Schneier on Security
SEPTEMBER 10, 2020
Ross Anderson’s fantastic textbook, Security Engineering , will have a third edition. The book won’t be published until December, but Ross has been making drafts of the chapters available online as he finishes them. Now that the book is completed, I expect the publisher to make him take the drafts off the Internet. I personally find both the electronic and paper versions to be incredibly useful.
Tech Republic Security
SEPTEMBER 10, 2020
Sophisticated hackers and crooks are developing more tools to target Linux-based systems used by government and big business.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Shostack
SEPTEMBER 10, 2020
There’s been a lot of talk over the last week about “updating threat models” in light of the Tesla insider story. ( For example.) I’m getting this question a fair bit, and so wanted to talk about insiders in particular, and how to use the news in threat modeling more generally. This also is a great opportunity to think about incentives.
Tech Republic Security
SEPTEMBER 10, 2020
Demands are sharply higher, and the complexity and costs of addressing an attack are increasing, according to cyber insurance provider Coalition.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
SEPTEMBER 10, 2020
Slovak cryptocurrency exchange ETERBASE disclosed a security breach, hackers stole cryptocurrency funds worth $5.4 million. Slovak cryptocurrency exchange ETERBASE disclosed a security breach, the hackers stole Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets worth $5.4 million. The company disclosed the hack on Thursday, threat actors have stolen various cryptocurrencies from its hot wallets, it also suspended all the transactions until September 10. “Dear users, as we have informed o
Threatpost
SEPTEMBER 10, 2020
Cyberattacks have caused several school systems to delay students' first day back - and experts warn that new COVID-related delays could be the new "snow days.".
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 10, 2020
With your Android device upgraded to version 11, you'll want to get control of app permissions. Jack Wallen shows you how.
Security Affairs
SEPTEMBER 10, 2020
Equinix, one of the world’s largest providers of colocation data centers and Internet connection announced it was hit by Netwalker Ransomware. Equinix, one of the leaders in the global colocation data center market share, with 205 data centers in 25 countries on five continents, was hit by Netwalker ransomware operators. The popular cybercrime gang is demanding a $4.5 million ransom for a decryptor and to prevent the release of the stolen data.
Dark Reading
SEPTEMBER 10, 2020
While the amount will vary from organization to organization, here are four ways for everyone to evaluate whether they're allocating the right amount of money and resources.
Threatpost
SEPTEMBER 10, 2020
The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
SEPTEMBER 10, 2020
Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter - Cyber, Physical & Technology at Brit Insurance.
Threatpost
SEPTEMBER 10, 2020
A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.
WIRED Threat Level
SEPTEMBER 10, 2020
Microsoft says the GRU hacking group has attacked hundreds of organizations over the past year, many of them tied to the upcoming election.
Security Affairs
SEPTEMBER 10, 2020
Palo Alto Networks addressed critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Palo Alto Networks has released security updates to patch critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. The most severe flaw is a buffer overflow issue can be exploited by a remote, unauthenticated attacker to disrupt system processes and possibly to execute
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
SEPTEMBER 10, 2020
Five out of six brands tested by researchers would have allowed hackers to track kids—and in some cases eavesdrop on them.
Security Affairs
SEPTEMBER 10, 2020
Bluetooth 4.0 through 5.0 versions are affected by the vulnerability dubbed BLURtooth which allows hackers to defeat Bluetooth encryption. A vulnerability dubbed BLURtooth affects certain implementations of Bluetooth 4.0 through 5.0 affects “dual-mode” Bluetooth devices, like modern smartphones. The vulnerability could be exploited by attackers to overwrite or lower the strength of the pairing key, defeating the protocol encryption.
Dark Reading
SEPTEMBER 10, 2020
DevOps has taken over enterprise software development. The discipline has lessons for IT security -- here are a quick half-dozen.
Threatpost
SEPTEMBER 10, 2020
New opt-in COVID-19 Exposure Notifications Express systems baked into Apple’s iOS and available on Android need privacy guardrails, say privacy advocates.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
SEPTEMBER 10, 2020
The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.
Security Affairs
SEPTEMBER 10, 2020
ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment.
Dark Reading
SEPTEMBER 10, 2020
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
Threatpost
SEPTEMBER 10, 2020
The Linux-targeted code can steal phone-call metadata, likely in spy campaigns or for use in VoIP fraud.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
SEPTEMBER 10, 2020
US-based supplier of video delivery software solutions, SeaChange International, revealed that a ransomware attack disrupted its operations in Q1 2020. SeaChange International, a US-based supplier of video delivery software solutions, revealed that a ransomware attack has disrupted its operations during the first quarter of 2020. SeaChange’s customers include major organizations such as BBC, Cox, Verizon, AT&T, Vodafone, Direct TV, Liberty Global, and Dish Network Corporation.
Dark Reading
SEPTEMBER 10, 2020
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
SecureWorld News
SEPTEMBER 10, 2020
2020 has been a year of great change and constant adaptation to new circumstances. Organizations and their employees shifted to remote working, which has opened the door for many cybercriminals to exploit new vulnerabilities in ways they have not before. Trends of cyber insurance claims for 2020. Coalition, a cyber insurance company, recently released a report detailing the categories of cyber attacks as well as the cause behind the attacks for the first half of 2020.
Dark Reading
SEPTEMBER 10, 2020
This marks the latest step Zoom has taken to improve user security as more employees work from home.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
SEPTEMBER 10, 2020
The Cynet 360 platform is built on three pillars; Extended Detection and Response (XDR), Response Automation, and Managed Detection and Response (MDR).
The Security Ledger
SEPTEMBER 10, 2020
Modern enterprise networks are populated by both people and, increasingly, "things." But securing the growing population of Internet of Things devices presents unique challenges. In this thought leadership article, Brian Trzupek, the Senior Vice President of Emerging Markets at DigiCert discusses what is needed for effective IoT security. The post. Read the whole entry. » Related Stories With Remote Work: MFA Makes Everyone Happy How NIST Is Securing The Quantum Era The Essential Role of IA
Dark Reading
SEPTEMBER 10, 2020
Threat intelligence firm adds Nehemiah's Risk Quantifier to its platform.
Fox IT
SEPTEMBER 10, 2020
Author: Jelle Vergeer. The first part of this blog will be the story of how this tool found its way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works. Storytime. About 1½ half years ago I did an awesome Red Team like project.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
201 
Let's personalize your content