Thu.Jan 20, 2022

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Joseph Steinberg

Zero Trust. A seemingly simple term that appears in pitches sent to me several times a day by cybersecurity product and services vendors that are seeking media exposure.

San Francisco Police Illegally Spying on Protesters

Schneier on Security

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

20 Years of SIEM: Celebrating My Dubious Anniversary

Anton on Security

20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course.

GUEST ESSAY: Here’s why EDR and XDR systems failed to curtail the ransomware wave of 2021

The Last Watchdog

Looking back, 2021 was a breakout year for ransomware around the globe, with ransoms spiking to unprecedented multi-million dollar amounts. Related: Colonial Pipeline attack ups ransomware ante. All this while Endpoint Detection and Response system (EDR) installations are at an all-time high. EDR systems are supposed to protect IT system endpoints against these very malware, ransomware, and other types of malicious code.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Microsoft RDP vulnerability makes it a breeze for attackers to become men-in-the-middle

Tech Republic Security

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance

171
171

Does Your Cyberinsurance Policy Cover Cyberwar?

Security Boulevard

Despite your best efforts to prevent it, you get hit by a massive cyberattack. Maybe it’s a data breach; maybe a ransomware attack or maybe a supply chain disruption.

More Trending

Protecting Data in the Cloud: A Work in Progress

Security Boulevard

Throughout its history, the tech industry has had to deal with constant change, increasingly complex architectures and security challenges. Security is a particularly deep well of concepts to navigate.

How to know if your email has been hacked

We Live Security

Think your email may have been hacked? Here are the signs to look for, how account takeover attacks commonly occur, and how to recover your account and avoid falling victim again. The post How to know if your email has been hacked appeared first on WeLiveSecurity. How To

Researchers Discover Dangerous Firmware-Level Rootkit

Dark Reading

MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI

20 Years of SIEM: Celebrating My Dubious Anniversary

Security Boulevard

20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Biden Broadens NSA Oversight of National Security Systems

Dark Reading

New Cybersecurity National Security Memorandum will let the spy agency "identify vulnerabilities, detect malicious threat activity and drive mitigations," agency cybersecurity director says

Cloud services now spreading Malware

CyberSecurity Insiders

Cybersecurity researchers from Cisco Talos have issued a warning that hackers are now taking help of cloud service platforms to spread malware Trojans such as Nanocore, Netwire, and AsyncRAT having ability to steal critical info from the victimized devices.

FBI links the Diavol ransomware to the TrickBot gang

Security Affairs

The Federal Bureau of Investigation (FBI) officially linked the Diavol ransomware operation to the infamous TrickBot gang. The FBI officially linked the Diavol ransomware operation to the infamous TrickBot gang , the group that is behind the TrickBot banking trojan.

NFTs – Protecting the investment

CyberSecurity Insiders

This blog was written by an independent guest blogger. Non-fungible tokens (NFTs) are the new player in the financial investment market. They’ve seen tremendous interest from a wide range of parties, whether that be institutional investors or retail hobbyists looking to find an angle.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Secure your passwords and access them anywhere with LastPass

Tech Republic Security

LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices

Apple fixes security vulnerability that allowed websites read browser data

CyberSecurity Insiders

Apple has discovered a new security flaw that allowed websites to read Safari browser data and even a user’s Google ID. And what’s concerning is that it affects all the Apple Operating System platforms including iOS 15, iPadOS 15 and newly released MacOS Monterey.

Deploy a Bitwarden server with Docker: Here's how

Tech Republic Security

Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker

Automating Response Is a Marathon, Not a Sprint

Dark Reading

Organizations should balance process automation and human interaction to meet their unique security requirements

106
106

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Conti ransomware gang started leaking files stolen from Bank Indonesia

Security Affairs

The central bank of the Republic of Indonesia, Bank Indonesia, confirmed the ransomware attack that hit it in December. Bank Indonesia confirmed that it was the victim of a ransomware attack that took place last month.

Kasada Awarded a 2021 Cybersecurity Excellence Award

Security Boulevard

Company Recognized for Easy, Effective Solution That Doesn’t Affect the Consumer Experience NEW YORK -- January 20, 2022 -- Kasada, provider of the most effective and easiest way to defend against advanced bot attacks, today announced that it has been awarded a 2021 Internet Telephony Cybersecurity Excellence Award by TMC.

Cisco StarOS flaws could allow remote code execution and information disclosure

Security Affairs

Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software.

4 Ways to Develop Your Team's Cyber Skills

Dark Reading

Organizations need to invest in professional development — and then actually make time for it

104
104

Biden signs a new Cyber Security Memorandum for National Security

CyberSecurity Insiders

Joe Biden, the President of United States, has signed a new pact meant to protect national security systems from external country cyber invasions.

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase.

IoT 102

Enterprises Are Sailing Into a Perfect Storm of Cloud Risk

Dark Reading

Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers

Risk 101

Critical OWASP Top 10 API Security Threats

Security Boulevard

It’s no secret that APIs are under attack. Companies are struggling to keep their APIs safe and secure from accidental breaches to malicious hacks. The problem will only worsen as. The post Critical OWASP Top 10 API Security Threats appeared first on Indusface.

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

The Hacker News

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines.

Why VPNs and Passwords Aren’t Enough

Security Boulevard

Sometimes it’s the littlest things that can make the biggest difference. Take passwords, for instance.

WAN report: Complexity continue to grow as more organizations close legacy data centers

Tech Republic Security

The sixth annual report from Aryaka found that IT teams are planning to invest more in 2022 but expect more transparency and control

142
142

New espionage attack by Molerats APT targeting users in the Middle East

Security Boulevard

Introduction. In December 2021, the ThreatLabz research team identified several macro-based MS office files uploaded from Middle Eastern countries such as Jordan to OSINT sources such as VT. These files contained decoy themes related to geo-political conflicts between Israel and Palestine.

A Trip to the Dark Site — Leak Sites Analyzed

The Hacker News

Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key.

Datto Acquires Cybersecurity Company Infocyte

Security Boulevard

NORWALK, Conn., January 20, 2022 — Datto Holding Corp.

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

Naked Security

Latest epsiode - listen now! Apple iOS Law & order Linux Microsoft Podcast Vulnerability Cryptography Cybercrime Loinux Naked Security Podcast Windows