Schneier on Security
AUGUST 18, 2021
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision : two images that hash to the same value.
Troy Hunt
AUGUST 9, 2021
Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 19, 2021
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.
Tech Republic Security
AUGUST 23, 2021
It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
AUGUST 4, 2021
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. [.].
Security Boulevard
AUGUST 31, 2021
Microsoft Windows 11 wonāt auto-update on slightly old PCs. It appears this includes security updates. The post Windows 11 Security ScareāMS Nixes Fixes on Older PCs appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
AUGUST 12, 2021
More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path.
Krebs on Security
AUGUST 9, 2021
I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com ,” wrote “ Mitch ,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.” Th
Tech Republic Security
AUGUST 3, 2021
As more companies are considering the shift to a fully or hybrid remote workforce, accelerating plans to acquire digital and cloud services to address increasing cybersecurity risks is necessary.
Bleeping Computer
AUGUST 2, 2021
Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CSO Magazine
AUGUST 30, 2021
Enterprise-class password managers have become one of the easiest and most cost-effective ways to help employees lock down their online accounts. Most of the options were originally designed for individual users. Your organizational needs will differ wildly from security-conscious personal users, but the good news is that the key password management players all have made their solutions suitable for the business world. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 s
Schneier on Security
AUGUST 9, 2021
This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization.
Security Boulevard
AUGUST 23, 2021
Information manipulation has been around since Chinese general Sun Tzu wrote “The Art of War” in 550 BC. The Russians routinely use disinformation tactics to destabilize democracies. Events like the 2020 U.S. elections or COVID-19 vaccinations highlight how political opponents and rogue nations actively practice disinformation campaigns to undermine confidence in governments and science, sowing.
Heimadal Security
AUGUST 24, 2021
The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments. What motivates the ransomware actors to become even more […].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
AUGUST 19, 2021
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
Graham Cluley
AUGUST 21, 2021
T-Mobile has confirmed media reports from earlier this week that it had suffered a serious data breach. And it's not just existing T-Mobile users who should be alarmed, but former and prosepective customers as well.
The Hacker News
AUGUST 20, 2021
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
Schneier on Security
AUGUST 10, 2021
Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, āDo you know whatās in your software?
Bleeping Computer
AUGUST 20, 2021
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [.].
We Live Security
AUGUST 19, 2021
Ransomware payments may have greater implications than you thought ā and not just for the company that gave in to the attackersā demands. The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity.
Tech Republic Security
AUGUST 31, 2021
Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passƩ, it's time to make the leap to better security.
Security Boulevard
AUGUST 17, 2021
Corporate executives have a responsibility to ensure long-term positive outcomes for the companies they lead. One way to accomplish this is by minimizing corporate risk and protecting assets through proactive and innovative approaches to cybersecurity. Time and again, however, we have witnessed companies become unnecessary cyberattack victims. Often, these incidents are sadly due to their.
Speaker: Erika R. Bales, Esq.
When we talk about ācompliance and security," most companies want to ensure that steps are being taken to protect what they value most ā people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and itās more important than ever that safeguards are in place. Letās step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Graham Cluley
AUGUST 26, 2021
The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking US companies since November 2020. Read more in my article on the Tripwire State of Security blog.
Schneier on Security
AUGUST 3, 2021
Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted. […].
Bleeping Computer
AUGUST 19, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [.].
The Hacker News
AUGUST 20, 2021
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Tech Republic Security
AUGUST 9, 2021
Here's how one security operations analyst, an expert at incident reporting, began her career, collaborates with her colleagues and prioritizes incoming threats.
Security Boulevard
AUGUST 23, 2021
Those who manage insider threat programs just got a healthy reminder from researchers at Abnormal Security who detailed how their deployed tools detected a new insider recruitment tacticāthis time involving ransomware. Insider recruitment, be it sponsored by a nation-state, competitor or criminal enterprise, is not new. The means by which the adversary approaches the target.
CyberSecurity Insiders
AUGUST 11, 2021
Yes, what youāve ready is absolutely right! Only 5 percent of the total data and virtual files stored across the world are secure and so the Cybersecurity business is said to reach a valuation of $170.3 billion to 2023. A survey conducted by Gartner in 2019 said that 88% of companies operating worldwide were hit by a cyber attack and out of those, 51% of them experienced the incident for password steal.
Schneier on Security
AUGUST 2, 2021
Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […]. The satellite can detect and characterise any rogue emissions, enabling it to respond dynamically to accidental interference or intentional jamming.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
363 
Let's personalize your content