Daniel Miessler
JANUARY 25, 2021
There are recon tools, and there are recon tools. @tomnomnom —also called Tom Hudson—creates the latter. I have great respect for large, multi-use suites like Burp , Amass , and Spiderfoot , but I love tools with the Unix philosophy of doing one specific thing really well. I think this granular approach is especially useful in recon. Related Talk: Mechanizing the Methodology.
Joseph Steinberg
JANUARY 25, 2021
Long-time cybersecurity-industry veteran, Joseph Steinberg , has been appointed by CompTIA, the information technology (IT) industry’s nonprofit trade association that has issued more than 2-million vendor-neutral IT certifications to date, to its newly-formed Cybersecurity Advisory Council. The council, comprised of 16 experts with a diverse set of experience and backgrounds, will provide guidance on how technology companies can both address pressing cybersecurity issues and threats, as well as
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 25, 2021
A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.
The Last Watchdog
JANUARY 25, 2021
SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks. Related: Digital certificates destined to play key role in securing DX. Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 25, 2021
Every new year brings new challenges surrounding risk management. Learn how to protect your company and its assets with these tips from an industry insider.
The State of Security
JANUARY 25, 2021
Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of […]… Read More. The post A Look at the Legal Consequence of a Cyber Attack appeared first on The State of Security.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
TrustArc
JANUARY 25, 2021
Data Privacy Day (or Data Protection Day, if you are based in Europe) is upon us! Every year on January 28th, we take this time to create awareness about the importance of data privacy, keeping data safe and enabling trust. We take being a Data Privacy Day Champion seriously, and are proud to spread the […]. The post TrustArc Celebrates Data Privacy Day appeared first on TrustArc Privacy Blog.
Security Affairs
JANUARY 25, 2021
Zscaler’s research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner. The bot is composed of a series of Executable and Linkable Format (ELF) binaries and Unix shell scripts. .
Adam Shostack
JANUARY 25, 2021
It would be trite writing to say it was fun to be on a podcast with Volko Ruhnke and Hadas Cassorla to talk about using games to teach. And while it was, it was really educational and inspirational. I learned from both of them, and I hope you enjoy the podcast as well! Volko Ruhnke, Adam Shostack and Hadas Cassorla – Building Games to Teach Real-World Security.
Security Affairs
JANUARY 25, 2021
Packaging giant WestRock disclosed a ransomware attack that impacted its information technology (IT) and operational technology (OT) systems. American corrugated packaging company WestRock announced it was the victim of a ransomware attack that impacted its information technology (IT) and operational technology (OT) systems. WestRock did not share details about the security incident, it only confirmed that its staff discovered the attack on January 23.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Trend Micro
JANUARY 25, 2021
Long Range Wide Area Network (LoRaWAN) devices have been hacking targets for quite some time. We dive into attacks that malicious actors can use against vulnerable LoRaWAN devices, and review the state of LoRaWAN security. This is the first in a three-part series.
CSO Magazine
JANUARY 25, 2021
HIPAA summary: What is HIPAA? HIPAA (the Health Insurance Portability and Accountability Act ) is a law passed in 1996 that transformed many of the ways in which the healthcare industry operated in the United States. The law had many important and far-reaching effects, but from the perspective of IT pros, its most important provisions are mandates that health care providers keep any personally identifiable medical information private and secure.
Hot for Security
JANUARY 25, 2021
Another day, and another report that a cryptocurrency exchange has been breached by malicious hackers. Indian cryptocurrency exchange BuyUCoin says that is investigating claims that sensitive data related to hundreds of thousands of its users has been published on the dark web, where it is available for free download. Read more in my article on the Hot for Security blog.
CSO Magazine
JANUARY 25, 2021
Firewall and network security appliance manufacturer SonicWall is urging customers to take preventive actions after its own systems were attacked through previously unknown vulnerabilities in some of its products. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company said in an alert on its website late Friday. [ Learn 12 tips
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Zero Day
JANUARY 25, 2021
Google TAG warns security researchers to be on the lookout when approached by unknown individuals on social media.
CSO Magazine
JANUARY 25, 2021
Editor's note: This article, originally published on January 15, 2014, has been updated to more accurately reflect recent trends. The shortage of cybersecurity workers is well known, with studies showing that millions more professionals are needed to meet the increasing demand for skilled talent in this profession. The 2020 Cybersecurity Workforce Study from the nonprofit professional organization (ISC)² estimates that the global workforce shortage stands at 3.12 million, and it estimates that
Threatpost
JANUARY 25, 2021
Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.
Trend Micro
JANUARY 25, 2021
Sodinokibi was behind several notable attacks last year. In this entry, we describe its attack process using some of the examples we encountered.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
JANUARY 25, 2021
Dutch police arrested two individuals for allegedly selling COVID-19 patient data stolen from the Dutch health ministry. Dutch police have arrested two individuals in the country for selling COVID-19 patient data stolen from the national COVID-19. The availability of COVID-19 patient data in the cybercrime underground was spotted by the RTL Nieuws reporter Daniel Verlaan.
IT Security Guru
JANUARY 25, 2021
In recent times, there has been a huge increase in the number of fraudsters maliciously scamming businesses of all shapes and sizes – and even their crimes seem more sophisticated. Throughout the Coronavirus outbreak, as many migrated their businesses online, the increase in fraudulence and general cyber-crime become a large cause for concern, and payroll fraud wasn’t an exception.
The Hacker News
JANUARY 25, 2021
In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents.
CompTIA on Cybersecurity
JANUARY 25, 2021
When you need a comprehensive approach, jam-packed with security measures designed to combat a threat onslaught, you need defense in depth.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Zero Day
JANUARY 25, 2021
Two individuals have been arrested in the Netherlands last week for selling data from Dutch COVID-19 systems on Telegram, Snapchat and Wickr.
Threatpost
JANUARY 25, 2021
Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.
SecureWorld News
JANUARY 25, 2021
The World Economic Forum has published the 16th edition of its Global Risks Report. The report analyzes the risks from societal fractures, such as the global pandemic we have all been living through for almost a year now. The entire report dives deep into persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation.
Digital Guardian
JANUARY 25, 2021
SOX compliance, preventing social engineering attacks, and data classification. In this blog, we count down the most read blogs of 2020.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Cisco Security
JANUARY 25, 2021
AV-Comparatives named Cisco a Strategic Leader in its EPR report. Cisco Secure Endpoint (previously AMP for Endpoints) was named a Strategic Leader by AV -Comparatives in the Endpoint Prevention and Response (EPR) CyberRisk Quadrant in their inaugural EPR Comparative Report. AV-Comparatives is a leading independent endpoint security software testing organization withtwo decades of experience.
Dark Reading
JANUARY 25, 2021
Get to know the difference between "supervised" and "unsupervised" machine learning.
Threatpost
JANUARY 25, 2021
The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.
Zero Day
JANUARY 25, 2021
DreamBus botnet uses exploits and brute-force to target PostgreSQL, Redis, SaltStack, Hadoop, Spark, and others.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
364 
Let's personalize your content