Mon.Sep 20, 2021

Does Your Organization Have a Security.txt File?

Krebs on Security

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks.

Retail 220

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

The Last Watchdog

An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to see who is trying to break into your Office 365 and what they're trying to hack

Tech Republic Security

Office 365 and Azure Active Directory's security diagnostics are surprisingly useful tools

Data of 106 million visitors to Thailand leaked online

Security Affairs

Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

7 unexpected ransomware costs

CSO Magazine

Ransomware is one of the fastest-growing cybersecurity attacks. One of the factors that makes these threats especially intimidating is that the costs can be far-reaching.

Here's how to become an in-demand cybersecurity expert

Tech Republic Security

Just a couple of years of IT experience is all that's necessary to break into the cybersecurity field with this self-paced training

More Trending

APT actors exploit flaw in ManageEngine single sign-on solution

CSO Magazine

Cyberespionage groups are exploiting a critical vulnerability patched earlier this month in ManageEngine ADSelfService Plus, a self-service password management and single sign-on (SSO) solution for Active Directory environments.

CSO 112

5 Ways Businesses Can Stay Ahead of Cybersecurity Attacks

CyberSecurity Insiders

As technology advances, cybercriminals are finding more sophisticated means to attack businesses online. Besides reputational damage, cybersecurity attacks also lead to operational disruptions that lead to loss of revenue.

5 observations about XDR

CSO Magazine

It’s safe to say that my esteemed colleague Dave Gruber and I were following XDR before the term XDR existed. Yup, we were heads down studying the SOC and a security platform we called SOAPA (security operations and analytics platform architecture).

CSO 111

All old Android phones to get the latest mobile security update from Google

CyberSecurity Insiders

Google has announced that it will roll out an additional security feature to all the smart phone devices operating on the Android 6 OS version and above in coming days.

Mobile 109

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Windows 11 prep: How to convert MBR hard drive partitions to GPT

Tech Republic Security

For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Here is how to do it

154
154

Apache OpenOffice is currently impacted by a remote code execution flaw

Security Affairs

Apache OpenOffice (AOO) is currently impacted by a remote code execution flaw, tracked as CVE-2021-33035, that has yet to be fixed in the official release.

F5 to acquire cloud security firm Threat Stack

CyberSecurity Insiders

F5, a leader in offering networking and application security services, has announced that it is going to acquire cloud security firm Threat Stack for an apparent amount of $68 million.

BrandPost: Keeping Your Hybrid Workforce Secure with Cyber Hygiene Training

CSO Magazine

More than a year after remote work became the norm, many companies have moved to a hybrid model in which some employees work from home at least some of the time. It’s an evolving mindset that work is something we do rather than a place we commute to and from.

Perceptions of Insider Risk 2021

Security Boulevard

The month of September is designated “National Insider Threat Awareness Month,” and based on the number of cybersecurity incidents that involve employees, perhaps every month should be insider threat awareness month.

Risk 100

Black Matter gang demanded a $5.9M ransom to NEW Cooperative

Security Affairs

The farmers cooperative NEW Cooperative was hit by Black Matter ransomware gang that is demanding a $5.9 million ransom. BlackMatter ransomware gang hit NEW Cooperative, a farmer’s feed and grain cooperative, and is demanding a $5.9 million ransom.

How to Protect Yourself from Security Challenges Caused by Video Players

CyberSecurity Insiders

If you are a person who watches a lot of videos streamed online, then you have likely started using an online video player.

White House Cybersecurity Summit: A Missed Opportunity

Dark Reading

Last month's summit with the president was missing something crucial: representation from those who deal with critical infrastructure

Large phishing campaign targets EMEA and APAC governments

Security Affairs

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. .

Protecting Data From Insider Threats

Security Boulevard

September 2021 marks the third year of National Insider Threat Awareness Month (NITAM), which, according to the NITAM website, aims to help prevent “exploitation of authorized access to cause harm to an organization or its resources.”

How Cybersecurity Can Affect Your SEO Ranking

CyberSecurity Insiders

It seems like every day that you listen to the news or look on the Internet there are stories about a site being breached by hackers. People are having their data stolen, accounts are being accessed, and ransomware is becoming a real nightmare for both individuals and businesses.

Europol arrested 106 fraudsters, members of a major crime ring

Security Affairs

Europol, along with Italian and Spanish police, dismantled a major crime organization linked to the Italian Mafia that focuses on online frauds.

NIST’s Marian Merritt Dishes on the State of Cyber Careers

StaySafeOnline

The post NIST’s Marian Merritt Dishes on the State of Cyber Careers appeared first on Stay Safe Online

89

“Back to basics” as courier scammers skip fake fees and missed deliveries

Naked Security

"Stop. Think. Connect." Say those words aloud - and please pronounce the pauses prescribed by the periods! Phishing courier scam delivery scam phishing Scam

Scams 84

Open Source Software Projects Up Their Security Game but Face More Attacks

Dark Reading

Patches for dependencies are trickling up through the open source ecosystem faster than ever — a good thing because attackers are focusing more on open source software

5 Types of Hackers & Why They Hack

Security Boulevard

When considering why hackers are attacking websites, you might think that there’s a specific reason they target you as a website owner—your business, your reputation, or your information. The truth is, while it feels personal to the victim, hackers rarely single out specific targets.

Microsoft Researches Ransomware Attack Targeting App Developers

Hacker Combat

Stories of ransomware assaults are common in many headlines worldwide. The attacks target both large and small businesses alike. Research suggests that over half of organizations find it difficult to detect if they have enough cybersecurity to prevent them from ransomware attacks.

Google: New Privacy Feature Will Affect 'Billions' of Android Devices

Dark Reading

Starting in December, Google will expand its "permissions auto-reset feature" to devices using Android 6.0 and higher

81

Insider Threat Personas: Who is Responsible for Insider Attacks?

Security Boulevard

Hello week four of National Insider Threat Awareness month! This week we’re talking about insider. The post Insider Threat Personas: Who is Responsible for Insider Attacks? appeared first on Gurucul. The post Insider Threat Personas: Who is Responsible for Insider Attacks?

10 Ways to Avoid Zero-Trust Failure

Dark Reading

Here are the prerequisites to have in order before getting past the zero-trust gate

80

How to fix the Windows 0x0000011b network printing error

Bleeping Computer

A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers. [.]. Microsoft Security

114
114

Freedom Hosting operator gets 27 years for hosting Dark Web child abuse sites

Malwarebytes

The wheels of justice have turned, if perhaps a bit slower than you may have expected. A Dublin resident, Eric Eoin Marques, has been sentenced to 27 years in federal prison. The reason is the frankly terrifying tally of child sexual abuse material (CSAM) he helped to distribute.

Hacked sites push TeamViewer using fake expired certificate alert

Bleeping Computer

Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. [.]. Security Microsoft

McAfee Enterprise Defender Blog | MSHTML CVE-2021-40444

McAfee

T hreat Summary. Microsoft is warning its users of a zero-day vulnerability in Windows 10 and versions of Windows Server that is being leveraged by remote, unauthenticated attackers to execute code on the target system using specifically crafted office documents.

VoIP.ms phone services disrupted by DDoS extortion attack

Bleeping Computer

Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation. [.]. Security

DDOS 111