Schneier on Security
JANUARY 13, 2021
Smart commentary : …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had the ones that look like bike racks that can hook together to try to keep the crowds away from sensitive areas and, later, push back people intent on accessing the grounds.
Krebs on Security
JANUARY 13, 2021
Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 13, 2021
Risk management is more than recovery from a cyberattack. Learn how risk management can help your company discover gaps in security, as well as how to handle the fallout from a cybersecurity event.
The Last Watchdog
JANUARY 13, 2021
Today’s children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come. Related: Web apps are being used to radicalize youth. The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Levin
JANUARY 13, 2021
The data breach of the Reserve Bank of New Zealand has been attributed to the compromise of a third party file sharing service. “A third party file sharing service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information, was illegally accessed,” the bank announced in a January 11 press release.
Tech Republic Security
JANUARY 13, 2021
Now patched, the exploits took advantage of bugs in Windows, Chrome, and older versions of Android though watering hole attacks, says Google.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Thales Cloud Protection & Licensing
JANUARY 13, 2021
Data Encryption Shields the Energy Sector Against Emerging Threats. madhav. Wed, 01/13/2021 - 09:42. Security of CNI is a national security issue. The energy sector is part of the critical national infrastructure (CNI), and delivers services that are essential for modern life. According to the EU NIS Directive, these entities are Operators of Essential Services (OES) and their reliability and ability to meet consumers’ demands at all times is of national interest.
Threatpost
JANUARY 13, 2021
On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.
We Live Security
JANUARY 13, 2021
The documents related to COVID-19 vaccine and medications were stolen from the EU's medicines agency last month. The post Hackers leak stolen COVID‑19 vaccine documents appeared first on WeLiveSecurity.
The State of Security
JANUARY 13, 2021
In a previous blog, I discussed securing AWS management configurations by combating six common threats with a focus on using both the Center for Internet Security (CIS) Amazon Web Services Foundations benchmark policy along with general security best practices. Now I’d like to do the same thing for Microsoft Azure. I had the privilege of being involved […]… Read More.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
JANUARY 13, 2021
New research has dug into the openings that iOS and Android security provide for anyone with the right tools.
Security Affairs
JANUARY 13, 2021
The root cause for the hack of the New Zealand Central Bank was the Accellion FTA (File Transfer Application) file sharing service. During the weekend, the New Zealand central bank announced that a cyber attack hit its infrastructure. According to the Government organization, one of its data systems has been breached by an unidentified hacker, commercially and personally sensitive information might have been accessed by the attackers.
Threatpost
JANUARY 13, 2021
Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt.
Security Affairs
JANUARY 13, 2021
Experts discovered an Android Remote Access Trojan, dubbed Rogue , that can allow to take over infected devices and steal user data. Rogue is a new mobile RAT discovered by researchers from Check Point while investigating the activity of the darknet threat actors known as Triangulum and HeXaGoN Dev. Both actors are Android malware authors that are offering their malicious code on the darknet marketplaces.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
JANUARY 13, 2021
Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.
Digital Shadows
JANUARY 13, 2021
It’s often the case that a sequel to a great book or a remake of a once-popular TV series doesn’t. The post Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums first appeared on Digital Shadows.
WIRED Threat Level
JANUARY 13, 2021
The premise is convenient. But the e-commerce giant's privacy track record isn't exactly inspiring.
Threatpost
JANUARY 13, 2021
Watering-hole attacks executed by ‘experts’ exploited Chrome, Windows and Android flaws and were carried out on two servers.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
We Live Security
JANUARY 13, 2021
New mesh Wi-Fi routers may be the answer to your wireless signal woes, but how about your privacy and security? The post CES 2021: Router swarms invade your home (and know where you are) appeared first on WeLiveSecurity.
Dark Reading
JANUARY 13, 2021
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
Threatpost
JANUARY 13, 2021
Two security vulnerabilities -- one a privilege-escalation problem and the other a stored XSS bug -- afflict a WordPress plugin with 40,000 installs.
Dark Reading
JANUARY 13, 2021
Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Threatpost
JANUARY 13, 2021
The company announced accounts for ages 13-15 will default to privacy setting, among other safety measures.
Security Affairs
JANUARY 13, 2021
Microsoft Patch Tuesday security updates for January 2021 address 83 vulnerabilities, including a critical flaw actively exploited in the wild. Microsoft Patch Tuesday security updates for January 2021 fix 83 security vulnerabilities in multiple products, including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Office and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Malware Protection Engine,NET Core, ASP.NET, and Azure. 10 of these flaws are rated as Critical and 73 a
SecurityTrails
JANUARY 13, 2021
Learn about the most common problems that can happen to you attack surface and how to solve each of them.
Dark Reading
JANUARY 13, 2021
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Webroot
JANUARY 13, 2021
Top gaming companies positioned to be next major cyberattack target. After healthcare and higher education emerged as lucrative targets for cyberattacks in 2020, researchers have identified the video gaming industry as another key target. By scouring the dark web for stolen data belonging to any of the top 25 largest gaming firms, over a million unique and newly uploaded accounts were discovered.
Graham Cluley
JANUARY 13, 2021
Microsoft has patched a security vulnerability that was - ironically - exploiting usage of the company's own Windows security product, Microsoft Defender Antivirus.
Webroot
JANUARY 13, 2021
“It’s definitely dead,” says Tyler Moffitt, security analyst at Carbonite + Webroot, OpenText companies. “At least,” he amends, “for now.”. Maze ransomware, which made our top 10 list for Nastiest Malware of 2020 (not to mention numerous headlines throughout the last year), was officially shut down in November of 2020. The ransomware group behind it issued a kind of press release , announcing the shutdown and that they had no partners or successors who would be taking up the mantle.
SecureWorld News
JANUARY 13, 2021
As organizations around the globe continue examining their networks for tactics, techniques and procedures (TTPs) used in the SolarWinds cyberattack, something surprising is happening. Some revealed the attack TTPs were being carried out within their network even though they had not applied any of the compromised SolarWinds updates or use the SolarWinds Orion product.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
270 
Let's personalize your content