Expert insights. Personalized for you.
The Information Technology (IT) industry is growing, and the technologies that are made available tend to grow in number and complexity as well. With more and more people working from home or any remote location, it’s no surprise that cybersecurity threats are becoming more prevalent. MORE
The series of alarming cybersecurity incidents that spurred the Biden Administration to take swift action during its first six months has also prompted the US Congress to introduce new cybersecurity bills. MORE
At Fidelis Cybersecurity ® , our Threat Research team continuously monitors the current threat landscape to provide coverage and vigilance on the most menacing vulnerabilities. MORE
To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller MORE
152 A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched. MORE
178 
A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET applications to deploy fileless malware. MORE
New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. MORE
You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game MORE
160 Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats , and the challenges of securing remote workers. MORE
Both the Biden administration and the Congress continued their frenetic pace this week to beef up the country's digital infrastructure protections through two highly consequential and unprecedented initiatives. MORE
It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security MORE
154 Estonia’s electronic ID system was hacked last week. Again. A suspect is in custody. The post Estonian Hacker Steals 300,000 Government ID Photos appeared first on Security Boulevard. MORE
Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models” Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. MORE
A vulnerability in the open-source cdnjs CDN could have enabled cyberattacks on the 12.7% of ALL websites that rely on its JavaScript and CSS libraries, with hackers taking over systems or propagating flaws to millions of websites. MORE
Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data. MORE
What is D3FEND? D3FEND is a new schema released by Mitre last month to establish a common language to help cyber defenders share strategies and methods. It is a companion project to the company’s ATT&CK framework. While complementary, the two projects are very different. MORE
Modern civilization revolves around inextricably intertwined relationships. This is why our financial markets rise and fall in lock step; why climate change is accelerating; and why a novel virus can so swiftly and pervasively encircle the planet. Related: What it will take to truly secure data lakes. Complex relationships also come into play when it comes to operating modern business networks. A lack of understanding of these relationships is a big reason why cloud breaches happen. MORE
Straight from the researchers at Intel 471 comes this pro tip for cybersecurity teams inside organizations: Being proactive about what the cybercriminal underground is learning and how it’s behaving can help you pinpoint solutions for your security needs. MORE
Company-supplied virtual private networks (VPNs) leave much to be desired, from a security standpoint. Related: How ‘SASE’ is disrupting cloud security. This has long been the case. Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps. MORE
Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. MORE
107 Researcher published an exploit code for a high-severity privilege escalation flaw (CVE-2021-3490) in Linux kernel eBPF on Ubuntu machines. MORE
The plan this week was to do a super simple update whilst having some time out. In the back yard, sun shining, iPad, Air Pods, all good. Mostly all good - the sound quality on those Air Pods is absolute rubbish. MORE
206 Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […]. MORE
The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s. MORE
A new presidential directive announced that performance standards will be released for critical infrastructure operated by the public sector and private companies to bolster national cybersecurity MORE
135 
Organizations hit by ransomware attacks also report tightened budgets and lingering impacts on productivity, profitability and security posture, suggesting the extensive damage caused in the wake of ransomware attacks has long-lasting effects. A Keeper Security survey of 2,000 U.S.-based MORE
Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. MORE
In less than a decade, SOAR — security orchestration, automation and response — has rapidly matured into an engrained component of the security technology stack in many enterprises. Related: Equipping SOCs for the long haul. SOAR has done much since it entered the cybersecurity lexicon to relieve the cybersecurity skills shortage. SOAR leverages automation and machine learning to correlate telemetry flooding in from multiple security systems. MORE
Author: Dave Armlin, VP Customer Success, ChaosSearch. DevOps has become the dominant software development and deployment methodology over the past decade. MORE
Many of you might search for tips that help in keeping phone hackers at bay. So Angus King, the member of secretive Senate Intelligence Committee, is giving advice that could help in keeping a cellphone secure and away from prying eyes. MORE
Cyber Security firm DarkTrace that uses the technology of Artificial Intelligence to track down cyber threats is nowadays busy protecting the computer network of British Fashion retailer Ted Baker. MORE
I keep coming to the same topic over and over? —?why why are we still bad at detecting threats? I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write. MORE
The ethical hackers at WizCase recently disclosed another stunning example of sensitive consumer data left out in the open in the public cloud — for one and all to access. Related: How stolen data gets leveraged in full-stack attacks. This latest high-profile example of security sloppiness was uncovered by a team of white hat hackers led by Ata Hakçil. MORE
The US Federal Bureau of Investigation (FBI) has made it official that it has been tracking over 100 active ransomware groups that are busy attacking American Businesses, schools, and other organizations. MORE
Schneier on Security
AUGUST 2, 2021
Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […].
Krebs on Security
JULY 29, 2021
Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 30, 2021
The plan this week was to do a super simple update whilst having some time out. In the back yard, sun shining, iPad, Air Pods, all good. Mostly all good - the sound quality on those Air Pods is absolute rubbish.
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.
The Last Watchdog
JULY 30, 2021
Company-supplied virtual private networks (VPNs) leave much to be desired, from a security standpoint. Related: How ‘SASE’ is disrupting cloud security. This has long been the case. Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps.
Lohrman on Security
AUGUST 1, 2021
A new presidential directive announced that performance standards will be released for critical infrastructure operated by the public sector and private companies to bolster national cybersecurity
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Doctor Chaos
AUGUST 1, 2021
The Information Technology (IT) industry is growing, and the technologies that are made available tend to grow in number and complexity as well. With more and more people working from home or any remote location, it’s no surprise that cybersecurity threats are becoming more prevalent.
Anton on Security
JULY 30, 2021
I keep coming to the same topic over and over? —?why why are we still bad at detecting threats? I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write.
The Last Watchdog
JULY 29, 2021
Modern civilization revolves around inextricably intertwined relationships. This is why our financial markets rise and fall in lock step; why climate change is accelerating; and why a novel virus can so swiftly and pervasively encircle the planet. Related: What it will take to truly secure data lakes. Complex relationships also come into play when it comes to operating modern business networks. A lack of understanding of these relationships is a big reason why cloud breaches happen.
Security Boulevard
AUGUST 1, 2021
Organizations hit by ransomware attacks also report tightened budgets and lingering impacts on productivity, profitability and security posture, suggesting the extensive damage caused in the wake of ransomware attacks has long-lasting effects. A Keeper Security survey of 2,000 U.S.-based
Schneier on Security
JULY 30, 2021
The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s.
CyberSecurity Insiders
AUGUST 1, 2021
Author: Dave Armlin, VP Customer Success, ChaosSearch. DevOps has become the dominant software development and deployment methodology over the past decade.
Tech Republic Security
JULY 30, 2021
Move up in the profitable field of cybersecurity by improving your ethical hacking skills
The Last Watchdog
JULY 27, 2021
The ethical hackers at WizCase recently disclosed another stunning example of sensitive consumer data left out in the open in the public cloud — for one and all to access. Related: How stolen data gets leveraged in full-stack attacks. This latest high-profile example of security sloppiness was uncovered by a team of white hat hackers led by Ata Hakçil.
CSO Magazine
JULY 30, 2021
Both the Biden administration and the Congress continued their frenetic pace this week to beef up the country's digital infrastructure protections through two highly consequential and unprecedented initiatives.
CyberSecurity Insiders
JULY 29, 2021
Many of you might search for tips that help in keeping phone hackers at bay. So Angus King, the member of secretive Senate Intelligence Committee, is giving advice that could help in keeping a cellphone secure and away from prying eyes.
Tech Republic Security
JULY 30, 2021
It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security
The Last Watchdog
AUGUST 2, 2021
In less than a decade, SOAR — security orchestration, automation and response — has rapidly matured into an engrained component of the security technology stack in many enterprises. Related: Equipping SOCs for the long haul. SOAR has done much since it entered the cybersecurity lexicon to relieve the cybersecurity skills shortage. SOAR leverages automation and machine learning to correlate telemetry flooding in from multiple security systems.
CSO Magazine
JULY 30, 2021
Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats , and the challenges of securing remote workers.
Schneier on Security
JULY 30, 2021
New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.
CyberSecurity Insiders
JULY 29, 2021
Cyber Security firm DarkTrace that uses the technology of Artificial Intelligence to track down cyber threats is nowadays busy protecting the computer network of British Fashion retailer Ted Baker.
Tech Republic Security
JULY 27, 2021
You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game
Security Boulevard
JULY 30, 2021
Estonia’s electronic ID system was hacked last week. Again. A suspect is in custody. The post Estonian Hacker Steals 300,000 Government ID Photos appeared first on Security Boulevard.
CSO Magazine
JULY 27, 2021
A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET applications to deploy fileless malware.
Schneier on Security
JULY 29, 2021
A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched.
CyberSecurity Insiders
JULY 27, 2021
The US Federal Bureau of Investigation (FBI) has made it official that it has been tracking over 100 active ransomware groups that are busy attacking American Businesses, schools, and other organizations.
Elie
AUGUST 1, 2021
Here are the ten most important steps you can take to stay safe online. Blog post
Security Boulevard
AUGUST 2, 2021
A vulnerability in the open-source cdnjs CDN could have enabled cyberattacks on the 12.7% of ALL websites that rely on its JavaScript and CSS libraries, with hackers taking over systems or propagating flaws to millions of websites.
CSO Magazine
JULY 27, 2021
The series of alarming cybersecurity incidents that spurred the Biden Administration to take swift action during its first six months has also prompted the US Congress to introduce new cybersecurity bills.
Security Affairs
JULY 31, 2021
Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data.
The Hacker News
JULY 27, 2021
Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.
CyberSecurity Insiders
JULY 30, 2021
At Fidelis Cybersecurity ® , our Threat Research team continuously monitors the current threat landscape to provide coverage and vigilance on the most menacing vulnerabilities.
Security Boulevard
JULY 29, 2021
Straight from the researchers at Intel 471 comes this pro tip for cybersecurity teams inside organizations: Being proactive about what the cybercriminal underground is learning and how it’s behaving can help you pinpoint solutions for your security needs.
CSO Magazine
JULY 28, 2021
What is D3FEND? D3FEND is a new schema released by Mitre last month to establish a common language to help cyber defenders share strategies and methods. It is a companion project to the company’s ATT&CK framework. While complementary, the two projects are very different.
Security Affairs
JULY 30, 2021
Researcher published an exploit code for a high-severity privilege escalation flaw (CVE-2021-3490) in Linux kernel eBPF on Ubuntu machines.
Tech Republic Security
JULY 27, 2021
To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller
Let's personalize your content