Schneier on Security
OCTOBER 21, 2020
The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers. This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
Tech Republic Security
OCTOBER 21, 2020
If your currrent phone is ready for retirement or you need to sell your current phone to upgrade to a new model, follow these steps to keep your data private.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
OCTOBER 21, 2020
Microsoft brought down TrickBot infrastructure last week, but a few days later the botmasters set up a new command and control (C&C) servers. Microsoft’s Defender team, FS-ISAC , ESET , Lumen’s Black Lotus Labs , NTT , and Broadcom’s cyber-security division Symantec joined the forces and announced last week a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet.
Tech Republic Security
OCTOBER 21, 2020
Workers are increasingly concerned about the ability of enterprises to keep them protected as they work from home.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
OCTOBER 21, 2020
The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.
Anton on Security
OCTOBER 21, 2020
From Google Cloud Blog: “Improving security, compliance, and governance with cloud-based DLP data discovery” So, I’ve been doing some blogging at Google Cloud blog with most posts connected to products, launches, etc. However, I am also doing a fun blog series on DLP in the cloud. Blog 1 is here , and blog 2 is here? —?you can also see a long quote from the second one below.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
OCTOBER 21, 2020
Sweden is banning Chinese tech giant Huawei and ZTE from building new 5G wireless networks due to national security concerns. Another state, Sweden, announced the ban of Chinese tech companies Huawei and ZTE from building its 5G network infrastructure. The Swedish Post and Telecom Authority announced this week that four wireless carriers bidding for frequencies in an upcoming spectrum auction for the new 5G networks (Hi3G Access, Net4Mobility, Telia Sverige and Teracom) cannot use network equipm
Dark Reading
OCTOBER 21, 2020
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
Security Affairs
OCTOBER 21, 2020
Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day. Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. The CVE-2020-15999 flaw is a memory corruption bug that resides in the FreeType font rendering library, which is included in standard Chrome releases.
Dark Reading
OCTOBER 21, 2020
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
OCTOBER 21, 2020
Cisco warns of attacks attempting to exploit the CVE-2020-3118 vulnerability that affects multiple carrier-grade routers running Cisco IOS XR Software. Cisco is warning of attacks targeting the CVE-2020-3118 high severity vulnerability that affects multiple carrier-grade routers running the Cisco IOS XR Software. The flaw resides in the Cisco Discovery Protocol implementation for Cisco IOS XR Software and could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a relo
Digital Shadows
OCTOBER 21, 2020
Digital Shadows recently published two blogs looking at how threat actors express their personality on cybercriminal forums — either inadvertently. The post Dark pathways into cybercrime: Minding the threat actor talent gap first appeared on Digital Shadows.
Dark Reading
OCTOBER 21, 2020
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
Threatpost
OCTOBER 21, 2020
Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; two have CVSS scores of 10 out of 10.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
OCTOBER 21, 2020
The 12 points seek to provide security professionals with advice on ethical behavior during incident response.
Threatpost
OCTOBER 21, 2020
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.
Dark Reading
OCTOBER 21, 2020
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
Threatpost
OCTOBER 21, 2020
The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data.".
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
OCTOBER 21, 2020
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
Threatpost
OCTOBER 21, 2020
The memory-corruption vulnerability exists in the browser’s FreeType font rendering library.
Dark Reading
OCTOBER 21, 2020
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
CompTIA on Cybersecurity
OCTOBER 21, 2020
Learn how the skills covered in CompTIA Cybersecurity Analyst (CySA+) translate to on-the-job responsibilities and how you can earn that promotion.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
OCTOBER 21, 2020
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
Spinone
OCTOBER 21, 2020
What are the cybersecurity threats? A cybersecurity threat is an event or software that can exploit a cyber vulnerability in the information system and bring damage to an organization. It bears multiple risks and may or may not result in a cyber incident. Types of cyber threats There are multiple ways to categorize cybersecurity threats. By source: Physical damage.
Dark Reading
OCTOBER 21, 2020
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
Digital Shadows
OCTOBER 21, 2020
The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, crisis response speed, The post Cybersecurity Awareness Month: Week 3 - Securing Internet- Connected Devices in Healthcare first appeared on Digital Shadows.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Security Ledger
OCTOBER 21, 2020
Galen Emery of Chef comes into the Security Ledger studios to talk about how security and compliance are "shifting left" with DEVSECOPS. The post Episode 191: Shifting Compliance Left with Galen Emery of Chef appeared first on The Security Ledger. Related Stories Podcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan Hunt Spotlight Podcast: CTO Zulfikar Ramzan on RSA’s Next Act: Security Start-Up Spotlight Podcast: Taking a Risk-Based Approach to El
SiteLock
OCTOBER 21, 2020
Given the ever-present threat of cyberattacks, it is crucial for business owners to make website security a top priority. Although the question of how to make a website secure might sound complex, it’s not as hard as it seems. In fact, just taking a few simple steps can greatly improve your website security. If you’re […]. The post How to Make A Website Secure: A Guide for Business Owners appeared first on The SiteLock Blog.
Security Affairs
OCTOBER 21, 2020
Adobe has released a second out-of-band security update to address critical vulnerabilities affecting several products. . Adobe has released a second out-of-band security update to fix critical vulnerabilities that impact numerous products of the IT giant. . The flaws impact Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, InDesign, and the Creative Cloud desktop application on Windows and macOS machines. .
SecureWorld News
OCTOBER 21, 2020
As much as security leaders would welcome it, unfortunately, there is no silver bullet to combat cybersecurity risk. That's probably why Zero Trust is such a hot topic, especially for companies moving through their digital transformation. Zero Trust is not a technology, product, or solution. It's a conceptual architectural approach built upon an ecosystem that creates an environment for a holistic security posture.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
274 
Let's personalize your content