Trending Articles

How to Avoid Being Scammed When Giving Charity

Joseph Steinberg

Giving Tuesday has arrived… and, so have many criminals who seek to exploit people’s sense of generosity.

Scams 214

Intel is Maintaining Legacy Technology for Security Research

Schneier on Security

Interesting : Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email.

Will Artificial Intelligence Help or Hurt Cyber Defense?

Lohrman on Security

The world seems focused on new developments in artificial intelligence to help with a wide range of problems, including staffing shortages. But will AI help or harm security teams

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Proposed UK Law Bans Default Passwords

Schneier on Security

Following California’s lead, a new UK law would ban default passwords in IoT devices

Weekly Update 271

Troy Hunt

It's been a busy week with lots of little bits and pieces demanding my attention. Coding, IoT'ing, 3D printing and a milestone academic event for Ari: Primary school - done!

More Trending

Your engine doesn’t matter

Javvad Malik

I have flown many times in my life, but I’ve never really known the difference between a Boeing 747, 787, or whatever the numbers are. It’s not that I’m not interested in planes. I still look up in the sky when I see one flying overhead and ask myself where it’s coming from and going to. Flying is really a marvel of engineering, and it blows my mind every time I get on a flight. You can enjoy flying without being an aeroplane nerd. Airlines understand this too.

How to Proactively Remove File-Based Malware

Security Boulevard

There’s no question that the past 18 months have been challenging for technology and cybersecurity leaders. Cyberthreats have skyrocketed at a time when companies have been enabling hybrid workforce models and transforming their businesses.

Cyber insurance explained and why you need it

CSO Magazine

Cyber insurance definition.

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

Application Programming Interface. Where would we be without them? Related: Supply-chain exposures on the rise. APIs are the snippets of code that interconnect the underlying components of all the digital services we can’t seem to live without. Indeed, APIs have opened new horizons of cloud services, mobile computing and IoT infrastructure, with much more to come. Yet, in bringing us here, APIs have also spawned a vast new tier of security holes.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

The Ying Yang of Your Engine

Javvad Malik

I recently argued that I don’t really care about an aeroplane’s engine and that I only cared about the experience I have travelling on it. Some people argued with me that the engine is very important and without an engine the aeroplane won’t fly. Allow me to elaborate my thinking with the example of a road. When you’re building a road, engineering is of utmost importance.

Searching for Bugs in Open Source Code

Security Boulevard

Let’s dispel the myth first: Open source software isn’t any less secure than closed source software. However, once a vulnerability is found in an open source program, it tends to be much easier to weaponize and exploit than a vulnerability found in closed source.

FBI training document shows lawful access to multiple encrypted messaging apps

Security Affairs

Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps.

CISA issues Mobile Security Checklist and plans for Secure Email Service

CyberSecurity Insiders

All federal agencies and private sector organizations operating in United States are being urged to follow a checklist meant to protect mobile devices and was issued by the Cybersecurity and Infrastructure Security Agency (CISA).

Mobile 106

BrandPost: Women in Cybersecurity—Advancing the Conversation

CSO Magazine

NETSCOUT's Chief Security Officer, Debby Briggs, was joined by Tyler Cohen Wood for an insightful conversation with Lisa Martin from theCUBE. Tyler is a nationally recognized cyber security, intelligence, national security expert, and former Director of Cyber Risk Management for AT&T.

The Familiar Stranger

Javvad Malik

Along my journey, I cross paths with a stranger. We have never met before, and will probably never meet again. We are aware of each others presence and acknowledge each other without acknowledgement. To each other, we are familiar strangers. There are many familiar strangers, all on their own journeys. Each with their own precious cargo. Some have exquisite rings, others with grand sparkling crowns, and some have small trinkets. The familiar stranger is holding a diamond encrusted cane.

107
107

How Object Storage Can Help Fight Ransomware

Security Boulevard

No organization is immune to the proliferation of ransomware. As some recent attacks have demonstrated, even companies that aren’t directly attacked can be impacted by a major ransomware attack. And that means no organization can ignore the problem.

Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server

Security Affairs

Threat actors are exploiting the recently patched CVE-2021-40438 flaw in Apache HTTP servers, warns German Cybersecurity Agency and Cisco. Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-40438, in Apache HTTP servers.

Data leak on Panasonic Corporation servers

CyberSecurity Insiders

Panasonic Corporation, known as Matsushita Electric Industrial LTD, previously has reported that it has become a victim of a sophisticated cyber attack in which some of the critical data might have compromised.

Media 98

NCSC warns industry, academia of foreign threats to their intellectual property

CSO Magazine

CISOs of companies both small and large understand how intellectual property (IP) and company infrastructure may be targeted from one of four vectors: malevolent insiders, unscrupulous competitors, criminals, or nation states.

Paving the Road to Zero Trust With Adaptive Authentication

Dark Reading

A gradual transition to a world beyond passwords predisposes zero-trust projects to success

Improving Cybersecurity With MITRE ATT&CK Framework

Security Boulevard

In my previous blog posts, I’ve talked about the NIST CSF and another framework from the nonprofit Center for Internet Security (CIS), which has a smaller set of controls to help companies and organizations secure their environments. Now, I want to talk about the MITRE ATT&CK framework.

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L.

Ransomware threat to elders and youngsters falling for Instagram Cyber Scams

CyberSecurity Insiders

In the latest report released by Avast, it was revealed that ransomware spreading hackers were constantly targeting elderly people and youngsters were being lured into Instagram or TikTok scams.

Scams 107

Enhancing zero trust access through a context-aware security posture

CSO Magazine

As an onslaught of ransomware attacks accelerates, cybercriminal organizations are demonstrating increasing levels of sophistication and guile.

New Ransomware Variant Could Become Next Big Threat

Dark Reading

"Yanluowang" strain appears to be establishing itself in the cybercrime marketplace, experts say

Cybercriminals: Frenemies China, Russia, North Korea

Security Boulevard

The age-old adage that “Criminals crime” is proving true when it comes to the transnational cybercriminals at play.

IKEA hit by a cyber attack that uses stolen internal reply-chain emails

Security Affairs

Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails.

Two serious vulnerabilities detected on Windows 10 and Windows 11 Operating Systems

CyberSecurity Insiders

Microsoft has issued a warning to its Windows 10 and Windows 11 users against two serious zero day vulnerabilities that have to be fixed yet.

Media 106

What Is a Watering Hole Attack?

WIRED Threat Level

It's a technique that can hit thousands of victims—through no fault of their own. Security Security / Security News

91

WFH security: How to protect your remote endpoints from vulnerabilities

Tech Republic Security

Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1

125
125

How to access WordPress Files

Security Boulevard

WordPress files and folders are the heart and soul of WordPress. Here you’ll find everything from the core code of WordPress to plugin and theme files, media, and everything in between.

Media 96

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection.

Clop Ransomware targets maritime firm Swire Pacific Offshore

CyberSecurity Insiders

Clop Ransomware seems to have targeted a maritime firm this time as sensitive details related to the company operations were found on the extortion site maintained by the file encrypting malware gang.

Jumping the air gap: 15 years of nation?state effort

We Live Security

ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs.