Schneier on Security
AUGUST 9, 2021
This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization.
Troy Hunt
AUGUST 9, 2021
Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 9, 2021
I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com ,” wrote “ Mitch ,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.” Th
Lohrman on Security
AUGUST 8, 2021
Exponential increases in global cyber crime. Ransomware crippling governments and businesses. Nations ignoring cyber criminals operating on their soil. The time for international cooperation on cybersecurity is now.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
AUGUST 10, 2021
Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.
Troy Hunt
AUGUST 12, 2021
More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 9, 2021
Here's how one security operations analyst, an expert at incident reporting, began her career, collaborates with her colleagues and prioritizes incoming threats.
Schneier on Security
AUGUST 11, 2021
Cobolt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the Cobalt Strike client — also known as a Beacon — and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate.
Troy Hunt
AUGUST 13, 2021
Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things? Bad tech because it can do bad things? Or is tech just morally neutral and we need to look at it more holistically?
Bleeping Computer
AUGUST 13, 2021
A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
AUGUST 11, 2021
Even as the delta variant spreads, many people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.
Schneier on Security
AUGUST 13, 2021
The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAI’s GPT-3 platform in conjunction with other AI-as-a-service products focused on personality analysis to generate phishing emails tailored to their colleagues’ backgrounds and traits.
CyberSecurity Insiders
AUGUST 11, 2021
Yes, what you’ve ready is absolutely right! Only 5 percent of the total data and virtual files stored across the world are secure and so the Cybersecurity business is said to reach a valuation of $170.3 billion to 2023. A survey conducted by Gartner in 2019 said that 88% of companies operating worldwide were hit by a cyber attack and out of those, 51% of them experienced the incident for password steal.
Heimadal Security
AUGUST 10, 2021
A new criminal carding marketplace promoted itself by leaking data for one million credit cards that have been stolen between 2018 and 2019. Carding can be defined as the trafficking and use of stolen credit cards. Credit cards usually get stolen through point-of-sale malware, magecart attacks on websites, and by using information-stealing trojans. The credit cards are sold […].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
AUGUST 10, 2021
It's impossible to guarantee security—but nearly all organizations should take these actions to protect organizational data and systems.
eSecurity Planet
AUGUST 9, 2021
A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers. The executives said the “malvertising” campaign – which was uncovered by GeoEdge’s security research team with AdTech partners InMobi and Verve Group – came out of Ukraine and Slovenia and reached as fa
CyberSecurity Insiders
AUGUST 12, 2021
Like how the 2019 developed Corona Virus threat mutated into the latest Delta variant, a malware that was developed by hackers from Pakistan has reportedly mutated into a new nefarious variant, say experts. Security researchers from Black Lotus Labs, a business unit of US Telecom firm Lumen Technologies has discovered that a malware that was developed to target the power sectors of Afghanistan has now mutated into a more dangerous variant that could paralyze the critical infrastructure of India,
We Live Security
AUGUST 9, 2021
How peering into the innards of a future satellite can make cybersecurity in space more palatable. The post DEF CON 29: Satellite hacking 101 appeared first on WeLiveSecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
AUGUST 13, 2021
Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.
Bleeping Computer
AUGUST 7, 2021
The commonly used "net" library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how "net" treats IP addresses as decimal, even when they are provided in a mixed (octal-decimal) format, and therefore making applications vulnerable to SSRF and RFI. [.].
CyberSecurity Insiders
AUGUST 12, 2021
A French luxury brand named Chanel has apologized to all of its customers for failing to protect the information of its users from hackers. The Korean based company that is into the business of perfume and clothes selling said that the data leak took place on August 8th, 2021 and was because of a cyber attack on a cloud based data storage firm. Prima facie has revealed that the stolen data includes birth dates, customer names, gender details, password, phone numbers and shopping & payment hi
CSO Magazine
AUGUST 12, 2021
According to a ransomware survey report released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom—and another 22% declined to say whether they paid or not. Part of the reason is the lack of backups—specifically, the lack of usable backups. [ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the latest from CSO by signing up for our newsletters.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
AUGUST 9, 2021
As cybercriminals have become more aggressive, the average ransom payment in the first half of 2021 jumped to $570,000, up 82% from 2020, says Palo Alto Networks' Unit 42.
Bleeping Computer
AUGUST 7, 2021
Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [.].
Security Boulevard
AUGUST 9, 2021
In July we saw arguably one of the worst ransomware attacks in history compromise up to 1,500 businesses around the globe. Not only are these attacks worsening, but are becoming more frequent—the FBI received nearly 2,500 ransomware complaints in 2020, an increase of about 20% from 2019. This year is shaping up to be the. The post Combat Ransomware With a Bottomless Cloud Mindset appeared first on Security Boulevard.
CyberSecurity Insiders
AUGUST 10, 2021
Cybersecurity is one of the most significant threats facing virtually any industry today. While many sectors didn’t have to worry about cybercrime in the past, rapid digitization and increased connectivity have opened the door for new risks. The transportation industry is a prime example of this shift. Not long ago, the transportation sector had little need for robust cybersecurity.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
AUGUST 13, 2021
Responsibilities are complex and require different job descriptions, reduced bias and a variety of skill sets, industry leaders say.
Bleeping Computer
AUGUST 7, 2021
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. [.].
CSO Magazine
AUGUST 12, 2021
Mentioning the phrase “shadow IT” to CISOs often results in an eye-roll or a grimace. As one who spent most of his adult life within government dealing with home-based IT capabilities that far outstripped those in the office, I know this feeling. [ Learn the 5 key qualities of successful CISOs, and how to develop them and 7 security incidents that cost CISOs their jobs. | Sign up for CSO newsletters. ].
eSecurity Planet
AUGUST 10, 2021
Cybercriminals using an IP address in China are trying to exploit a vulnerability disclosed earlier this month to deploy a variant of the Mirai malware on network routers affected by the vulnerability, according to researchers with Juniper Threat Labs. In a recent blog post , the researchers said the bad actors are looking to leverage a path traversal vulnerability that could affect millions of home routers and other Internet of Things (IoT) devices that use the same code base and are manufactur
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
363 
Let's personalize your content