Expert insights. Personalized for you.
A lot of cyber things this week: loads of data breach (or "scrape", In LinkedIn's case) incidents, Windows 11 upgrade experiences and then bricking my house courtesy of a Home Assistant update that fundamentally changed the Tuya integration. MORE
Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. MORE
A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. MORE
There has been an exponential increase in cyberattacks around the globe in the last five years and a major chunk of it happened in October each year, according to a study by InfoSec Institute. MORE
Hardware and electronics giant Acer has suffered a data breach, with hackers claiming they have stolen 60GB worth of files from the company's Indian servers. Data loss Acer data breach MORE
I had a bunch of false starts with this one. I don't know if it was just OBS or something else, but we got there after several failed attempts and me resorting to reading Gov Parson's nutty tweets until it all started working. "Nutty" MORE
New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers. MORE
154 
This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page MORE
148 
To fully digitize the last mile of business, you need to distribute compute power where it's needed most -- right next to IoT devices that collect data from the real world MORE
Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. MORE
In early October 2021, director of the NSA and U.S. Cyber Command General Paul Nakasone spoke at the 2021 Mandiant Cyber Defense Summit. In his speech, Nakasone detailed numerous ongoing influence operations and outlined how the entities he commands are tackling nation-state threats. MORE
Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4 MORE
Internet giant aims to help companies use the cloud securely and adds more security features to its productivity workspaces to better compete with Microsoft MORE
Aqua Security this week at the Kubecon + CloudNativeCon North America conference added a cloud-native detection and response (CNDR) capability to its open source Tracee software-based platform. MORE
The Missouri Department of Education website was leaking teachers’ social security numbers. A local journalist, Josh Renaud, spotted the PII flaw and reported it to the department, giving them plenty of time to fix the leak. But the state governor accused Renaud of hacking. Specifically, Gov. MORE
When it comes to technical certifications, which ones pay off so you can get that infosec job or more money for the one you're already doing MORE
Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace. MORE
This week the White House held a summit with various nations to address the threat of ransomware. Learn some of the takeaways and why certain nations were excluded MORE
140 
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. MORE
CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ [link]. MORE
Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says MORE
165 
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. MORE
It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance. MORE
253 By almost any measure, the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here’s a roundup of the numbers MORE
184 It’s a matter of going after those with deep pockets. MORE
Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild. MORE
The last update to the OWASP Top 10 Vulnerability Ranking was in late 2017. Much has changed in the cyber threat landscape since then. A fresh round of updates to reflect the kind of risks and new cyber attacks organizations are dealing with appears to be in order. MORE
Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds MORE
By Shira Sagiv, VP of Product at Radware. As employees increasingly worked remotely during the pandemic, businesses quickened their pace toward the cloud. Already, the need for application agility was driving cloud adoption. MORE
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. MORE
Some of the changes to IT environments prompted by the COVID-19 pandemic—primarily work-from-home (WFH) and cloud adoption—are here to stay and will require long-term revisions to enterprise cybersecurity strategies. MORE
110 
I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday. MORE
221 
A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer MORE
In recent years, brands have started butting up against the line between convenience and privacy. Shoppers love the convenience of personalized experiences that their data powers, but then horror stories such as the Cambridge Analytica scandal make people skeptical about how much information companies should be collecting and sharing. Related: Apple battles Facebook over consumer privacy. MORE
A new article on WNEP is reporting on experts who claim that cyber attacks are getting worse. Not surprising at the top of the list is ransomware attacks., which have made headlines, crippling healthcare computer systems, 9-1-1 centers, stopping work on gas pipelines, and more. MORE
Though the final price for a cybercriminal's services is usually negotiated, personal attacks are the most expensive, says Comparitech MORE
154 Krebs on Security
OCTOBER 14, 2021
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.
Schneier on Security
OCTOBER 15, 2021
Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
OCTOBER 11, 2021
It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.
Lohrman on Security
OCTOBER 10, 2021
By almost any measure, the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here’s a roundup of the numbers
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance
Troy Hunt
OCTOBER 9, 2021
A lot of cyber things this week: loads of data breach (or "scrape", In LinkedIn's case) incidents, Windows 11 upgrade experiences and then bricking my house courtesy of a Home Assistant update that fundamentally changed the Tuya integration.
The Last Watchdog
OCTOBER 11, 2021
Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
OCTOBER 12, 2021
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.
Security Boulevard
OCTOBER 14, 2021
In early October 2021, director of the NSA and U.S. Cyber Command General Paul Nakasone spoke at the 2021 Mandiant Cyber Defense Summit. In his speech, Nakasone detailed numerous ongoing influence operations and outlined how the entities he commands are tackling nation-state threats.
Troy Hunt
OCTOBER 15, 2021
I had a bunch of false starts with this one. I don't know if it was just OBS or something else, but we got there after several failed attempts and me resorting to reading Gov Parson's nutty tweets until it all started working. "Nutty"
Tech Republic Security
OCTOBER 11, 2021
Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.
Krebs on Security
OCTOBER 13, 2021
A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.
CSO Magazine
OCTOBER 12, 2021
To fully digitize the last mile of business, you need to distribute compute power where it's needed most -- right next to IoT devices that collect data from the real world
Security Affairs
OCTOBER 12, 2021
Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4
The Last Watchdog
OCTOBER 13, 2021
In recent years, brands have started butting up against the line between convenience and privacy. Shoppers love the convenience of personalized experiences that their data powers, but then horror stories such as the Cambridge Analytica scandal make people skeptical about how much information companies should be collecting and sharing. Related: Apple battles Facebook over consumer privacy.
Schneier on Security
OCTOBER 14, 2021
New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers.
Dark Reading
OCTOBER 12, 2021
Internet giant aims to help companies use the cloud securely and adds more security features to its productivity workspaces to better compete with Microsoft
CSO Magazine
OCTOBER 12, 2021
There has been an exponential increase in cyberattacks around the globe in the last five years and a major chunk of it happened in October each year, according to a study by InfoSec Institute.
Tech Republic Security
OCTOBER 15, 2021
This week the White House held a summit with various nations to address the threat of ransomware. Learn some of the takeaways and why certain nations were excluded
Security Affairs
OCTOBER 11, 2021
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack.
Schneier on Security
OCTOBER 14, 2021
This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page
Security Boulevard
OCTOBER 11, 2021
A new article on WNEP is reporting on experts who claim that cyber attacks are getting worse. Not surprising at the top of the list is ransomware attacks., which have made headlines, crippling healthcare computer systems, 9-1-1 centers, stopping work on gas pipelines, and more.
CSO Magazine
OCTOBER 11, 2021
Some of the changes to IT environments prompted by the COVID-19 pandemic—primarily work-from-home (WFH) and cloud adoption—are here to stay and will require long-term revisions to enterprise cybersecurity strategies.
Tech Republic Security
OCTOBER 12, 2021
Though the final price for a cybercriminal's services is usually negotiated, personal attacks are the most expensive, says Comparitech
Security Affairs
OCTOBER 9, 2021
Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49.
Schneier on Security
OCTOBER 13, 2021
It’s a matter of going after those with deep pockets.
Security Boulevard
OCTOBER 15, 2021
The Missouri Department of Education website was leaking teachers’ social security numbers. A local journalist, Josh Renaud, spotted the PII flaw and reported it to the department, giving them plenty of time to fix the leak. But the state governor accused Renaud of hacking. Specifically, Gov.
Dark Reading
OCTOBER 11, 2021
Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds
Graham Cluley
OCTOBER 15, 2021
Hardware and electronics giant Acer has suffered a data breach, with hackers claiming they have stolen 60GB worth of files from the company's Indian servers. Data loss Acer data breach
Security Affairs
OCTOBER 11, 2021
Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild.
CyberSecurity Insiders
OCTOBER 10, 2021
The last update to the OWASP Top 10 Vulnerability Ranking was in late 2017. Much has changed in the cyber threat landscape since then. A fresh round of updates to reflect the kind of risks and new cyber attacks organizations are dealing with appears to be in order.
Security Boulevard
OCTOBER 15, 2021
Aqua Security this week at the Kubecon + CloudNativeCon North America conference added a cloud-native detection and response (CNDR) capability to its open source Tracee software-based platform.
Dark Reading
OCTOBER 14, 2021
When it comes to technical certifications, which ones pay off so you can get that infosec job or more money for the one you're already doing
Tech Republic Security
OCTOBER 14, 2021
A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer
Security Affairs
OCTOBER 9, 2021
CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ [link].
CyberSecurity Insiders
OCTOBER 14, 2021
By Shira Sagiv, VP of Product at Radware. As employees increasingly worked remotely during the pandemic, businesses quickened their pace toward the cloud. Already, the need for application agility was driving cloud adoption.
Let's personalize your content