Schneier on Security
DECEMBER 18, 2020
The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” This is related to the SolarWinds hack I have previously written about , and represents one of the techniques the SVR is using once it has gained access to target networks.
Krebs on Security
DECEMBER 18, 2020
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware , which the U.S.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 18, 2020
Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology. Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices.
Tech Republic Security
DECEMBER 18, 2020
Enterprise Management Associates and Pulse Secure report that 60% of organizations have accelerated their zero trust projects during the pandemic, while only 15% have slowed down.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 18, 2020
Threat actors continue to trade critical medical data in the Dark Web while organizations are involved in the response to the COVID-19 pandemic. Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. Experts from Cyble discovered in several forums on the dark web, the offer for enormous repositories of critical medical that wee stolen from multiple organizations.
Tech Republic Security
DECEMBER 18, 2020
TechRepublic spoke with email security firm Tessian's CEO Tim Sadler, who tells us how to avoid being phished or scammed during the search for perfect presents.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
DECEMBER 18, 2020
Expert pleads with companies to realize they are potential attack victims, no matter their size.
Security Affairs
DECEMBER 18, 2020
Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. Microsoft has confirmed that it was one of the companies breached in the recent SolarWinds supply chain attack, but the IT giant denied that the nation-state actors compromised its software supply-chain to infect its customers.
Tech Republic Security
DECEMBER 18, 2020
The attacks have reportedly hit the US Energy Department and the Federal Energy Regulatory Commission as well as other vital agencies and companies around the world.
Threatpost
DECEMBER 18, 2020
Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
DECEMBER 18, 2020
A cybersecurity expert suggests looking deep below the surface to find the cure for our lack of digital security.
The State of Security
DECEMBER 18, 2020
Vulnerability Description The United States Cybersecurity & Infrastructure Security Agency (CISA) has advised that an advanced persistent threat (APT) actor was able to insert sophisticated malware into officially signed and released updates to the SolarWinds network management software. The attacks have been ongoing since at least March 2020 and CISA has warned that many high-value […]… Read More.
Tech Republic Security
DECEMBER 18, 2020
Cyberattack recovery frameworks are a necessary part of cybersecurity. Learn how to develop a recovery plan that meets your company's needs.
Dark Reading
DECEMBER 18, 2020
New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
DECEMBER 18, 2020
Security research firm examines configuration of core components to spot weaknesses in PFCP and HTTP/2 protocols.
Threatpost
DECEMBER 18, 2020
The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned.
Tech Republic Security
DECEMBER 18, 2020
Expert sees improvement in attacks as well as defense technologies. He reminds businesses that all companies are potential targets.
Threatpost
DECEMBER 18, 2020
Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
DECEMBER 18, 2020
Howard University professor talks about his research in emerging technologies.
Threatpost
DECEMBER 18, 2020
Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year.
Tech Republic Security
DECEMBER 18, 2020
Howard professor says security must reach all types of networks, including IoT and ad hoc networks.
Threatpost
DECEMBER 18, 2020
"Insider threat" or "human error" shows up a lot as the major cause of data breaches across all types of reports out there. But often it's not defined, or it's not clearly defined, so people conjure up their own definition.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
DECEMBER 18, 2020
Attack on thousands of other companies as "moment of reckoning" for governments and industry, company president says.
IT Security Guru
DECEMBER 18, 2020
It may have had a negative impact on the UK economy, but COVID-19 doesn’t appear to have dampened enthusiasm for Christmas shopping. More than 70 percent of consumers intend to spend at least as much on presents this year as they have in the past. But, while this may be good news for embattled retailers, it’s even better news for opportunistic cybercriminals.
Dark Reading
DECEMBER 18, 2020
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
Acunetix
DECEMBER 18, 2020
A new Acunetix update has been released for Windows, Linux and macOS: 13.0.201217092. This Acunetix update introduces support for macOS Big Sur, ShadowRoot, and includes a substantial improvement in the handling of CSRF tokens. It also introduces the detection of web cache poisoning DoS, client-side. Read more. The post Acunetix update introduces support for macOS Big Sur, support for ShadowRoot, improved CSRF token handling, and new vulnerability checks appeared first on Acunetix.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureList
DECEMBER 18, 2020
On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a.NET module, has some really interesting and rather unique features. We spent the past days checking our own telemetry for signs of this attack, writing additional detections and making sure that our users are protected.
CompTIA on Cybersecurity
DECEMBER 18, 2020
Cybersecurity teams are developing and becoming more specialized to fill many different cybersecurity needs. There are many long-term benefits to cybersecurity specializations that you may not know about.
SecureWorld News
DECEMBER 18, 2020
Students, teachers, and parents across the country have been forced to adapt to remote learning, which can be challenging for a lot of different reasons. Students and teachers can have their connection interrupted during class, communicating essential topics and ideas is much harder, group projects are a mess, etc. The list of things that can go wrong with remote learning goes on and on.
Dark Reading
DECEMBER 18, 2020
The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
357 
Let's personalize your content