Troy Hunt
SEPTEMBER 11, 2020
The highlight of my week was absolutely getting the Shelly 1 units behind a couple of my light switches working as I'd always dreamed. It just opens up so many automation possibilities that I'm really excited about what I might do in the future with them now. When I get the place to a standard I'm happy with, I'll definitely do a good walkthrough and show how it all works.
Tech Republic Security
SEPTEMBER 11, 2020
If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
SEPTEMBER 11, 2020
Experts reported threat actors are increasingly targeting a recently addressed vulnerability in the WordPress plugin File Manager. Researchers from WordPress security company Defiant observed a surge in the number of attacks targeting a recently addressed vulnerability in the WordPress plugin File Manager. In early September, experts reported that hackers were actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unau
Tech Republic Security
SEPTEMBER 11, 2020
Hacker groups are ramping up activity as the US heads into the peak of election season. The latest attacks at times bear hallmarks similar to those seen in 2016.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
SEPTEMBER 11, 2020
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Tech Republic Security
SEPTEMBER 11, 2020
If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 11, 2020
If you have CentOS servers in your data center, you'll want to make sure to patch them against BootHole. Jack Wallen shows you how.
Threatpost
SEPTEMBER 11, 2020
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
Tech Republic Security
SEPTEMBER 11, 2020
Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method.
Dark Reading
SEPTEMBER 11, 2020
Placid poems to quiet the infosec pro's harried mind. (Or placid, by infosec standards.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
SEPTEMBER 11, 2020
Google Maps is arguably the easiest mapping service to use, but that doesn't mean it's the most secure.
Threatpost
SEPTEMBER 11, 2020
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
Dark Reading
SEPTEMBER 11, 2020
New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.
Security Affairs
SEPTEMBER 11, 2020
Zoom has implemented two-factor authentication (2FA) to protect all user accounts against security breaches and other cyber attacks. Zoom has announced finally implemented the two-factor authentication (2FA) to protect all user accounts from unauthorized accesses. This is a great news due to the spike in the popularity of the communication software during the ongoing COVID-19 pandemic.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
SEPTEMBER 11, 2020
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
Spinone
SEPTEMBER 11, 2020
ISO 27001 is a security standard that helps organizations implement the appropriate controls to face data security threats. Completing the ISO 27001 certification process is a great business practice that represents your commitment to data security. We hope our ISO 27001 checklist will help you to review and assess your security management systems. ISO 27001 Compliance Checklist The first thing to understand is that ISO 27001 is a set of rules and procedures rather than an exact to-do list for y
Dark Reading
SEPTEMBER 11, 2020
The ransomware attack has exposed internal documents from the court and knocked its website offline.
Schneier on Security
SEPTEMBER 11, 2020
Harvard Kennedy School’s Belfer Center published the “ National Cyber Power Index 2020: Methodology and Analytical Considerations.” The rankings: US China UK Russia Netherlands France Germany Canada Japan Australia. We could — and should — argue about the criteria and the methodology, but it’s good that someone is starting this conversation.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
SEPTEMBER 11, 2020
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
Veracode Security
SEPTEMBER 11, 2020
It was the day before a holiday break, and everyone was excited to have a few days off to spend with friends and family. A skeleton crew was managing the security operations center, and it seemed as though every other team left early to beat the holiday traffic. Every team other than the vulnerability management (VM) team that is. Just before it was time to leave for the day, and the holiday break, the phone rang.
Schneier on Security
SEPTEMBER 11, 2020
St. Louis Magazine answers the important question: “ Is there a difference between calamari and squid?” Short answer: no. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Security Affairs
SEPTEMBER 11, 2020
Boffins devised a new timing attack, dubbed Raccoon that could be exploited by threat actors to decrypt TLS-protected communications. Security researchers from universities in Germany and Israel have disclosed the details of a new timing attack, dubbed Raccoon, that could allow malicious actors to decrypt TLS-protected communications. The timing vulnerability resides in the Transport Layer Security (TLS) protocol and hackers could exploit it to access sensitive data in transit.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureWorld News
SEPTEMBER 11, 2020
With the U.S. Presidential election quickly approaching, many people are on the edge of their seat, waiting to see who will lead the country for the next four years. One thing that almost everyone can agree on, is that it would be beneficial to avoid outside interference , like we saw in 2016 with Russia. Unfortunately, Microsoft has uncovered new nation-state cyberattacks targeting individuals and organizations involved in the upcoming presidential election.
Security Affairs
SEPTEMBER 11, 2020
The Iranian government denies Microsoft’s allegations related to the alleged attacks against individuals involved in the upcoming 2020 US presidential election. Microsoft announced to have detected a new wave of attacks carried out by Chinese, Iranian, and Russian state-sponsored hackers against the US election. Threat actors had tried to compromise email accounts belonging to people associated with the Biden and Trump election campaigns.
Security Affairs
SEPTEMBER 11, 2020
The Iranian government denies Microsoft’s allegations related to the alleged attacks against individuals involved in the upcoming 2020 US presidential election. Microsoft announced to have detected a new wave of attacks carried out by Chinese, Iranian, and Russian state-sponsored hackers against the US election. Threat actors had tried to compromise email accounts belonging to people associated with the Biden and Trump election campaigns.
Security Affairs
SEPTEMBER 11, 2020
Microsoft reveals that state-sponsored hackers had tried to breach email accounts belonging to people involved in the US election. Microsoft announced to have detected a new wave of attacks carried out by Chinese, Iranian, and Russian state-sponsored hackers against the US election. Threat actors had tried to compromise email accounts belonging to people associated with the Biden and Trump election campaigns.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
215 
Let's personalize your content