Mon.May 03, 2021

article thumbnail

Identifying the Person Behind Bitcoin Fog

Schneier on Security

The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of people’s bitcoins up so that it was hard to figure out where any individual coins came from. It ran for ten years. Identifying the person behind Bitcoin Fog serves as an illustrative example of how hard it is to be anonymous online in the face of a competent police investigation: Most remarkable, however, is the IRS’s account of tracking down Sterlin

article thumbnail

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

Encryption agility is going to be essential as we move forward with digital transformation. Refer: The vital role of basic research. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. But cryptography historically has been anything but agile; major advances require years, if not decades, of inspired theoretical research.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

These breached "Star Wars"-themed passwords need more than the force to save them

Tech Republic Security

Turns out, even the most sci-fi-inspired passwords still need the occasional capital letter and special character splashed in.

Passwords 198
article thumbnail

Redefining What it Means to be a Hacker with Eric Head aka todayisnew

SecurityTrails

Sitting down with Eric Head, one of the most successful bug bounty hunters, known online as todayisnew, to discuss his mindful practices and how to remain focused on your goals.

145
145
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How to set up camera privacy settings in Windows 10

Tech Republic Security

Before you can use a camera app in Windows 10 you have to allow access to the camera itself. Only then can you allow access to the app. We walk you through it.

161
161
article thumbnail

Best Security Company | Cisco Systems

SC Magazine

(Justin Sullivan/Getty Images). Cisco’s Customer Experience organization reports that 44% of support cases are resolved in a day or less and 75% successfully reduce the risk of downtime. The Cisco Secure portfolio offers three distinct advantages: First, the breadth of its products and size of Cisco’s customer base means it has a large footprint in an industry where scale matters.

DNS 145

More Trending

article thumbnail

New Panda Stealer Targets Cryptocurrency Wallets

Trend Micro

In early April, we observed a new information stealer called Panda Stealer being delivered via spam emails. Based on Trend Micro's telemetry, United States, Australia, Japan, and Germany were among the most affected countries during a recent spam wave.

article thumbnail

How to Solve the Cybersecurity Skills Gap

Security Boulevard

Understanding how to bridge the talent gap in the cybersecurity industry requires thinking beyond traditional approaches to recruiting. While there’s been progress, there is still room for organizations to evolve, which will require not only changing the way they think about hiring but the way hiring managers communicate with human resources. Yet many organizations continue.

article thumbnail

Phishing attacks imitate Wells Fargo and Chase the most

Tech Republic Security

These popular banks are being spoofed in attacks targeting people filing taxes, getting stimulus checks and ordering deliveries, says Check Point.

Phishing 142
article thumbnail

Cisco wins SC Media Award for “Best Security Company”

Cisco Security

SC Media has named Cisco the “Best Security Company” as part of its 2021 SC Awards. The SC Awards are the academy awards of the cybersecurity industry, and I couldn’t be prouder of this company, our Cisco Security team, and our amazing technology. This accolade highlights Cisco’s vision of helping customers achieve simple and integrated security. It represents years of innovation and commitment to reinventing cybersecurity in order to keep pace with the increasing demands of digital transformati

Media 138
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Most Common Causes of Data Breach and How to Prevent It

Security Affairs

Which are the most common causes of a Data Breach and how to prevent It? How can organizations prevent it? Data breaches are highly damaging and equally embarrassing for businesses and consumers. If you look at Verizon’s 2020 Data Breach Investigations Report, you can find some of the most common causes of data breaches. However, you will also be surprised to learn that most breaches result from inadequate data security measures.

article thumbnail

Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks

Bleeping Computer

Today, Apple has released security updates that fix two actively exploited iOS zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices. [.].

article thumbnail

INTERPOL aims to deal a blow to digital piracy

We Live Security

The agency’s new initiative will also warn about the high cost of the free lunch – the increased risk of malware exposure. The post INTERPOL aims to deal a blow to digital piracy appeared first on WeLiveSecurity.

Malware 131
article thumbnail

Latest MITRE EDR Evaluations Contain Some Surprises

eSecurity Planet

MITRE Engenuity last month released the latest MITRE ATT&CK evaluations of endpoint security products, and the results contain some pretty big surprises. MITRE doesn’t analyze or comment on the evaluations and instead just makes the data available for vendors and cybersecurity buyers to use as they see fit. That said, the raw numbers alone contain some interesting insights.

Antivirus 131
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

PoC exploit released for Microsoft Exchange bug dicovered by NSA

Bleeping Computer

Technical documentation and proof-of-concept exploit (PoC) code has been released for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. [.].

145
145
article thumbnail

5 things CISOs want to hear about zero trust at the RSA Conference

CSO Magazine

April showers bring May flowers … and this year’s RSA Conference. Usually there’s one topic at RSA that everyone is talking about, but this year there will likely be 3: secure access service edge ( SASE ), eXtended Detection and Response (XDR), and zero trust. In my last blog, I described 8 things security executives want to hear about XDR. This one focuses on zero trust (ZT).

CISO 125
article thumbnail

Pulse Secure fixes VPN zero-day used to hack high-value targets

Bleeping Computer

Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies. [.].

VPN 142
article thumbnail

Cyber Security Roundup for May 2021

Security Boulevard

. A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. Think Before You LinkedIn! Business social media platform LinkedIn is being exploited by nation-state threat actors to target UK citizens. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsoft reveals final plan to remove Flash Player in Windows 10

Bleeping Computer

Microsoft quietly revealed its plans to remove the Adobe Flash plugin from Windows 10, with mandatory removal starting in July 2021. [.].

Software 145
article thumbnail

Paving the way: Inspiring Women in Payments - A podcast featuring Anna-Magdalena Kohl

PCI perspectives

She started out pursuing a career in Human Resources, but soon learned it wasn’t the right fit. While pursuing her MBA, Anna-Magdalena Kohl took a chance on a work-study position at an IT security company, even though she had no formal technical training. It was a move that would define her career path. The company, in turn, took a chance on her, investing in her technical education.

Education 122
article thumbnail

A week in security (April 26 – May 2)

Malwarebytes

Last week on Malwarebytes Labs, we looked at which age range is most likely to be targeted by online predators , talked to Malwarebytes CISO John Donovan on our Lock and Code podcast , and explored the latest deepfake happenings. We also dug into a supply chain attack , discussed threats from a ransomware group , and did a deep dive on wallet recovery code scams.

Scams 115
article thumbnail

Health care giant Scripps Health hit by ransomware attack

Bleeping Computer

Nonprofit health care provider Scripps Health in San Diego is currently dealing with a ransomware attack that forced the organization to suspend user access to its online portal and switch to alternative methods for patient care operations. [.].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Tips and tactics of today's cybersecurity threat hunters

CSO Magazine

Threat hunting isn't just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm their way into the enterprise. Even if a company has no assets of interest to foreign spies, financially motivated cybercriminals can use the same access points and evasion techniques.

article thumbnail

Researchers Explore Active Directory Attack Vectors

Dark Reading

Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.

119
119
article thumbnail

Trend Micro Announces Next Generation ICS Endpoint Security Solution

Security Boulevard

Specially designed to provide cybersecurity without interruption to ICS environments DALLAS, May 3, 2021 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced a first-of-its-kind OT-native endpoint security solution, provided as part of its total security solution for smart factories. Developed by TXOne Networks, TXOne StellarProtectTM is designed to secure.

article thumbnail

Hack the Capitol returns Tuesday, as all eyes look toward critical infrastructure security

SC Magazine

An aerial view of the East Bay Municipal Utility District Wastewater Treatment Plant on April 29, 2020 in Oakland, California. (Photo by Justin Sullivan/Getty Images). Hack the Capitol is the yearly stand-alone event from ICS Village, a touring industrial security education group most often seen bringing hands-on control systems demonstrations to security conferences.

Hacking 108
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Following SolarWinds, NSA Publishes OT Security Guidance for Fed Space

Digital Guardian

To reduce malicious cyberattacks against operational technology (OT) following last year's SolarWinds attack, the National Security Agency has released evaluation methodology for network owners.

article thumbnail

Cryptocurrency Use Is on the Rise and So Are Crypto-Scams

Identity IQ

There’s no doubt about it, cryptocurrency is increasingly entering into the main fray as a currency of choice. But also on the rise are cryptocurrency-related scams. Business Insider reports that the estimated number of global crypto users has passed 100 million – and boomers are now getting drawn to bitcoin too. A report from exchange Crypto.com estimates there were 106 million crypto users around the world in January.

article thumbnail

Stanford Racism Precipitated “National Policy of Exclusion” and Internment Camps

Security Boulevard

I’ve written before how Stanford pushed virulent racism as Governor of California (1862–1863). Local racism was bad on its own. Yet here’s an example of how it also fed directly into American federal policy: In May 1912, President Woodrow Wilson wrote to a California backer: “In the matter of Chinese and Japanese coolie immigration I … Continue reading Stanford Racism Precipitated “National Policy of Exclusion” and Internment Camps ?.

105
105
article thumbnail

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. Pulse Secure has addressed a zero-day vulnerability ( CVE-2021-22893 ) in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited by threat actors in attacks against defense firms and govt agencies.

VPN 107
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.