Schneier on Security
SEPTEMBER 30, 2020
Really interesting conversation with someone who negotiates with ransomware gangs: For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy and others) and even if payment is arguably unlawful, seems unlikely to be prosecuted.
Tech Republic Security
SEPTEMBER 30, 2020
ATO is the weapon of choice for fraudsters leading up to the holiday shopping season, new data from Sift shows, and consumers place account security burden on businesses.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
SEPTEMBER 30, 2020
The Swiss watchmaker giant Swatch Group shut down its systems over the weekend because it was the victim of a cyber attack. Swiss watchmaker Swatch Group shut down its IT systems in response to a cyber attack that hit its infrastructure over the weekend. The company turned off its systems to avoid other systems on its network from being infected. The Swatch Group Ltd is a Swiss manufacturer of watches and jewellery.
Tech Republic Security
SEPTEMBER 30, 2020
There are ways to maintain and even enhance your security posture even when your tech budget is under stress, according to Kaspersky.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
SEPTEMBER 30, 2020
With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help.
Tech Republic Security
SEPTEMBER 30, 2020
There's been a surge in cybersecurity activity as companies continue to operate remotely and cybercriminals look to exploit the ongoing coronavirus pandemic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CompTIA on Cybersecurity
SEPTEMBER 30, 2020
This cybersecurity awareness month, CompTIA wants to thank cybersecurity pros for ensuring information integrity.
Security Affairs
SEPTEMBER 30, 2020
More than 247,000 Microsoft Exchange servers are still vulnerable to attacks exploiting the CVE-2020-0688 RCE issue impacting Exchange Server. The CVE-2020-0688 vulnerability resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time. “Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as
Digital Shadows
SEPTEMBER 30, 2020
In the wonderful world of cyber threat intelligence and research, we often analyze the impact that cybercrime or nation-state activity. The post Recent arrests and high-profile convictions: What does it mean for the cyber threat landscape? first appeared on Digital Shadows.
Security Affairs
SEPTEMBER 30, 2020
Last week, the source code for MS Windows XP and Windows Server 2003 OSs were leaked online, now a developer successfully compiled them. Last week, the source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on the bulletin board website 4chan. This is the first time that the source code of Microsoft’s 19-year-old operating system was leaked online.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
SEPTEMBER 30, 2020
Cybersecurity leaders discuss business resiliency and identity challenges during a session at VMworld 2020.
InfoWorld on Security
SEPTEMBER 30, 2020
GitHub has made its code scanning service generally available. Based on the CodeQL semantic code analysis technology acquired from Semmle, GitHub code scanning now can be enabled in users’ public repositories to discover security vulnerabilities in their code bases. The service also supports analysis using third-party tools. GitHub code scanning is intended to run only actionable security rules by default, to help developers remain focused on the task at hand and not become overwhelmed with lin
Dark Reading
SEPTEMBER 30, 2020
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.
Threatpost
SEPTEMBER 30, 2020
The cybercrooks spread the COVID-19 relief scam via Telegram and WhatsApp, and ultimately harvest account credentials and even pics of IDs.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
SEPTEMBER 30, 2020
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.
Threatpost
SEPTEMBER 30, 2020
Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more.
Dark Reading
SEPTEMBER 30, 2020
Cyberattacker TA2552 primarily targets Spanish speakers with messages that leverage a narrow range of themes and popular brands.
Threatpost
SEPTEMBER 30, 2020
The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
SEPTEMBER 30, 2020
A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.
Threatpost
SEPTEMBER 30, 2020
Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable.
Dark Reading
SEPTEMBER 30, 2020
Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.
NSTIC
SEPTEMBER 30, 2020
NIST is once again proud to be celebrating Cybersecurity Awareness Month this October! As this year has been one of the more challenging in memory, it is imperative that we continue to remember the importance of cybersecurity across the nation and ensure that all Americans have the resources they need to be more secure online. To show our dedication to cybersecurity, we have teamed up with the National Cyber Security Alliance (NCSA) to be a 2020 Champion Organization, which means we are dedicate
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
SEPTEMBER 30, 2020
Scanner, which just became generally available, lets developers spot problems before code gets into production.
Trend Micro
SEPTEMBER 30, 2020
The recent news that XP source code has been made publicly available has been met with varied response.
Dark Reading
SEPTEMBER 30, 2020
At times, vague coverage can actually work for you.
SecureWorld News
SEPTEMBER 30, 2020
It is a common feeling in the cybersecurity community that CISOs do not sleep well at night. CISOs worry about the latest incident, end of life technology in their environment, breaches in the news, insecure users and vendors, penetration testing results, budget and resources, and the latest vulnerability report (to name a few). In fairness, this list could go on for pages since everything from delayed projects to mergers and acquisitions can become a CISO's nightmare.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
SEPTEMBER 30, 2020
As identity-as-a-service becomes the standard for enterprise identity management, upstarts and established competitors are competing to define the market's future. Participate in Omdia's IDaaS research.
Spinone
SEPTEMBER 30, 2020
What is cybersecurity? There are many definitions of this term. We can divide them into two major groups: the security infrastructure of an information system; the cyber resilience of such a system. Let’s take a look at each definition in detail. Cybersecurity is a complex of policies, processes, and tools that protect digital ecosystems from cyberattacks, unauthorized access, malicious use, and damage.
The Security Ledger
SEPTEMBER 30, 2020
The pandemic isn't the only thing shaking up development organizations. Application security is a top concern and security work is "shifting left" and becoming more intertwined with development. In this podcast, Security Ledger Editor in Chief Paul Roberts talks about it with Jonathan Hunt, Vice President of Security at the firm GitLab. The post. Read the whole entry. » Related Stories Spotlight Podcast: Taking a Risk-Based Approach to Election Security Spotlight Podcast: QOMPLX CISO Andy J
WIRED Threat Level
SEPTEMBER 30, 2020
The president’s televised encouragement of white supremacy and political violence was a reminder that social media didn’t create these problems.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
300 
Let's personalize your content