Schneier on Security
AUGUST 6, 2021
Fascinating research: “ Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information.
Troy Hunt
AUGUST 6, 2021
I'm back in the office this week and back to decent audio and video quality. There's loads of bits and pieces happening as evidence by almost an entire hour disappearing in this week's vid, ranging from problems with tradies (tradespeople), more lockdown, stats on some projects and then this week's blog post, 3D printing with my 9-year old daughter Elle.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 6, 2021
It’s sold out , but the pictures are cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Tech Republic Security
AUGUST 6, 2021
Now patched by Amazon, security vulnerabilities found by Check Point would have given attackers access to a Kindle device and its stored data.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
AUGUST 6, 2021
By Natalie Hays, Mailgun by Pathwire. Phishing is pretty awful, whether you fall for a phishing attempt or have phishers pose as you. But how does phishing really happen and, even more importantly, how do you protect yourself? The first 48 hours – phishing edition. Phishing starts with well… the phishing. Someone sends out the attempt, sometimes posing as us, sometimes as a long-lost relative who just got a massive sum of money from an inheritance.
Tech Republic Security
AUGUST 6, 2021
The scam messages try to convince you to enter your Social Security number and other personal info at a website masquerading as your state's workforce agency.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 6, 2021
Spam as a share of global mail traffic rose, and attackers have started to adapt their scams to other languages to reach wider audiences.
Heimadal Security
AUGUST 6, 2021
Conti Ransomware operation is known as a ransomware-as-a-service (RaaS). As thoroughly explained by Vladimir, Ransomware-as-a-Service is an illicit ‘parent-affiliate(s)’ business infrastructure, in which operators give tools to affiliates with the goal of carrying out ransomware attacks. A security researcher recently shared a forum post that was created by an angry Conti affiliate.
CyberSecurity Insiders
AUGUST 6, 2021
Gangs spreading LockBit ransomware are reportedly bribing employees of corporate companies to enter their computer network and compromise it with file encrypting malware. And in return, the employees are being offered millions of dollars as bribe in the form of either cryptocurrency, such as BTC or a holiday package for a month on a cruise or at a scenic destination.
Graham Cluley
AUGUST 6, 2021
Apple announces its plan for detecting child sexual abuse images on users' iPhones and Macs. But it's unlikely to be welcomed by those who hold privacy close to their hearts.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
AUGUST 6, 2021
Data protection company delivers deep visibility into – and flexible controls over – Microsoft’s enterprise collaboration platform to reduce the risk of sensitive data loss. . Digital Guardian , a leader in data loss prevention (DLP) and managed detection and response (MDR), today announced the availability of its endpoint DLP visibility and security controls for Microsoft Teams.
Bleeping Computer
AUGUST 6, 2021
?Taiwanese motherboard maker Gigabyte has suffered a RansomEXX ransomware attack where threat actors threaten to release 112 GB of data if a ransom is not paid. [.].
CyberSecurity Insiders
AUGUST 6, 2021
According to most studies, most people use VPNs for personal reasons instead of using them for business purposes alone. VPNs allow tremendous liberty when it comes to network and data protection and, as such, are necessary for every internet consumer, business, and entertainment alike. Using VPNs comes with many benefits and should be something that most users should take advantage and put to use.
We Live Security
AUGUST 6, 2021
ESET researchers publish a white paper putting IIS web server threats under the microscope. The post Anatomy of native IIS malware appeared first on WeLiveSecurity.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CSO Magazine
AUGUST 6, 2021
Jen Easterly, the freshly installed head of the Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA), unveiled yesterday a new federal initiative called the Joint Cyber Defense Collaborative (JCDC) which has been structured to help lead the development of the country’s cyber defense plans. The JCDC aims to bring together the public and private sectors in a joint planning capacity to tackle cyber readiness and threats. [ Learn 12 tips for effectively p
Security Affairs
AUGUST 6, 2021
VMware has addressed a critical vulnerability that affects multiple products that could be exploited to gain access to confidential information. VMware has released security updates to address multiple flaws in its products, including a critical issue that could allow an attacker to access confidential information. A couple of vulnerabilities tracked as CVE-2021-22002 and CVE-2021-22003, impact Workspace One Access (Access), Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, a
Threatpost
AUGUST 6, 2021
The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.
Bleeping Computer
AUGUST 6, 2021
In a Thursday security advisory update, Cisco revealed that a remote code execution (RCE) vulnerability in the Adaptive Security Device Manager (ADSM) Launcher disclosed last month is a zero-day bug that has yet to receive a security update. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
We Live Security
AUGUST 6, 2021
ESET research dissects IIS web server threats – How IIStealer steals credit card data – The flood of spam in your inbox. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Bleeping Computer
AUGUST 6, 2021
A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks. [.].
The Hacker News
AUGUST 6, 2021
Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S.
Webroot
AUGUST 6, 2021
A cyber resilience strategy. “I have used a lot of different security products over the years, and I get approached by a lot of vendors,” says Pedro Nuñez. As president and CEO of New England based MSP IT Management Solutions, Nuñez is always on the lookout for products that go beyond just a traditional security operations center. That’s what lead him to work with Webroot® Business Endpoint Protection.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
AUGUST 6, 2021
The Internet has been on fire since the August 4 discovery (disclosed publicly by Mathew Green ) that Apple will be monitoring photos uploaded to iCloud for child sexual abuse material (CSAM). Some see this as a great move by Apple that will protect children. Others view this as a potentially dangerous slide away from privacy that may not actually protect children—and, in fact, could actually cause some children to come to harm.
Security Boulevard
AUGUST 6, 2021
In the summer of 2019, our researchers discovered a massive malicious campaign against telecommunications providers that we dubbed Operation Soft Cell. This week, our researchers revealed details of more pervasive attacks against telecommunications providers. The DeadRinger report reveals a cyber espionage campaign out of China targeting providers in Southeast Asia.
Security Affairs
AUGUST 6, 2021
Taiwanese manufacturer and distributor of computer hardware GIGABYTE was a victim of the RansomEXX ransomware gang. RansomEXX ransomware gang hit the Taiwanese manufacturer and distributor of computer hardware GIGABYTE and claims to have stolen 112GB of data. At the time of this writing, the leak site of the RansomEXX gang dosn’t include the company name, but BleepingComputer has learned that the attack was conducted by this ransomware gang.
Security Boulevard
AUGUST 6, 2021
A 911 call was placed by “neighbors” near Grand Rapids, Michigan when a black army veteran and his real estate agent toured a home for sale. The two suddenly found themselves surrounded by police pointing guns… with no cause. Thorne and his son were touring a home Sunday with real estate agent Eric Brown, who’s … Continue reading US Army Veteran Arrested for Being Black While Touring House for Sale ?.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
AUGUST 6, 2021
The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.
We Live Security
AUGUST 6, 2021
Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge? The post Black Hat 2021: Wanted posters for ransomware slingers appeared first on WeLiveSecurity.
Security Affairs
AUGUST 6, 2021
RansomEXX ransomware operators hit the popular Italian luxury fashion house Ermenegildo Zegna Holding and started leaking stolen files. Zegna is one of the most famous Italian luxury fashion houses. It was founded in 1910 by Ermenegildo Zegna in Trivero, Biella Province of the Piedmont region of Northern Italy. Ermenegildo Zegna Group is the largest menswear brand in the world by revenue.
CSO Magazine
AUGUST 6, 2021
Secure configurations are a key best practice for limiting an organization’s cyber vulnerabilities. Since applications, hardware, and technology systems typically ship with default settings, it’s important to review and implement recommended guidance. In this article, the Center for Internet Security (CIS) offers advice and best practices. Configure Systems Securely with the CIS Benchmarks.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
363 
Let's personalize your content