Joseph Steinberg

JANUARY 7, 2021

While much of the security-oriented focus regarding the storming of the Capitol building by protesters yesterday has rightfully been on the failure of the Capitol Police to prevent the breach of security, the country also faces a potentially serious cyber-threat as a result of the incident. Laptops, smartphones, printers, and other computing devices that were left behind in offices and other areas by elected officials, staffers, and others as they retreated from the advancing protesters all must

Cyber threats 363

Cyber threats Malware Risk Cybersecurity 363

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a d

Computers and Electronics 363

Computers and Electronics Software Engineering Accountability 363

Schneier on Security

JANUARY 7, 2021

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.” Abstract: It has become common to publish large (billion parameter) language models that have been trained on private datasets.

Internet 362

Internet Internet Cybersecurity 362

Tech Republic Security

JANUARY 5, 2021

Most successful cybercrimes leverage known human weaknesses. Isn't it time we stop getting psyched by the bad guys? Here are five steps cybersecurity pros can take now.

Cybersecurity 218

Cybersecurity Cybercrime 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Joseph Steinberg

JANUARY 4, 2021

Uninstall Adobe Flash Player From any devices on which you still have it running. Flash was once the dominant platform for rendering multimedia content in web browsers, but, as Adobe has terminated support for Flash as of the end of 2020, and, as Flash has created serious security problems in the past, now is the time to get rid of Flash once and for all.

Technology 244

Technology Mobile Internet Internet 244

Jane Frankland

JANUARY 7, 2021

Every year, around this time, I start to reflect. Chances are, you do too. Most people are starting to think about what they want for the coming year. They’re setting goals, getting clear on what they want to resolve, and embracing fresh starts and new ways of being. Personally, I love taking time between Christmas and New Year, or maybe even a little time beyond it, like I’m doing now, to think about the progress I’ve made, the lessons I’ve learnt, and what I want to accomplish in the year ahea

CISO 189

CISO Cybersecurity Education Banking 189

Tech Republic Security

JANUARY 7, 2021

People with experience in application development security are in the highest demand but cloud expertise commands the biggest paycheck.

Cybersecurity 218

Cybersecurity 218

Adam Levin

JANUARY 6, 2021

The Cyber Unified Coordination Group (UCG), a task force composed of U.S. cybersecurity, intelligence, and law enforcement agencies, announced earlier this week that Russia was “likely” responsible for the 2020 SolarWinds data breach. In a joint statement , the Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI), NSA, and FBI announced that “an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or

Government 130

Government Telecommunications Data breaches Hacking 130

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Malware 145

Malware Software Engineering Information Security 145

Schneier on Security

JANUARY 5, 2021

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points: The breach is far broader than first believed.

Hacking 322

Hacking System Administration Software Surveillance 322

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 7, 2021

Cyberattacks are inevitable. Find out why experts suggest focusing on cyber-resilience instead of piling on more cybersecurity solutions.

Cybersecurity 205

Cybersecurity 205

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into the memory of the infected machine, without writing any file to disk.

Malware 142

Malware Encryption Antivirus Passwords 142

eSecurity Planet

JANUARY 6, 2021

Forescout Research Labs last month released a 14-page white paper and a 47-page research report detailing 33 vulnerabilities affecting millions of Internet of Things (IoT), Operational Technology (OT), and IT devices. Dubbed AMNESIA:33, these newly identified vulnerabilities include four broadly used TCP/IP stacks and have left more than 150 vendors potentially compromised.

IoT 141

IoT DNS Internet Internet 141

Schneier on Security

JANUARY 4, 2021

The NSA has just declassified and released a redacted version of Military Cryptanalytics , Part III, by Lambros D. Callimahos, October 1977. Parts I and II, by Lambros D. Callimahos and William F. Friedman, were released decades ago — I believe repeatedly, in increasingly unredacted form — and published by the late Wayne Griswold Barker’s Agean Park Press.

321

321

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JANUARY 6, 2021

If you're looking for a way to easily warn your admins to use caution when working with sudo, Jack Wallen has a sure-fire method.

Passwords 193

Passwords 193

Security Affairs

JANUARY 3, 2021

Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. Below a list of top incidents: There were a number of major data breaches that took place in 2020, in many cases stolen records flooded the cybercrime underground and were used credential stuffing attacks. Below the list of top data breaches that took place in the last 12 months: May 2020 – CAM4 adult cam site leaked 11B database records including emails, private c

Data breaches 140

Data breaches Cybercrime Hacking Passwords 140

Threatpost

JANUARY 3, 2021

Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.

Mobile 136

Mobile Cybersecurity Artificial Intelligence IoT 136

Schneier on Security

JANUARY 6, 2021

This is bad : More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. […]. Installing patches removes the backdoor account, which, according to Eye Control researchers, uses the “zyfwp” username and the “PrOw!

Firewall 301

Firewall VPN Passwords Accountability 301

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JANUARY 6, 2021

A joint statement from the FBI, NSA, and other federal agencies says the cyber incident was likely Russian in origin.

Government 203

Government 203

Security Affairs

JANUARY 2, 2021

The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of ‘swatting’ attacks. The FBI has recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called “swatting” attacks. Swatting attacks consist of hoax calls made to emergency services, typically reporting an immediate threat to human life, to trigger an immediate response from law enforcement and the S.W.A.T. team to a specific

Passwords 140

Passwords Surveillance Manufacturing Accountability 140

Threatpost

JANUARY 7, 2021

Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

143

143

Schneier on Security

JANUARY 8, 2021

This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten (also known as APT 35 or OilRig) is a skilled navigator of vast online networks, maneuvering deftly across an array of organizations, including those in aerospace, energy, finance, government, hospitality, and telecommunications.

Telecommunications 201

Telecommunications Phishing Government Hacking 201

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JANUARY 8, 2021

In organizations, Apple's App Privacy data can start a conversation about privacy-respecting apps as well as help IT leaders stop the use of apps that collect more data than necessary.

156

156

Security Affairs

JANUARY 7, 2021

The Ryuk ransomware had a disruptive impact on multiple industries around the world, operators already earned more than $150 million. The Ryuk ransomware gang is one of the most prolific criminal operations that caused destruction in multiple industries around the world. According to a joint report published by security firms Advanced-intel and HYAS, Ryuk operators already earned more than $150 million worth of Bitcoin from ransom paid by their victims.

Ransomware 138

Ransomware Cryptocurrency Antivirus Banking 138

Threatpost

JANUARY 8, 2021

Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds.

Hacking 136

Hacking Government Malware 136

Dark Reading

JANUARY 6, 2021

There's a fine line between protecting against suspicious, malicious, or unwanted activity and making users jump through hoops to prove themselves.

142

142

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JANUARY 5, 2021

If you'd rather not have to enter your password every time you open the Bitwarden password manager on your mobile device, Jack Wallen shows you how to enable biometric login.

Password Management 146

Password Management Passwords Mobile 146

Security Affairs

JANUARY 7, 2021

The U.S. government is going to launch the ‘Hack the Army 3.0’ bug bounty program in collaboration with the HackerOne platform. The U.S. government launched Hack the Army 3.0, the third edition of its bug bounty program, in collaboration with the HackerOne platform. The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform.

Hacking 138

Hacking Government Cybersecurity Information Security 138

Threatpost

JANUARY 7, 2021

In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.

Software 145

Software 145

WIRED Threat Level

JANUARY 6, 2021

WikiLeaks successor DDoSecrets has amassed a controversial new collection of corporate secrets and is sharing them in the name of transparency.

Ransomware 129

Ransomware 129

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk