Expert insights. Personalized for you.
All these days we have seen robots driving cars, manufacturing goods and automobiles and some doing day-to-day household chores. In coming years, we will see robots based on Artificial Intelligence teaching dance to those interested. Yes, a team of researchers led by Prof. MORE
In a previous post I talked about how security questionnaires are security theater. They were in 2018—and they still are—but pointing this out always raised the same challenge: Fine, but we have to do something. What’s the alternative? MORE
An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data. MORE
If you live in the United States and have an AT&T phone, you are almost certainly receiving SMS messages that look something like this: AT&T Free Msg: August bill is paid. Thanks, MARY! Here's a little gift for you: n9cxr[.]info/dhmxmcmBTQ info/dhmxmcmBTQ (from +1 (718) 710-0863) . MORE
Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids. MORE
Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above. MORE
106 
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. MORE
Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination. MORE
To stay a step ahead of cyber defenders, malware authors are using “exotic” programming languages—such as Go (Golang), Rust, Nim and Dlang—to evade detection and impede reverse engineering efforts. MORE
TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. MORE
By using an alternative means of authentication, you can now go passwordless on your Microsoft account MORE
The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. MORE
Office 365 and Azure Active Directory's security diagnostics are surprisingly useful tools MORE
An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use. MORE
Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty. MORE
Schools operating in whole of Britain will get a free cyber security tool for free from September last week. The tool will be rolled out in a testing phase to help the educational institutes in accessing the robustness of their cybersecurity measures. MORE
A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. MORE
Next time you find your corporate database breached, just be sure that the siphoned data might already been traded on a Telegram platform. MORE
The U.S. Department of Justice (DoJ) announced on 14 September a deferred prosecution agreement with two U.S. citizens and one former U.S. MORE
The US Cybersecurity and Infrastructure Security Agency (CISA) released a document called Risk Considerations for Managed Service Provider Customers. CISA acknowledges the role of network administrators, among others, in selecting an MSP. MORE
Ransomware is no longer just targeting low-hanging fruit, nor can good backups alone protect you. IT organizations need to create a multilayered defense that goes beyond cybersecurity to incorporate modern data management strategies, particularly for unstructured file data. MORE
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. MORE
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. MORE
In most organizations, it is common for both the CISO and CIO to have responsibilities around cybersecurity—an issue increasingly pivotal to the effective running of any modern business. Clear, defined cybersecurity ownership can prove integral to successful organizational security positioning. MORE
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Uncategorized Apple exploits patching spyware vulnerabilities MORE
It’s the eyes : The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities. MORE
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors MORE
The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News MORE
105 
It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. MORE
Social engineering definition. Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. MORE
SEPTEMBER 19, 2021
For decades, NASCIO has provided best practices for governments to learn from. This year is no different, and three finalists offer lessons for all public-sector agencies MORE
136 
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. MORE
A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research. MORE
Cybercriminals attacked with gusto in the first half of 2021 and attacks show no signs of slowing down. MORE
Schneier on Security
SEPTEMBER 17, 2021
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Uncategorized Apple exploits patching spyware vulnerabilities
Krebs on Security
SEPTEMBER 20, 2021
It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
SEPTEMBER 17, 2021
Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids.
Lohrman on Security
SEPTEMBER 19, 2021
For decades, NASCIO has provided best practices for governments to learn from. This year is no different, and three finalists offer lessons for all public-sector agencies
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance
The Last Watchdog
SEPTEMBER 20, 2021
An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.
Schneier on Security
SEPTEMBER 15, 2021
It’s the eyes : The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 19, 2021
The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal.
The Hacker News
SEPTEMBER 20, 2021
A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.
Tech Republic Security
SEPTEMBER 17, 2021
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors
Schneier on Security
SEPTEMBER 21, 2021
Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination.
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.
Krebs on Security
SEPTEMBER 16, 2021
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites.
CyberSecurity Insiders
SEPTEMBER 19, 2021
All these days we have seen robots driving cars, manufacturing goods and automobiles and some doing day-to-day household chores. In coming years, we will see robots based on Artificial Intelligence teaching dance to those interested. Yes, a team of researchers led by Prof.
CSO Magazine
SEPTEMBER 16, 2021
Social engineering definition. Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.
Security Boulevard
SEPTEMBER 15, 2021
To stay a step ahead of cyber defenders, malware authors are using “exotic” programming languages—such as Go (Golang), Rust, Nim and Dlang—to evade detection and impede reverse engineering efforts.
WIRED Threat Level
SEPTEMBER 17, 2021
The tech giants have set a troubling new precedent. Security Security / Security News
Tech Republic Security
SEPTEMBER 15, 2021
By using an alternative means of authentication, you can now go passwordless on your Microsoft account
The Hacker News
SEPTEMBER 17, 2021
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
CSO Magazine
SEPTEMBER 16, 2021
In most organizations, it is common for both the CISO and CIO to have responsibilities around cybersecurity—an issue increasingly pivotal to the effective running of any modern business. Clear, defined cybersecurity ownership can prove integral to successful organizational security positioning.
Security Boulevard
SEPTEMBER 19, 2021
Cybercriminals attacked with gusto in the first half of 2021 and attacks show no signs of slowing down.
WIRED Threat Level
SEPTEMBER 17, 2021
The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News
Tech Republic Security
SEPTEMBER 20, 2021
Office 365 and Azure Active Directory's security diagnostics are surprisingly useful tools
The Hacker News
SEPTEMBER 17, 2021
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
Daniel Miessler
SEPTEMBER 17, 2021
In a previous post I talked about how security questionnaires are security theater. They were in 2018—and they still are—but pointing this out always raised the same challenge: Fine, but we have to do something. What’s the alternative?
eSecurity Planet
SEPTEMBER 16, 2021
An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data.
Security Affairs
SEPTEMBER 15, 2021
Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty.
Security Boulevard
SEPTEMBER 18, 2021
If you live in the United States and have an AT&T phone, you are almost certainly receiving SMS messages that look something like this: AT&T Free Msg: August bill is paid. Thanks, MARY! Here's a little gift for you: n9cxr[.]info/dhmxmcmBTQ info/dhmxmcmBTQ (from +1 (718) 710-0863) .
The Hacker News
SEPTEMBER 19, 2021
Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above.
CyberSecurity Insiders
SEPTEMBER 16, 2021
Schools operating in whole of Britain will get a free cyber security tool for free from September last week. The tool will be rolled out in a testing phase to help the educational institutes in accessing the robustness of their cybersecurity measures.
CSO Magazine
SEPTEMBER 15, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) released a document called Risk Considerations for Managed Service Provider Customers. CISA acknowledges the role of network administrators, among others, in selecting an MSP.
Security Affairs
SEPTEMBER 19, 2021
A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T.
Security Boulevard
SEPTEMBER 21, 2021
Ransomware is no longer just targeting low-hanging fruit, nor can good backups alone protect you. IT organizations need to create a multilayered defense that goes beyond cybersecurity to incorporate modern data management strategies, particularly for unstructured file data.
The Hacker News
SEPTEMBER 16, 2021
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks.
CyberSecurity Insiders
SEPTEMBER 16, 2021
Next time you find your corporate database breached, just be sure that the siphoned data might already been traded on a Telegram platform.
CSO Magazine
SEPTEMBER 15, 2021
The U.S. Department of Justice (DoJ) announced on 14 September a deferred prosecution agreement with two U.S. citizens and one former U.S.
Let's personalize your content