Schneier on Security

NOVEMBER 2, 2020

Google’s Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. The exploit doesn’t affect the cryptography, but allows attackers to escalate system privileges: Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

356

356

Troy Hunt

NOVEMBER 2, 2020

I've had this blog post in draft for quite some time now, adding little bits to it as the opportunity presented itself. In a essence, it boils down to this: people expressing their displeasure when I post about a topic they're not interested in then deciding to have a whinge that my timeline isn't tailored to their expectation of the things they'd like me to talk about.

Data breaches 349

Data breaches InfoSec Media Technology 349

Tech Republic Security

NOVEMBER 2, 2020

The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.

Data breaches 206

Data breaches Ransomware Cybersecurity 206

Security Affairs

NOVEMBER 2, 2020

The UK Information Commissioner’s Office fined US hotels group Marriott over the 2018 data breach that affected millions of customers worldwide. The UK Information Commissioner’s Office announced it has fined Marriott £18.4 million ($23.5 million) for multiple data breaches suffered by the company since 2018 that exposed the personal information of its customers. “The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal dat

Data breaches 128

Data breaches Advertising Encryption Data privacy 128

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 2, 2020

Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.

Media 217

Media Ransomware 217

Security Affairs

NOVEMBER 2, 2020

JM Bullion, the leading online bullion dealer in the United States, has disclosed a data breach, hackers stole customers’ credit card information. JM Bullion, the online retailer of products made of precious metals (i.e. gold, silver, copper, platinum, and palladium) has disclosed a data breach. JM Bullion has sent a ‘ Notice of Data Security Incident ‘ to its customers, the security breach took place on February 18, 2020, when its staff discovered a malicious script on its web

Data breaches 116

Data breaches Retail Advertising Hacking 116

Security Affairs

NOVEMBER 2, 2020

North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. North Korea-linked cyber espionage group Kimsuky (aka Black Banshee, Thallium , Velvet Chollima) was recently observed using a new malware in attacks aimed at government agencies and human rights activists.

Malware 105

Malware Spyware Advertising Government 105

WIRED Threat Level

NOVEMBER 2, 2020

You can lock down your meetings like never before—even if you have to give up a few features to do so.

Encryption 139

Encryption 139

Threatpost

NOVEMBER 2, 2020

Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.

Hacking 107

Hacking Malware 107

Security Affairs

NOVEMBER 2, 2020

Oracle issued an out-of-band security update to address a critical remote code execution issue (CVE-2020-14750) impacting multiple Oracle WebLogic Server versions. Oracle issued an out-of-band security update to address a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-14750 , which affects several versions of Oracle WebLogic Server.

Advertising 102

Advertising Authentication Passwords Hacking 102

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

NOVEMBER 2, 2020

Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.

Scams 125

Scams Hacking 125

Security Affairs

NOVEMBER 2, 2020

The Maze ransomware operators finally announced that they have officially shut down their operations and denies the creation of a cartel. Today the Maze ransomware gang announced that they have officially shut down their operations, the news was anticipated last week. The cybercrime gang announced that it will no longer leak data of new companies infected with their ransomware. it was considered one of the most prominent and active ransomware crew since it began operating in May 2019.

Ransomware 100

Ransomware Computers and Electronics Scams Cybercrime 100

CompTIA on Cybersecurity

NOVEMBER 2, 2020

Ian Clark changed careers from food service to IT in just 6 months. Here’s how he did it – and how you can, too.

121

121

SecureWorld News

NOVEMBER 2, 2020

The Maze ransomware team, a pioneer in the cybercrime space, claims it is shutting down operations. Maze gained notoriety in 2019 for stealing data from organizations and demanding ransom for the data to be returned. This made Maze unique as the operators encrypted files on a corporate network with ransomware, making them inaccessible and also extracted the data and threatened to make the data public if the ransom was not paid.

Ransomware 94

Ransomware Cybercrime Hacking Technology 94

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

NOVEMBER 2, 2020

Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.

110

110

Threatpost

NOVEMBER 2, 2020

Google Project Zero disclosed the bug before a patch becomes available from Microsoft.

121

121

Dark Reading

NOVEMBER 2, 2020

Thirteen organizations worked together to create a dictionary of techniques used to attack ML models and warn that such malicious efforts will become more common.

124

124

Threatpost

NOVEMBER 2, 2020

WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update.

111

111

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

NOVEMBER 2, 2020

Threat actor actively targeting US organizations in global intelligence-gathering campaign, government says.

Government 108

Government 108

Threatpost

NOVEMBER 2, 2020

JM Bullion fell victim to a payment-card skimmer, which was in place for five months.

Data breaches 103

Data breaches Hacking 103

Dark Reading

NOVEMBER 2, 2020

Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.

99

99

Thales Cloud Protection & Licensing

NOVEMBER 2, 2020

Strategies and Best Practices for Protecting Sensitive Data. sparsh. Tue, 11/03/2020 - 06:29. Data has been migrating from traditional data centers to third-party hosted environments, private/public cloud infrastructures and Software-as-a-Service (SaaS) applications by leaps and bounds. With this in mind, providing easy access to data for everyone (customers, partners, employees) and securing sensitive data has to be a priority.

Encryption 62

Encryption Data breaches Media Big data 62

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

NOVEMBER 2, 2020

While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.

85

85

Mitnick Security

NOVEMBER 2, 2020

As a CISO, you're always looking for the next big breakthrough to increase your organization's overall security posture. Next-generation firewalls (NGFW), intrusion prevention systems (IPS), and sophisticated anti-virus software are great, but the answer to strong cybersecurity starts with your weakest link: your employees. In fact, untrained employees are far more likely to lead to a breach than DDoS attacks or any other hacking technique.

CISO 52

CISO Cyber threats DDOS Firewall 52

Dark Reading

NOVEMBER 2, 2020

Improper access control, information disclosure, and SSRF are among the most impactful, and most awarded, security flaws found this year.

73

73

Dark Reading

NOVEMBER 2, 2020

Cybercrime scheme netted more than $100 million.

Cybercrime 95

Cybercrime 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

NOVEMBER 2, 2020

The most effective way is with employee security education.

Education 111

Education 111