Schneier on Security
NOVEMBER 1, 2021
Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog : We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic.
Krebs on Security
NOVEMBER 4, 2021
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
NOVEMBER 3, 2021
Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.
Tech Republic Security
NOVEMBER 1, 2021
Attackers will vow to publicly release the stolen data, try to delete any backups and even deploy DDoS attacks to convince victims to give in to the ransom demands, says Sophos.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
NOVEMBER 4, 2021
The Israeli cyberweapons arms manufacturer — and human rights violator , and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them. Aside from the obvious difficulties this causes, it’ll make it harder for them to buy zero-day vulnerabilities on the open market.
Krebs on Security
NOVEMBER 2, 2021
A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. “An appeal to business brothers!” reads the Oct. 22 post from Groove calling for attacks on the United States government sector.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
NOVEMBER 4, 2021
Ping Identity executive advisor Aubrey Turner warns that eager cybercriminals are ready to exploit the current chaotic state of the world, and preparation is essential going into the holidays.
Schneier on Security
NOVEMBER 3, 2021
It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands : Basically, it appears that anyone with $300 to spare can – or could, depending on whether Harvard successfully shuts down the practice — advertise nearly anything they wanted on Harvard.edu, in posts that borrow the university’s domain and prestige while making no mention of the fact that it in reality
Security Boulevard
NOVEMBER 1, 2021
It’s not just that there is a lot of data generated today; it’s how quickly that data is generated. The hourly increase in data makes meeting regulatory compliance difficult enough, but adding to the challenge is the ever-changing regulatory landscape. How do you continue to stay compliant when you are overrun with data while trying. The post Staying Current in an Ever-Changing Regulatory Landscape appeared first on Security Boulevard.
The Hacker News
NOVEMBER 1, 2021
Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
NOVEMBER 4, 2021
IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.
Schneier on Security
NOVEMBER 2, 2021
Interesting Twitter thread on how cell phone metadata can be used to identify and track people who don’t want to be identified and tracked.
Bleeping Computer
OCTOBER 31, 2021
The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. [.].
Security Boulevard
NOVEMBER 2, 2021
Trojan Source “threatens the security of all code,” screams a widely shared article. Poppycock. There’s nothing new here. The post ‘Trojan Source’ Makes Scary Headlines—But it’s Not New appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
NOVEMBER 4, 2021
The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.
Security Affairs
OCTOBER 30, 2021
MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. The list was published with the intent of raising awareness of common hardware weaknesses through CWE and educating designers and programmers on how to address them as part of the pr
Bleeping Computer
OCTOBER 30, 2021
Microsoft says Windows customers are experiencing issues with network printing after installing the Windows 11 KB5006674 and Windows 10 KB5006670 updates issued with this month's Patch Tuesday, on October 12. [.].
Security Boulevard
NOVEMBER 4, 2021
Ransomware attacks are ubiquitous, and the insurance markets are chaotic. That, at least, seems to be the state of cybersecurity and risk mitigation since the COVID-19 pandemic began. It also isn’t far from the truth: Ransomware attacks have markedly increased, placing significant pressure on insurance markets to provide organizations with affordable options to minimize risk.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
NOVEMBER 5, 2021
With cybercrime becoming more frequent and severe, there's no question that the demand for cybersecurity skills will remain high well into the future, and now you can learn them easily.
The Hacker News
NOVEMBER 4, 2021
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines.
Bleeping Computer
NOVEMBER 1, 2021
Kaspersky said today that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. [.].
Security Affairs
NOVEMBER 4, 2021
Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
NOVEMBER 5, 2021
Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.
CSO Magazine
NOVEMBER 2, 2021
Cybersecurity buzzwords and buzz phrases are a dime a dozen. Used to simplify complex terminology or boost sales and marketing campaigns, buzzwords are an inescapable reality for an innovative and fast-paced industry like information security. However, such terms are not always helpful and can be inaccurate, outdated, misleading, or even risk causing harm.
Bleeping Computer
NOVEMBER 1, 2021
The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics. [.].
Security Affairs
NOVEMBER 2, 2021
Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project. Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat actors to hide vulnerabilities in the source code of a software project. The technique could be exploited to inject stealth malware without impacting the semantics of the source code while changing its logic. “We present a new type
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
NOVEMBER 5, 2021
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.
Quick Heal Antivirus
NOVEMBER 2, 2021
What is WSL? The Windows Subsystem for Linux (WSL) is a resource inside the Windows operating system that. The post Stay Alert – Malware Authors Deploy ELF as Windows Loaders to Exploit WSL feature appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Bleeping Computer
NOVEMBER 4, 2021
The US government is targeting the DarkSide ransomware and its rebrands with up to a $10,000,000 reward for information leading to the identification or arrest of members of the operation. [.].
Threatpost
NOVEMBER 5, 2021
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
316 
Let's personalize your content