Schneier on Security
DECEMBER 9, 2021
Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently.) So Google is also suing the botnet’s operators. It’s an interesting strategy. Let’s see if it’s successful.
Tech Republic Security
DECEMBER 9, 2021
Cyberattackers use artificial intelligence, so why not apply it as a defense? One expert explains why AI can take your cybersecurity to the next level of protection.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Acunetix
DECEMBER 9, 2021
In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we’d like. Read more. The post How Acunetix addresses HTTP/2 vulnerabilities appeared first on Acunetix.
Tech Republic Security
DECEMBER 9, 2021
The number of new security flaws recorded by NIST has already surpassed the total for 2020, the fifth record-breaking year in a row.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 9, 2021
A botnet tracked as Dark Mirai spreads by exploiting a new vulnerability affecting TP-Link TL-WR840N EU V5 home routers. Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” reads the description for the CVE-20
Tech Republic Security
DECEMBER 9, 2021
Attackers can capitalize on a feature in Outlook that makes spoofed messages appear legitimate, says email security provider Avanan.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
DECEMBER 9, 2021
It's the first year of major holiday travel in the post-pandemic remote work world. Here's what businesses can do to protect themselves from elevated holiday cybersecurity risks.
Bleeping Computer
DECEMBER 9, 2021
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments. [.].
Tech Republic Security
DECEMBER 9, 2021
Need to lock down that Linux server so certain remote users can only access a specific directory and only for file upload and download purposes? Jack Wallen shows you how.
Security Boulevard
DECEMBER 9, 2021
Startups may think they can postpone implementing a cloud security program but should in fact take early action - here’s why, and easy steps for doing so. The post How to Start Up Your Cloud Security appeared first on Ermetic. The post How to Start Up Your Cloud Security appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
DECEMBER 9, 2021
You don't have to blow your budget or spend a lot of time going back to school to train for a new career, when you can learn all you need to know to fight cybercrime from a handful of courses.
We Live Security
DECEMBER 9, 2021
Oh snap! This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder. The post SnapHack: Watch out for those who can hack into anyone’s Snapchat! appeared first on WeLiveSecurity.
Dark Reading
DECEMBER 9, 2021
Volume of traffic associated with the malware is now back at 50% of the volume before law enforcement took the botnet operation down in January 2021, security vendor says.
CyberSecurity Insiders
DECEMBER 9, 2021
Lloyd’s of London Insurance, simply known as Lloyd’s Insurance, has released a media update that it will no longer cover losses that were incurred because of cyber wars among nations. The company was also specific in its statement that its latest decision will also not cover damages incurred because of operational disruption caused by attacks on critical infrastructure.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
DECEMBER 9, 2021
At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices. The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S.
Malwarebytes
DECEMBER 9, 2021
Skimmers and other threat actors are backdooring websites, and WordPress instances in particular, according to a recently released report. Researchers at Sucuri say attackers have developed methods to make sure that their grip on the infected site is not easily removed by applying the next update. They create a backdoor for themselves so they can easily take back control and insert their own code.
CSO Magazine
DECEMBER 9, 2021
VMware has launched VMware Carbon Black Cloud Managed Detection and Response (MDR), designed to help enterprises with understaffed SOCs (Security Operation Center) fill the gaps arising from rapidly evolving threat landscapes. With a mission statement from VMware that promises to go beyond monitoring threats and validating alerts in order to gain visibility and understanding into various threat environments, the newly launched MDR offers round-the-clock monitoring, alert triage, and threat analy
Malwarebytes
DECEMBER 9, 2021
An attempt at a simple definition: a search engine is a software system that allows users to find content on the Internet based on their input. The introduction of the major search engines brought about huge changes in the way we use the Internet. There is a wealth of knowledge available for those that know where to look. One search engine has become such an important factor of our online life that to google has become an accepted verb.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
DECEMBER 9, 2021
Security researchers from Eclypsium have developed a tool that enterprise administrators can use to scan their corporate networks or their remote employees' home networks for unpatched MikroTik routers that have been continuously abused in recent years by different cybercriminal groups. MikroTik is a Latvian company that manufactures networking devices for the home, business and ISP markets around the world.
eSecurity Planet
DECEMBER 9, 2021
We make IT, security, or any business decision by weighing the risks and the rewards. What investments can we make to drive down costs or increase sales? Or as is often the case with security, what costs can we skip and still escape big penalties later? Unfortunately for those of us indulging in wishful thinking, the likelihood and costs of data breaches continue to increase.
Bleeping Computer
DECEMBER 9, 2021
Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users' protected files. [.].
SecureList
DECEMBER 9, 2021
Introduction. In this study, we analyzed how long phishing pages survive as well as the signs they show when they become inactive. In addition to the general data, we provided a number of options for classifying phishing pages according to formal criteria and analyzed the results for each of them. The resulting data and conclusions could be used to improve mechanisms for re-scanning pages which have ended up in anti-phishing databases, to determine the response time to new cases of phishing, and
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
DECEMBER 9, 2021
The botnet known as Dark Mirai (aka MANGA) has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017. [.].
Security Boulevard
DECEMBER 9, 2021
We’re facing an application cybersecurity crisis. Today, we’re shipping code faster than we can secure it and that’s left criminals with an offensive advantage. The fix? Move to a more autonomous application security pipeline. You can build an autopilot for appsec, but it won’t be by using the same old tech you currently use. We. The post Record-Breaking Zero-Days Require New Approach appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 9, 2021
?Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktop. [.].
Security Boulevard
DECEMBER 9, 2021
While consumers always run the risk of purchasing holiday gifts that are unwanted, interconnected smart devices are posing new problems – namely ones that affect the privacy of friends and loved ones. The post Hacked Toys: The New Christmas Threat appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
DECEMBER 9, 2021
Microsoft Defender for Business, a new endpoint security solution specially built for small and medium-sized businesses (SMBs), is now rolling out in preview worldwide. [.].
Malwarebytes
DECEMBER 9, 2021
If you’re job hunting at the moment, be on your guard. The pandemic is still around. Lots of people are in need of employment. Scammers are all too happy to string folks along with bogus employment offers, as is the case here. How have they managed to snare prospective job hunters? Riding on the coat-tails of giants. Nefarious individuals have been stringing would-be employees along using fake interviews.
Threatpost
DECEMBER 9, 2021
E-commerce's proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale.
Bleeping Computer
DECEMBER 9, 2021
Fujitsu says the attackers behind the May data breach used a vulnerability in the company's ProjectWEB information-sharing tool to steal accounts from legitimate users and access proprietary data belonging to multiple Japanese government agencies. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
314 
Let's personalize your content