Krebs on Security
MARCH 8, 2021
Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.
Schneier on Security
MARCH 8, 2021
Interesting paper: “ Shadow Attacks: Hiding and Replacing Content in Signed PDFs “: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities in PDF viewer implementations.They showed attacks that could modify PDF documents without invalidating the signature.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 8, 2021
Cybercriminals are racing to exploit four zero-day bugs in Exchange before more organizations can patch them.
The Last Watchdog
MARCH 8, 2021
Like a couple of WWE arch rivals, Apple’s Tim Cook and Facebook’s Mark Zuckerberg have squared off against each other in a donnybrook over consumer privacy. Cook initially body slammed Zuckerberg — when Apple issued new privacy policies aimed at giving U.S. consumers a smidgen more control over their personal data while online. Related: Raising kids who care about their privacy.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 8, 2021
DARPA's project could allow encrypted data to be used without ever having to decrypt it.
Quick Heal Antivirus
MARCH 8, 2021
Indian farmers’ protest is an ongoing fight against three farm acts that were passed by the Parliament of. The post Activists turn hacktivists – new ransomware that does not demand money appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 8, 2021
SAP and IBM have changed the hiring and onboarding process to open up more jobs to non-traditional candidates.
CSO Magazine
MARCH 8, 2021
Marc Andreessen had it right – software has eaten the world. As a result, the world can be hacked. Just look at the past few months. The SolarWinds caper – the “largest and most sophisticated attack the world has ever seen” according to Microsoft president Brad Smith – gave its Russian perps months of free reign across untold US government agencies and private companies.
We Live Security
MARCH 8, 2021
The number of women joining the ranks of cybersecurity practitioners is steadily increasing, but a lot still needs to be done to close the gap. The post Women in cybersecurity: Gender gap narrows but not enough appeared first on WeLiveSecurity.
Tech Republic Security
MARCH 8, 2021
Scammers are launching more malicious campaigns designed to take advantage of the anxiety and confusion over the COVID-19 vaccines.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Hot for Security
MARCH 8, 2021
The Cybersecurity & Infrastructure Security Agency (CISA) has issued an emergency directive and alert addressing several critical vulnerabilities recently found in Microsoft Exchange products. Microsoft confirmed the existence of multiple flaws in Microsoft Exchange Server last week, when it rolled out several security updates following reports of targeted attacks.
Tech Republic Security
MARCH 8, 2021
This approach is all about data and resilience, not deliberately sabotaging your own network, according to two cybersecurity experts.
CSO Magazine
MARCH 8, 2021
CISO Bill Brown knows how high-profile cybersecurity breaches like SolarWinds can raise alarm bells among executives and board members when they become headline news. When leading information security for three previous companies, he remembers executives would call him during their morning train commutes after reading about the latest security breach, seeking reassurance.
Bleeping Computer
MARCH 8, 2021
Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 8, 2021
Jack Wallen explains what supercookies are and how to protect your web browsing against them with Firefox's new privacy feature.
Bleeping Computer
MARCH 8, 2021
Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability. [.].
SC Magazine
MARCH 8, 2021
Intel Labs announced an initiative funded by the Defense Advanced Research Projects Agency to create hardware that accelerates how computers process homomorphic encryption. (Photo by Justin Sullivan/Getty Images). Intel Labs announced Monday an initiative funded by the Defense Department’s research and development arm to create hardware that accelerates how computers process homomorphic encryption.
Bleeping Computer
MARCH 8, 2021
The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
MARCH 8, 2021
SITA, which provides IT services to about 90% of the global aviation industry, has revealed that it suffered a cyber attack which exposed details of passengers from many airlines.
Heimadal Security
MARCH 8, 2021
Oxfam Australia is an affiliate of Oxfam International. Based in Australia the entity is an independent, not-for-profit, secular, community-based aid and development organization that employs 4.6 million people working all around the world. Oxfam Australia is operating from individual households to global forums with the purpose to save lives before, during, and after humanitarian crises, […].
Security Boulevard
MARCH 8, 2021
When I am not studying the newest cybersecurity threat or preparing an enterprise and its employees for the next inevitable cyberattack, I can be found traipsing through California’s Sierra Nevada or in the depths of Death Valley. It was during these adventures that I developed both my mountain sense and found the quiet solitude to. The post 3 Hiking Principles That Made Me a Better CISO appeared first on Security Boulevard.
SC Magazine
MARCH 8, 2021
Researchers reported Monday that the vast majority of Chrome users take close to a month to install a new patch – something that’s a cause for concern amid an increase in the number of zero-day attacks on Chrome browsers in the past year. In a blog posted by Menlo Security, researchers found that while Chrome 87 was released on Nov. 17, 2020, it took at least a month for 84% of customers to update their browsers.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
MARCH 8, 2021
A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "on-chip, cross-core" side-channel in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August.
Security Boulevard
MARCH 8, 2021
LITTLETON, Mass., March 08, 2021 (GLOBE NEWSWIRE) — Ingram Micro Inc. the world’s leading global technology provider and distributor, and CyGlass, a SaaS-based network security and compliance company have formed a strategic partnership in response to Australia and New Zealand’s growing demand for cybersecurity services. CyGlass Network Defense as a Service (NDaaS) will give small and medium.
The Hacker News
MARCH 8, 2021
Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe.
Bleeping Computer
MARCH 8, 2021
Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
MARCH 8, 2021
Hackers with suspected ties to Iran are actively targeting academia, government agencies, and tourism entities in the Middle East and neighboring regions as part of an espionage campaign aimed at data theft.
SC Magazine
MARCH 8, 2021
The number of organizations breached via four zero-day bugs in Microsoft Exchange has reached 30,000 and climbing, thanks to automated scanning and scripting techniques used by attackers. According to sources that spoke to SC Media , adversaries in late February leveraged automated scanning capabilities in order to identify Exchange users who were vulnerable to the exploit.
The Hacker News
MARCH 8, 2021
Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari browsers to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.
SC Magazine
MARCH 8, 2021
A surge of breaches against Microsoft Exchange Server appear to have rolled out in phases, with signs also pointing to other hackers using the same vulnerabilities after Microsoft announced a patch. Last week, Microsoft patched four Exchange Server vulnerabilities being used by a hacker group in “targeted and limited” breaches. But as vendors rushed to patch systems, breaches did not appear limited at all.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
357 
Let's personalize your content