Schneier on Security
MARCH 26, 2021
Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger problem in the near future.
Troy Hunt
MARCH 26, 2021
This ?????? DAC! I mean it's a lovely device, but it's just impossible to use it as an audio source in the browser without it killing the camera. I'm very close to being out of ideas right now, only remaining thing I can think of is to set everything up on the laptop and see if it suffers a similar fate to what's happening on my desktop. The last thing I feel like doing now is burning more precious hours, but it's getting to that point.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Shostack
MARCH 26, 2021
Microsoft AutoUpdate for Mac has gotten exceptionally aggressive about running. Even if you use launchctl to disable it, you get a pop up roughly every 15 minutes of using an Office program. That’s probably a good thing, overall. There’s plenty of evidence that update failures leave folks vulnerable. Note that I’m saying “update failures,” rather than “failure to update”, because updates fail.
Tech Republic Security
MARCH 26, 2021
New leader is also making changes to the software development process to make it harder for attackers to find vulnerabilities.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Shostack
MARCH 26, 2021
There’s lots of fascinating details in The Ship Blocking the Suez Canal Could Take Weeks to Remove at Interesting Engineering. Two tidbits: first, the denial of service is blocking $9.6 billion dollars a day of cargo, but the eventual cost may be lower. Second, Egypt didn’t outlaw slavery until 1863. (Happy Passover, everyone!). This CNBC story has an interesting image captured by Capella Space, showing how deeply wedged it is (but may be misleading because of angle of capture).
Bleeping Computer
MARCH 26, 2021
New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
MARCH 26, 2021
The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives.
Tech Republic Security
MARCH 26, 2021
Looking for an easy-to-deploy VPN server for your data center? Jack Wallen walks you through the steps for installing the open source Pritunl solution.
Security Affairs
MARCH 26, 2021
Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020. .
Heimadal Security
MARCH 26, 2021
Short for “Pre-boot Execution Environment”, PXE boot is an important part of data center infrastructure and can be implemented through open-source software or vendor-supported products. It allows automated provisioning of servers or workstations over a network. Anyone working on infrastructure deployment of bare metal servers, embedded devices, and IoT devices can benefit from a more […].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
MARCH 26, 2021
If you or anyone you know is committing the below social media sins, it’s time to change that habit of an online lifetime. Even the most innocuous of things can cause trouble down the line, because everyone’s threat model is different. Unfortunately, people tend to realise what their threat model is when it’s already too late. With this handy list, you’ll hopefully avoid the most common mistakes which are served up to social media with a dash of eternal regret.
CyberSecurity Insiders
MARCH 26, 2021
Every year, at 8:30 pm local time on the last Saturday of March, millions of people across the world join in raising awareness of the issues facing our planet for Earth Hour. Started by WWF (World Wildlife Fund) and partners as a symbolic lights-out event in Sydney in 2007, the event is now one of the world’s largest grassroots movements for the environment.
CSO Magazine
MARCH 26, 2021
AvidXchange CIO Angelic Gibson and CISO Christina Quaine are bridging the gap between IT and security by drawing on their experiences as women rising the ranks in IT.
Bleeping Computer
MARCH 26, 2021
An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
MARCH 26, 2021
Editor’s note: When most workforces have become distributed due to the global coronavirus health crisis, organizations become more vulnerable. Read More. The post How to Build a Strong Information Security Policy appeared first on Hyperproof. The post How to Build a Strong Information Security Policy appeared first on Security Boulevard.
Bleeping Computer
MARCH 26, 2021
Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [.].
SC Magazine
MARCH 26, 2021
The Chinese espionage group Spiral twice exploited an internet-facing SolarWinds server in 2020, according to researchers from the Secureworks Counter Threat Unit. (“SolarWinds letters” by sfoskett at [link] is licensed under CC BY-NC-SA 2.0 ). Researchers from Trend Micro found two remote code execution (RCE) vulnerabilities – one of them critical – that could allow an attacker to take over SolarWinds Orion systems.
Bleeping Computer
MARCH 26, 2021
Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Digital Guardian
MARCH 26, 2021
Robotic process automation, vaccine scams, and key takeaways from the latest Security Awareness Report - catch up on all of the week's infosec news with the Friday Five!
CSO Magazine
MARCH 26, 2021
Increased bandwidth and lower latency create the opportunity to develop ecosystems that can transform entire industries. The combination of IoT, 5G, cloud, data analytics, quantum computing, and AI paves the way for new and improved products and services in the energy, transportation, manufacturing, healthcare and logistics industries, to name a few.
Cisco Security
MARCH 26, 2021
Anyone who has ever observed or participated in a dance rehearsal is familiar with the count-off cadence, 5, 6, 7, 8. The same is true of musicians who count at the beginning of a piece, or an athlete awaiting the starting signal. These indicators alert us to the same thing: Be ready NOW. Cybersecurity has a set of starting signals as well, but they differ in one aspect.
Security Boulevard
MARCH 26, 2021
When the ShinyHunters hacking group started hawking the personal data of millions of people on the Dark0de market early last month, it was notable because of the sheer number of records in play – and because of who was hacked. In addition to information on 400 million Facebook and a database of Instagram users, the load. The post New Details on Astoria Company Hack Emerge appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
MARCH 26, 2021
The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday.
We Live Security
MARCH 26, 2021
Security and your right to repair – Scams offer fake COVID-19 vaccines and ask for Bitcoin – Jail time for a disgruntled IT contractor. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Security Boulevard
MARCH 26, 2021
Setting up a new business is never easy. Ask any entrepreneur and they will tell you about the sleepless nights, long hours and endless anxieties along the way. But, when starting a business in the midst of a global pandemic, each of these issues is magnified tenfold and there are numerous new challenges along the. The post Setting up a SOC in the Midst of a Pandemic appeared first on Security Boulevard.
Naked Security
MARCH 26, 2021
If only he'd been treated like this in his lifetime: the computing pioneer who knew "this is only a foretaste".
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MARCH 26, 2021
SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two o them allowing remote attackers to execute arbitrary code following exploitation. [.].
CyberSecurity Insiders
MARCH 26, 2021
For the first time, UK’s security boss Lindy Cameron has termed Russia and China as the acute threats to the United Kingdom. Although she did not name them specifically for a reason, she mentioned the two country names as dominant hosts that would transform the 21st century world with devastating technologies. Lindy Cameron, the CEO of the National Cyber Security Centre(NCSC) assured the populace of Britain not to panic, as she said that the country is well equipped with the right technology in
Bleeping Computer
MARCH 26, 2021
Ransomware attacks against the enterprise continue in the form of Accellion data leaks, full-fledged ransomware attacks, and more ransomware gangs targeting Microsoft Exchange. [.].
Security Boulevard
MARCH 26, 2021
Zero trust. It’s not exactly what you want in a relationship. But it’s everything you want in a remote access security solution. So since we’re on the topic of relationships, let’s think about the qualities of a good relationship. Any good relationship is typically composed of some of the following elements: openness, communication, and trust. […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
350 
Let's personalize your content