Joseph Steinberg

JANUARY 7, 2021

While much of the security-oriented focus regarding the storming of the Capitol building by protesters yesterday has rightfully been on the failure of the Capitol Police to prevent the breach of security, the country also faces a potentially serious cyber-threat as a result of the incident. Laptops, smartphones, printers, and other computing devices that were left behind in offices and other areas by elected officials, staffers, and others as they retreated from the advancing protesters all must

Cyber threats 363

Cyber threats Malware Risk Cybersecurity 363

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a d

Computers and Electronics 362

Computers and Electronics Software Engineering Accountability 362

Schneier on Security

JANUARY 7, 2021

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.” Abstract: It has become common to publish large (billion parameter) language models that have been trained on private datasets.

Internet 360

Internet Internet Cybersecurity 360

Jane Frankland

JANUARY 7, 2021

Every year, around this time, I start to reflect. Chances are, you do too. Most people are starting to think about what they want for the coming year. They’re setting goals, getting clear on what they want to resolve, and embracing fresh starts and new ways of being. Personally, I love taking time between Christmas and New Year, or maybe even a little time beyond it, like I’m doing now, to think about the progress I’ve made, the lessons I’ve learnt, and what I want to accomplish in the year ahea

CISO 189

CISO Cybersecurity Education Banking 189

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 7, 2021

People with experience in application development security are in the highest demand but cloud expertise commands the biggest paycheck.

Cybersecurity 218

Cybersecurity 218

Threatpost

JANUARY 7, 2021

Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

143

143

Security Affairs

JANUARY 7, 2021

The U.S. government is going to launch the ‘Hack the Army 3.0’ bug bounty program in collaboration with the HackerOne platform. The U.S. government launched Hack the Army 3.0, the third edition of its bug bounty program, in collaboration with the HackerOne platform. The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform.

Hacking 128

Hacking Government Cybersecurity Information Security 128

Tech Republic Security

JANUARY 7, 2021

We'll guide you through the process of using Homebrew package manager to install security tools on macOS to assess vulnerabilities and the security posture of the devices on your network.

140

140

Security Affairs

JANUARY 7, 2021

The Ryuk ransomware had a disruptive impact on multiple industries around the world, operators already earned more than $150 million. The Ryuk ransomware gang is one of the most prolific criminal operations that caused destruction in multiple industries around the world. According to a joint report published by security firms Advanced-intel and HYAS, Ryuk operators already earned more than $150 million worth of Bitcoin from ransom paid by their victims.

Ransomware 124

Ransomware Cryptocurrency Antivirus Banking 124

Tech Republic Security

JANUARY 7, 2021

We'll guide you through the process of using Homebrew package manager to install security tools on macOS to exploit vulnerabilities found in your Apple equipment.

127

127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JANUARY 7, 2021

An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack. Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could be exploited by attackers to hack into corporate networks.

Hacking 124

Hacking Firewall Technology Information Security 124

Threatpost

JANUARY 7, 2021

In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.

Software 145

Software 145

WIRED Threat Level

JANUARY 7, 2021

Wednesday's insurrection could have exposed congressional data and devices in ways that have yet to be appreciated.

131

131

Dark Reading

JANUARY 7, 2021

While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.

Spyware 141

Spyware Media 141

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Veracode Security

JANUARY 7, 2021

Over the past several years, there have been many changes to software development and software security, including new and enhanced application security (AppSec) scans and architectural shifts like serverless functions and microservices. But despite these advancements, our recent State of Software Security (SOSS) report found that 76 percent of applications have security flaws.

Software 98

Software CISO Architecture Data breaches 98

Dark Reading

JANUARY 7, 2021

Zero-day vulns are cold, while access-as-a-service is hot. Here's how black market (and gray market) deals go down.

Marketing 127

Marketing 127

Trend Micro

JANUARY 7, 2021

In past cryptocurrency mining attacks, malicious shell scrips were typically used as downloaders. However, recent cases show that they now serve other purposes such as stealing sensitive data.

Cryptocurrency 98

Cryptocurrency Cyber threats 98

We Live Security

JANUARY 7, 2021

Many users have until February 8 to accept the new rules – or else lose access to the app. The post WhatsApp updates privacy policy to enable sharing more data with Facebook appeared first on WeLiveSecurity.

Media 98

Media 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CompTIA on Cybersecurity

JANUARY 7, 2021

Leaders of CompTIA's new Cybersecurity Advisory Council were asked what their goals were for 2021 and what cyber trends CompTIA members—and all tech companies—should follow in the new year. Here’s what they had to say.

Cybersecurity 94

Cybersecurity 94

Threatpost

JANUARY 7, 2021

The messaging platform will update its privacy platform on Feb. 8 to integrate further with its parent company, prompting users to cry foul over privacy issues.

137

137

Dark Reading

JANUARY 7, 2021

CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.

Government 105

Government 105

Threatpost

JANUARY 7, 2021

Despite being a mostly run-of-the-mill ransomware strain, Babuk Locker's encryption mechanisms and abuse of Windows Restart Manager sets it apart.

Ransomware 105

Ransomware Encryption Malware Hacking 105

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

JANUARY 7, 2021

Experts spotted the RokRat Trojan being used by North Korea-linked threat actors in attacks aimed at the South Korean government. On December 7 2020 researchers from Malwarebytes uncovered a campaign targeting the South Korean government with a variant of the RokRat RAT. The experts found a malicious document uploaded to Virus Total related to a meeting request dated 23 Jan 2020, a circumstance that suggests the attack took place a year ago.

Government 86

Government Phishing Encryption Malware 86

Dark Reading

JANUARY 7, 2021

Activists behind Distributed Denial of Secrets has shared 1TB of data pulled from Dark Web sites where it was shared by ransomware attackers.

Ransomware 102

Ransomware 102

Threatpost

JANUARY 7, 2021

A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.

Healthcare 90

Healthcare Cybersecurity Hacking 90

Dark Reading

JANUARY 7, 2021

Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.

Technology 96

Technology Cybersecurity 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

McAfee

JANUARY 7, 2021

This post was also written by Darragh McMahon. At McAfee, we adhere to a set of core values and principles – We Put the Customer at The Core, We Achieve Excellence with Speed and Agility, We Play to Win or We Don’t Play, We Practice Inclusive Candor and Transparency. And reaching the ISO 27701 enshrines all of these values. For those who are not familiar with it, the ISO 27701 is the industry leading certification for information security & privacy management.

Data privacy 71

Data privacy Backups Risk Media 71

Dark Reading

JANUARY 7, 2021

Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.

129

129

Graham Cluley

JANUARY 7, 2021

The cybercrime gang behind the PYSA ransomware has released files which they claim to have stolen from the London borough council of Hackney during an attack last year.

Ransomware 62

Ransomware Cybercrime Data breaches Malware 62

Threatpost

JANUARY 7, 2021

Provide your views on ransomware and how to deal with it in our anonymous Threatpost poll.

Ransomware 80

Ransomware Cyber Insurance Insurance Healthcare 80

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.