Schneier on Security
DECEMBER 11, 2020
The Aspen Institute’s Aspen Cybersecurity Group — I’m a member — has released its cybersecurity policy agenda for the next four years. The next administration and Congress cannot simultaneously address the wide array of cybersecurity risks confronting modern society. Policymakers in the White House, federal agencies, and Congress should zero in on the most important and solvable problems.
Troy Hunt
DECEMBER 11, 2020
Well this is different; a weekly update bereft of neon studio lighting and instead done from the great outdoors, complete with all sorts of animal noises and a (probably) drunk green tree frog. I picked one of my favourite travelling companions to join me this week, a little guy I last did one of these with in a very different environment back in Oslo earlier this year.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 11, 2020
The Internet of Things is still in its Wild West phase of development. Standardization is necessary to ensure safety and easier integration.
Security Affairs
DECEMBER 11, 2020
Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. Vietnam-linked APT group APT32 , also known as OceanLotus and APT-C-00, carried out cyber espionage campaigns against Chinese entities to gather intelligence on the COVID-19 crisis.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 11, 2020
Commentary: Companies used to look to open source to lower costs. That's still true, but an even bigger driver is security, according to a new developer survey.
Security Affairs
DECEMBER 11, 2020
The US Cybersecurity Infrastructure and Security Agency and the FBI warned about the increase in ransomware attacks targeting the US K-12 educational sector. The US CISA and the FBI warned about the increase in ransomware attacks targeting the US K-12 educational sector aimed at data theft and disruption of distance learning services. The number of attacks surged at the beginning of the 2020 school year. “The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten t
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Threatpost
DECEMBER 11, 2020
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.
CompTIA on Cybersecurity
DECEMBER 11, 2020
These career-focused trends will guide you as you add business skills to technical skills in order to build your IT career.
Threatpost
DECEMBER 11, 2020
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.
Security Affairs
DECEMBER 11, 2020
Spotify is informing users that their personal information might have been accidentally shared with some of its business partners. Spotify is informing users that their personal information might have been inadvertently shared with some of its business partners for several months. The company filed a notice of breach notice with the California Attorney General.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
DECEMBER 11, 2020
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.
We Live Security
DECEMBER 11, 2020
A Q&A with security researcher Alejandro Hernández, who has unearthed a long list of vulnerabilities in leading trading platforms that may expose their users to a host of security and privacy risks. The post Is your trading app putting your money at risk? appeared first on WeLiveSecurity.
Threatpost
DECEMBER 11, 2020
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
Dark Reading
DECEMBER 11, 2020
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
DECEMBER 11, 2020
Interview with Massimiliano Brolli, Head of TIM Red Team Research, which is a team of experts that focus on zero-day hunting. For some time now we have been witnessing a series of undocumented vulnerabilities issued by a TIM IT Security laboratory called Red Team Research RTR, which already has 31 new CVEs to date in about a year. A small, all-Italian “Project Zero” that aroused attention among professionals, because a new CVE is published every eleven days, which is not bad at all.
Dark Reading
DECEMBER 11, 2020
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
Threatpost
DECEMBER 11, 2020
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.
Dark Reading
DECEMBER 11, 2020
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Webroot
DECEMBER 11, 2020
Cybercrime surpasses $1Trillion in global costs. A recent study has put the global cost of cybercrime at over $1 trillion for 2020. This figure is up significantly from 2018, which was calculated at around $600 billion. And while most effects are financial, roughly 92% of affected organizations cited by the study reported additional issues stemming from cyberattacks.
Dark Reading
DECEMBER 11, 2020
Ransomware attacks reported against US K-12 schools jumped from 28% in January through July to 57% in August and September.
We Live Security
DECEMBER 11, 2020
ESET research uncovers Operation StealthyTrident – Security flaws in trading apps – IRS expands its Identity Protection PIN program. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Dark Reading
DECEMBER 11, 2020
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Veracode Security
DECEMBER 11, 2020
Are you fascinated with cryptography? You're not alone: a lot of engineers are. Occasionally, some of them decide to go as far as to write their own custom cryptographic hash functions and use them in real-world applications. While understandably enticing, doing so breaks the number 1 rule of the security community:??? don't write your own crypto. ??
Webroot
DECEMBER 11, 2020
Hackers, never at a loss for creative deception, have engineered new tactics for exploiting the weakest links in the cybersecurity chain: ourselves! Social engineering and business email compromise (BEC) are two related cyberattack vectors that rely on human error to bypass the technology defenses businesses deploy to deter malware. Social Engineering.
WIRED Threat Level
DECEMBER 11, 2020
The European Medicines Agency has released limited details about the cyberattack.
Penetration Testing
DECEMBER 11, 2020
HyperDbg Debugger HyperDbg debugger is an open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing, and reversing. HyperDbg is designed... The post HyperDbg v0.7 releases: open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger appeared first on Penetration Testing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
GlobalSign
DECEMBER 11, 2020
We’ve seen some very big players in the bullseye recently. Most recently, it was one of the most reputable cybersecurity companies in the world: FireEye.
ForAllSecure
DECEMBER 11, 2020
For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and reported the vulnerability. In this episode, Guido Vranken talks about his approach to hacking, about the differences between memory safe and unsafe languages, his use of fuzz testing as a preferred tool, and how he came to discover the validation error in OpenWRT, as well as a serialization error in cereal, and other vulnerabilities.
Anton on Security
DECEMBER 11, 2020
As I hear of organizations dealing with security when migrating to the cloud, I occasionally observe cases of “ extreme lift and shift.” I use this label to describe a case when an organization wants to keep every single security technology that they use on-premise after they move to the public cloud. The list can be very long and tedious; it may include such staples as firewalls, anti-malware, SIEM, EDR , NIDS, and even network forensics and NDR.
Schneier on Security
DECEMBER 11, 2020
This is a deep-diving species that “fed on small prey items such as squid.” Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
287 
Let's personalize your content