Trending Articles

Zero-Click iMessage Exploit

Schneier on Security

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Uncategorized Apple exploits patching spyware vulnerabilities

Does Your Organization Have a Security.txt File?

Krebs on Security

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks.

Retail 189
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Weekly Update 261

Troy Hunt

Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids.

For Gov Tech Cyber Best Practices, See the 2021 NASCIO Awards

Lohrman on Security

For decades, NASCIO has provided best practices for governments to learn from. This year is no different, and three finalists offer lessons for all public-sector agencies

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

The Last Watchdog

An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Identifying Computer-Generated Faces

Schneier on Security

It’s the eyes : The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities.

Media 205

More Trending

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal.

A New Wave of Malware Attack Targeting Organizations in South America

The Hacker News

A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.

Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says

Tech Republic Security

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors

Alaska’s Department of Health and Social Services Hack

Schneier on Security

Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Krebs on Security

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites.

DDOS 179

Learn dance from Artificial Intelligence AI based Robots

CyberSecurity Insiders

All these days we have seen robots driving cars, manufacturing goods and automobiles and some doing day-to-day household chores. In coming years, we will see robots based on Artificial Intelligence teaching dance to those interested. Yes, a team of researchers led by Prof.

Numando: A New Banking Trojan Targeting Latin American Users

The Hacker News

Social engineering explained: How criminals exploit human behavior

CSO Magazine

Social engineering definition. Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.

Behavior-Based Detection Can Stop Exotic Malware

Security Boulevard

To stay a step ahead of cyber defenders, malware authors are using “exotic” programming languages—such as Go (Golang), Rust, Nim and Dlang—to evade detection and impede reverse engineering efforts.

Apple and Google Go Further Than Ever to Appease Russia

WIRED Threat Level

The tech giants have set a troubling new precedent. Security Security / Security News

105
105

You can now eliminate the password for your Microsoft account

Tech Republic Security

By using an alternative means of authentication, you can now go passwordless on your Microsoft account

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

The Hacker News

A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.

How CISOs and CIOs should share cybersecurity ownership

CSO Magazine

In most organizations, it is common for both the CISO and CIO to have responsibilities around cybersecurity—an issue increasingly pivotal to the effective running of any modern business. Clear, defined cybersecurity ownership can prove integral to successful organizational security positioning.

CISO 113

Ransomware Attacks Growing More Sophisticated

Security Boulevard

Cybercriminals attacked with gusto in the first half of 2021 and attacks show no signs of slowing down.

Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

WIRED Threat Level

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News

105
105

How to see who is trying to break into your Office 365 and what they're trying to hack

Tech Republic Security

Office 365 and Azure Active Directory's security diagnostics are surprisingly useful tools

New Malware Targets Windows Subsystem for Linux to Evade Detection

The Hacker News

A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.

It’s Time for Vendor Security 2.0

Daniel Miessler

In a previous post I talked about how security questionnaires are security theater. They were in 2018—and they still are—but pointing this out always raised the same challenge: Fine, but we have to do something. What’s the alternative?

Risk 147

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data.

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty.

AT&T Free Msg: You know you shouldn’t click … so we did it for you!

Security Boulevard

If you live in the United States and have an AT&T phone, you are almost certainly receiving SMS messages that look something like this: AT&T Free Msg: August bill is paid. Thanks, MARY! Here's a little gift for you: n9cxr[.]info/dhmxmcmBTQ info/dhmxmcmBTQ (from +1 (718) 710-0863) .

Google to Auto-Reset Unused Android App Permissions for Billions of Devices

The Hacker News

Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above.

106
106

British schools to get free cybersecurity accessing tool

CyberSecurity Insiders

Schools operating in whole of Britain will get a free cyber security tool for free from September last week. The tool will be rolled out in a testing phase to help the educational institutes in accessing the robustness of their cybersecurity measures.

How to find a security-savvy MSP

CSO Magazine

The US Cybersecurity and Infrastructure Security Agency (CISA) released a document called Risk Considerations for Managed Service Provider Customers. CISA acknowledges the role of network administrators, among others, in selecting an MSP.

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T.

Ransomware Defense: The File Data Factor

Security Boulevard

Ransomware is no longer just targeting low-hanging fruit, nor can good backups alone protect you. IT organizations need to create a multilayered defense that goes beyond cybersecurity to incorporate modern data management strategies, particularly for unstructured file data.

Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects

The Hacker News

Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks.

Risk 114

Telegram becomes a hub for hackers buying stolen data

CyberSecurity Insiders

Next time you find your corporate database breached, just be sure that the siphoned data might already been traded on a Telegram platform.

3 former US intel officers turned cyber mercenaries plead guilty: An insider threat case study

CSO Magazine

The U.S. Department of Justice (DoJ) announced on 14 September a deferred prosecution agreement with two U.S. citizens and one former U.S.