post Top Cybersecurity Podcasts appeared first on Cybersecurity Insiders.

August 24, 2021 at 09:10AM

Read More

2021 Q3 Updates from Our Chairperson and CEO: Membership Milestones and More

To provide transparency with the association, (ISC)² provides a quarterly update for members and candidates where we report on the latest developments at (ISC)². Following our board meetings, our CEO, Clar Rosso, and (ISC)² Board of Directors Chairperson, Zachary Tudor, CISSP, recap the latest association developments.

The 2021 Q3 update included membership milestones (including 10,000 CCSP members worldwide!), association accreditations and new executive leadership announcements focused on member benefits and advocacy. Zach and Clar also discuss what (ISC)² is doing to continue to address global diversity, equity and inclusion in cybersecurity, as well as the workforce gap. 

You can view previous quarterly updates, as well as the latest Q3 update at https://www.isc2.org/Membership/ISC2-Insights.

The post 2021 Q3 Updates from Our Chairperson and CEO: Membership Milestones and More appeared first on Cybersecurity Insiders.

August 23, 2021 at 09:09PM

Read More

Lockfile Ransomware hackers again targeting Microsoft Exchange Server Vulnerability

LockFile Ransomware hackers are again seen targeting vulnerabilities that were officially patched by Microsoft in March 2021. And news is out that the said file encrypting malware has already targeted some well-known companies belonging to manufacturing, finance engineering and tourism sector operating in US and Asia on a specific note.

Researchers from Cybersecurity firm Symantec were the first to detect such malicious activity on the web and have released an alert to all companies across the globe, saying that the situation might deteriorate and turn worse if the IT staff and CTOs do not pay attention.

Kevin Beaumont, the former staff member of Microsoft, was the first to alert the world on this issue and, based on his warning, Symantec reiterated the exchange server hack cautionary as a fact in its latest media update.

Therefore, all those using Microsoft Exchange Servers (on premise and not the cloud based Office 365) should be cautious about the remote code execution vulnerabilities say experts and this includes 8 federal organizations working for the US Government and includes systems running for Department of Homeland Security’s Cybersecurity and Infrastructure Security shortly known as CISA.

Mr. Beaumont has released an online tool to allow email exchange servers to scan for Exchange Server vulnerability 2021 and the National Computer Emergency Response Team in Austria has become the first user to scan so.

Meanwhile, CISA has reacted to the LockFile Ransomware threat and is urging companies to update their Exchange Servers software with the May 2021 released fix that remediates three Proxyshell Vulnerabilities that prevent them from falling prey to Microsoft exchange server hack 2021.

The post Lockfile Ransomware hackers again targeting Microsoft Exchange Server Vulnerability appeared first on Cybersecurity Insiders.

August 23, 2021 at 08:48PM

Read More

Details of US State Department Cyber Attack

The US Department of Defense Cyber Command has disclosed in a tweet that the US State Department was hit by a cyber attack, just a couple of weeks ago, hinting at a serious data breach.

However, for security reasons, the source did not reveal the nature of the attack and its impact on the operations taken up by the state department.

Cybersecurity Insiders has learnt that the attack could have taken place in the first week of August and a state funded hacking gang seems to be behind the incident.

The interesting part of the incident is that the US State Department has specifically clarified in a tweet that the incident did not impact ‘Operation Allies Refuge’ program aka the ongoing evacuation program of Americans and Afghans from Afghanistan.

Fox News was the first news resource to report about the United States State Department Cyber Attack and added in its report that the federal agency has taken all appropriate security measures to safeguard the info of its users from hereon.

Note 1- By the late hours of Sunday, Reuter’s news agency came up with a report condemning the news and stated that the US state department website has not experienced any significant disruptions and had no operations impeded with ransomware- as report by a news agency in the afternoon of August 22nd, 2021.

Note 2- A Bipartisan report released by the Homeland Security and Government affairs committee states that none of the US Feds 8 agencies are found following the basic cybersecurity standards and protocols that are needed to secure the data of Americans…..strange!

The post Details of US State Department Cyber Attack appeared first on Cybersecurity Insiders.

August 23, 2021 at 10:32AM

Read More

Cyber Attacks on Global Education Sector witness a jump

According to a study by Check Point Software, there has been an increase in cyber attacks on the Education Sector operating across the world. And the survey confirmed that the education sector operating in United States, UK, Israel, India and Italy were deeply affected from January to July this year.

Educators have become vulnerable to cyber attacks, especially when most of the classes are being held online because of the fast spread of Corona Virus Pandemic. As most teachers and students are failing to understand the underlying threats in the cyber landscape, they are falling as easy prey to hackers, who are then seen exploiting the entire school or university network through PCs of students & teaching staff.

Also in another survey carried out by Israel Manufacturers Association, it was revealed every one in four Israeli companies were hit by cyber attacks in 2020, fetching a total loss of $1bilion in revenue to companies.

Lior Frenkel, the CEO of Waterfall Security, stated that the survey results show how ill prepared is the Israel’s Industrial Sector, although country is the top nation in developing products and services related to Cybersecurity.

Training school and college staff to thwart most sophisticated cyber threats, keeping the software up to date, installing threat monitoring solutions such as anti-malware and anti-virus software, following basic cyber hygiene like creating strong passwords, and avoid clicking email links sent by unknown senders can help protecting the network and data of students and staff of educational institutes say experts.

The post Cyber Attacks on Global Education Sector witness a jump appeared first on Cybersecurity Insiders.

August 23, 2021 at 10:31AM

Read More