Schneier on Security
SEPTEMBER 23, 2020
A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. I think this is the first documented case of a cyberattack causing a fatality. UK hospitals had to redirect patients during the 2017 WannaCry ransomware attack , but there were no documented fatalities from that event. The police are treating this as a homicide.
Krebs on Security
SEPTEMBER 23, 2020
Tyler Technologies , a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 23, 2020
Bad actors could create or change websites and social media content to discredit this year's electoral process, cautions the FBI and CISA.
Security Affairs
SEPTEMBER 23, 2020
Samba team has released a security patch to address the Zerologon issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Samba team has released a security patch to address the Zerologon (CVE-2020-1472) issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 23, 2020
Some 85% of CISOs surveyed by Netwrix revealed that they sacrificed cybersecurity to quickly set up employees to work remotely.
Dark Reading
SEPTEMBER 23, 2020
With an increasing number of Internet-connected medical devices in use to manage diabetes, protection against a variety of wireless network attacks could very well be a matter of life and death for patients.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 23, 2020
Researchers at Qurium Media Foundation published a report that provides insight on how Sandvine DPI performs the blocking, and how it can be detected. Sandvine has during recent years become infamous for its support to Internet repressive regimes, such as Belarus, Azerbaijan, Egypt, where its DPI equipment is used to block independent media and human rights organizations.
Tech Republic Security
SEPTEMBER 23, 2020
With revenue down, CIOs are rearranging their technology spending to prioritize return to office needs and security, executives say.
Adam Shostack
SEPTEMBER 23, 2020
I joined Vin Nelsen for the Multi-Hazards podcast. If you’re looking for me to go beyond the bounds of technology threat modeling, this was, an interesting, far-ranging conversation about the state of the world. He also creates a study guide per episode — don’t miss the subtly labeled pdf there. I didn’t join in Security Is Suffering From DevOps FOMO , but they discuss my blog fight with Chris Romeo over should threat modeling be taught or caught.
Tech Republic Security
SEPTEMBER 23, 2020
The accounts are pushing games, wallpaper, and other apps designed to deploy adware scams toward iOS and Android users, says Avast.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 23, 2020
Researchers at Qurium Media Foundation analyzed the blocking implemented by four different operators in Belarus. September 23, 2020. Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses.
Tech Republic Security
SEPTEMBER 23, 2020
The study by (ISC)² also finds a global shortage of 4.07 million.
Security Affairs
SEPTEMBER 23, 2020
Russia-linked cyberespionage group APT28 uses fake NATO training documents as bait in attacks aimed at government bodies. The Russia-linked cyberespionage group APT28 is behind a string of attacks that targeting government bodies with Zebrocy Delphi malware. The malicious code was distributed using fake NATO training materials as bait and had a very low detection rate of 3/61 on VirusTotal.
Threatpost
SEPTEMBER 23, 2020
A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vulnerability.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
SEPTEMBER 23, 2020
E-commerce platform provider Shopify revealed that two members of its support staff accessed customer information without authorization. E-commerce platform provider Shopify on Tuesday confirmed that two employees of its support staff were accessing customer information without authorization. “Recently, Shopify became aware of an incident involving the data of less than 200 merchants.
Dark Reading
SEPTEMBER 23, 2020
Nation-state actors and cybercriminals could wage cyberattacks and spread false information about the integrity of the election results while officials certify the final vote counts.
Security Affairs
SEPTEMBER 23, 2020
Researchers from threat hunting and intelligence firm Group-IB have detected a successful attack by a ransomware gang tracked as OldGremlin. Group-IB , a global threat hunting and intelligence company headquartered in Singapore, has detected a successful attack by a ransomware gang, codenamed OldGremlin. The Russian-speaking threat actors are relatively new to the Big Game Hunting.
WIRED Threat Level
SEPTEMBER 23, 2020
On Day 2 of WIRED’s virtual conference, hacker Matt Mitchell cautions that law enforcement routinely trawls social media to surveil protestors.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
SEPTEMBER 23, 2020
The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet. US fitness chain Town Sports has suffered a data breach, a database belonging to the company containing the personal information of over 600,000 people was exposed on the Internet. Town Sports International Holdings is an operator of fitness centers in the Eastern United States, California and in Switzerland.
McAfee
SEPTEMBER 23, 2020
McAfee MVISION Cloud for Microsoft Teams, now offers secure guest user collaboration features allowing the security admins to not only monitor sensitive content posted in the form of messages and files within Teams but also monitor guest users joining Teams to remove any unauthorized guests joining Teams. . Working from home has become a new reality for many, as?
Dark Reading
SEPTEMBER 23, 2020
Growing geopolitical tensions with China in particular are fueling an increase in cyberattacks between the two nations, according to IntSights.
Threatpost
SEPTEMBER 23, 2020
The trojan has seen a big spike in activity since August, the Feds are warning.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
SEPTEMBER 23, 2020
The newly published Building Security in Maturity Model provides the software security basics organizations should cover to keep up with their peers.
Threatpost
SEPTEMBER 23, 2020
When it comes to patching critical flaws, industrial firms face various challenges - with some needing to shut down entire factories in order to apply updates.
Dark Reading
SEPTEMBER 23, 2020
Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google's answer to monitoring so much log data created by the distributed workforce.
NSTIC
SEPTEMBER 23, 2020
It has been seven years since the last major update to NIST’s flagship security and privacy guidance document Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. Since 2013, the publication has been accessed or downloaded from the NIST web site millions of times. This month, NIST unveiled an historic update to its security and privacy controls catalog that will provide a solid foundation for protecting organizations and systems—including the
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
SEPTEMBER 23, 2020
Azure Defender for IoT is built to help IT and OT teams discover IoT and OT assets, identify critical flaws, and detect malicious behavior.
Threatpost
SEPTEMBER 23, 2020
Credential abuse drives illicit market for in-game rare skins, special weapons and unique tools.
Dark Reading
SEPTEMBER 23, 2020
Criminals scored big with credential stuffing and web app attacks, yet many gamers seem unfazed.
Threatpost
SEPTEMBER 23, 2020
The cybercriminal group has plagued firms with ransomware, sent via spear phishing emails with COVID-19 lures, since March.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
358 
Let's personalize your content