Trending Articles

The European Space Agency Launches Hackable Satellite

Schneier on Security

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […].

The Life Cycle of a Breached Database

Krebs on Security

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

De-anonymization Story

Schneier on Security

Weekly Update 254

Troy Hunt

The plan this week was to do a super simple update whilst having some time out. In the back yard, sun shining, iPad, Air Pods, all good. Mostly all good - the sound quality on those Air Pods is absolute rubbish.

206
206

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

The Last Watchdog

Company-supplied virtual private networks (VPNs) leave much to be desired, from a security standpoint. Related: How ‘SASE’ is disrupting cloud security. This has long been the case. Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps.

VPN 173

Biden Sets Cyber Standards for Critical Infrastructure

Lohrman on Security

A new presidential directive announced that performance standards will be released for critical infrastructure operated by the public sector and private companies to bolster national cybersecurity

More Trending

What is Zero Trust Network Access (ZTNA)?

Doctor Chaos

The Information Technology (IT) industry is growing, and the technologies that are made available tend to grow in number and complexity as well. With more and more people working from home or any remote location, it’s no surprise that cybersecurity threats are becoming more prevalent.

VPN 130

How to Make Threat Detection Better?

Anton on Security

I keep coming to the same topic over and over? —?why why are we still bad at detecting threats? I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write.

Black Hat insights: How Sonrai Security uses graph analytics to visualize, mitigate cloud exposures

The Last Watchdog

Modern civilization revolves around inextricably intertwined relationships. This is why our financial markets rise and fall in lock step; why climate change is accelerating; and why a novel virus can so swiftly and pervasively encircle the planet. Related: What it will take to truly secure data lakes. Complex relationships also come into play when it comes to operating modern business networks. A lack of understanding of these relationships is a big reason why cloud breaches happen.

Ransomware Attacks Leave Lasting Damage

Security Boulevard

Organizations hit by ransomware attacks also report tightened budgets and lingering impacts on productivity, profitability and security posture, suggesting the extensive damage caused in the wake of ransomware attacks has long-lasting effects. A Keeper Security survey of 2,000 U.S.-based

I Am Parting With My Crypto Library

Schneier on Security

The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s.

10 DevOps Tools for Continuous Monitoring

CyberSecurity Insiders

Author: Dave Armlin, VP Customer Success, ChaosSearch. DevOps has become the dominant software development and deployment methodology over the past decade.

This ethical hacking course could give your cybersecurity career a boost

Tech Republic Security

Move up in the profitable field of cybersecurity by improving your ethical hacking skills

SHARED INTEL: Ramifications of 86 cities storing citizens’ data in misconfigured AWS S3 buckets

The Last Watchdog

The ethical hackers at WizCase recently disclosed another stunning example of sensitive consumer data left out in the open in the public cloud — for one and all to access. Related: How stolen data gets leveraged in full-stack attacks. This latest high-profile example of security sloppiness was uncovered by a team of white hat hackers led by Ata Hakçil.

Scams 167

Biden memo, infrastructure deal deliver cybersecurity performance goals and money

CSO Magazine

Both the Biden administration and the Congress continued their frenetic pace this week to beef up the country's digital infrastructure protections through two highly consequential and unprecedented initiatives.

CSO 111

How to thwart phone hackers

CyberSecurity Insiders

Many of you might search for tips that help in keeping phone hackers at bay. So Angus King, the member of secretive Senate Intelligence Committee, is giving advice that could help in keeping a cellphone secure and away from prying eyes.

HTML smuggling is the latest cybercrime tactic you need to worry about

Tech Republic Security

It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security

Black Hat insights: The retooling of SOAR to fit as the automation core protecting evolving networks

The Last Watchdog

In less than a decade, SOAR — security orchestration, automation and response — has rapidly matured into an engrained component of the security technology stack in many enterprises. Related: Equipping SOCs for the long haul. SOAR has done much since it entered the cybersecurity lexicon to relieve the cybersecurity skills shortage. SOAR leverages automation and machine learning to correlate telemetry flooding in from multiple security systems.

CSO Global Intelligence Report: The State of Cybersecurity in 2021

CSO Magazine

Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats , and the challenges of securing remote workers.

CSO 111

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

DarkTrace Cyber Protects Fashion retailer Ted Baker

CyberSecurity Insiders

Cyber Security firm DarkTrace that uses the technology of Artificial Intelligence to track down cyber threats is nowadays busy protecting the computer network of British Fashion retailer Ted Baker.

Retail 113

How to create a positive and effective cybersecurity environment instead of a shame culture

Tech Republic Security

You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game

Estonian Hacker Steals 300,000 Government ID Photos

Security Boulevard

Estonia’s electronic ID system was hacked last week. Again. A suspect is in custody. The post Estonian Hacker Steals 300,000 Government ID Photos appeared first on Security Boulevard.

APT group hits IIS web servers with deserialization flaws and memory-resident malware

CSO Magazine

A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET applications to deploy fileless malware.

CSO 111

AirDropped Gun Photo Causes Terrorist Scare

Schneier on Security

A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched.

178
178

Over 100 active ransomware groups are on FBI Tracking Radar

CyberSecurity Insiders

The US Federal Bureau of Investigation (FBI) has made it official that it has been tracking over 100 active ransomware groups that are busy attacking American Businesses, schools, and other organizations.

Stay safe online in 10 easy steps

Elie

Here are the ten most important steps you can take to stay safe online. Blog post

97

Cloudflare Vulnerability Enabled Compromise of 12% of All Websites

Security Boulevard

A vulnerability in the open-source cdnjs CDN could have enabled cyberattacks on the 12.7% of ALL websites that rely on its JavaScript and CSS libraries, with hackers taking over systems or propagating flaws to millions of websites.

18 new cybersecurity bills introduced as US congressional interest heats up

CSO Magazine

The series of alarming cybersecurity incidents that spurred the Biden Administration to take swift action during its first six months has also prompted the US Congress to introduce new cybersecurity bills.

CSO 110

Threat actors leaked data stolen from EA, including FIFA code

Security Affairs

Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data.

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

The Hacker News

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.

107
107

Fidelis Vulnerability and Trends Report – Q2 2021

CyberSecurity Insiders

At Fidelis Cybersecurity ® , our Threat Research team continuously monitors the current threat landscape to provide coverage and vigilance on the most menacing vulnerabilities.

Why RaaS Has Become Easier to Launch

Security Boulevard

Straight from the researchers at Intel 471 comes this pro tip for cybersecurity teams inside organizations: Being proactive about what the cybercriminal underground is learning and how it’s behaving can help you pinpoint solutions for your security needs.

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

CSO Magazine

What is D3FEND? D3FEND is a new schema released by Mitre last month to establish a common language to help cyber defenders share strategies and methods. It is a companion project to the company’s ATT&CK framework. While complementary, the two projects are very different.

CSO 106

CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines

Security Affairs

Researcher published an exploit code for a high-severity privilege escalation flaw (CVE-2021-3490) in Linux kernel eBPF on Ubuntu machines.

Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers

Tech Republic Security

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller