Schneier on Security
APRIL 21, 2021
Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the company warned.
The Last Watchdog
APRIL 21, 2021
Google was absolutely right to initiate a big public push a couple of years ago to make HTTPS Transport Layer Security (TLS) a de facto standard. Related: Malicious activity plagues the cloud services. At the time, in the spring of 2018, only 25 percent of commercial websites used HTTPS; today adoption is at 98 percent and rising. Far beyond just protecting websites, TLS has proven to be a linchpin of network-level communications across the board.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 21, 2021
Hackers claim to have infiltrated the networks of Quanta Computer Inc., which makes Macbooks and hardware for HP, Facebook and Google.
The Last Watchdog
APRIL 21, 2021
How do you bring a $9 billion-a-year, digitally-agile corporation to a grinding halt? Related: Why it’s vital to secure IoT. Ask Spotify. When the popular streaming audio service went offline globally, last August, we saw a glimpse of just how tenuous digital transformation sometimes can be. Someone reportedly forgot to renew Spotify’s TLS certificate.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
APRIL 21, 2021
IBM is working with numerous partners on its Digital Health Pass, which allows for easy sharing of health credentials such as a COVID-19 vaccine or test. IBM's general manager Jason Kelley shares the details.
Bleeping Computer
APRIL 21, 2021
Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The State of Security
APRIL 21, 2021
The last time you were in a library, or a bookstore, you probably noticed how quiet it was. This doesn’t mean that people weren’t excited, or downright celebrating, they were engaged in a different method of celebration; the kind that takes place between the covers of a good book. April 23rd marks the celebration of […]… Read More. The post World Book Day: Cybersecurity’s Quietest Celebration appeared first on The State of Security.
Security Boulevard
APRIL 21, 2021
Security leaders are increasingly turning to AI and ML-based defenses against cyberattacks as pessimism grows over the efficacy of human-based cybersecurity defense efforts. A recent survey from MIT Technology Review Insights, sponsored by Darktrace, found more than half of business leaders think security strategies based on human-led responses to fast-moving attacks are failing; nearly all.
CSO Magazine
APRIL 21, 2021
Faced with increasing payouts and a likely storm of litigation around the recent SolarWinds and Microsoft Exchange server compromises, cyber insurers are facing an “existential battle” for their future, a leading cybersecurity researcher and privacy consultant has warned. Likewise, businesses are grappling with whether to get cyber insurance, over doubts about payouts if attacked from the conflicted cyber insurance industry.
Security Boulevard
APRIL 21, 2021
Each week Breach Clarity, recently acquired by Sontiq, compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the. The post Breach Clarity Weekly Data Breach Report: Week of April 19 appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
APRIL 21, 2021
Security firm launches 18-question test to measure what employees think of security practices and how comfortable they are with calling out possible risks.
Security Boulevard
APRIL 21, 2021
According to a recent Crunchbase report, 2020 was a record year for cybersecurity investments, with more than $7.8 billion invested in the industry globally. The pandemic accelerated digital transformation for many companies, forcing organizations to increase the interconnectivity of their assets and move more business activities to the cloud. This, in turn, has created a.
We Live Security
APRIL 21, 2021
The update patches a total of seven security flaws in the desktop versions of the popular web browser. The post Google rushes out fix for zero‑day vulnerability in Chrome appeared first on WeLiveSecurity.
Bleeping Computer
APRIL 21, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
APRIL 21, 2021
A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages. A WhatsApp malware dubbed WhatsApp Pink has now been updated, authors have implemented the ability to automatically respond to victims’ Signal, Telegram, Viber, and Skype messages. WhatsApp Pink is a fake app that was first discovered this week, it poses as a “pink” themed version of the legitimate app.
Bleeping Computer
APRIL 21, 2021
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives. [.].
CSO Magazine
APRIL 21, 2021
Expect nation-state-sponsored threats to intensify in the coming two decades, according to two new reports released in the first half of April by United States intelligence agencies. Competitive and adversarial relations with China, Russia, Iran, and North Korea percolate to the top, while global issues like the pandemic and economic migration will strain governments around the world, including the US. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building
Bleeping Computer
APRIL 21, 2021
?The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
APRIL 21, 2021
Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriend’s Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new. In this case, we have what’s fast becoming a fairly standard tale of tracking people down via online imagery.
Bleeping Computer
APRIL 21, 2021
Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal. [.].
Threatpost
APRIL 21, 2021
CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.
Trend Micro
APRIL 21, 2021
We found a botnet malware campaign targeting Linux systems, abusing the Tor network for proxies, and exploiting cloud infrastructure management tools for intrusion.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Google Security
APRIL 21, 2021
Posted by Krish Vitaldevara, Director of Product Management Trust & Safety, Google Play Providing safe experiences to billions of users and millions of Android developers has been one of the highest priorities for Google Play for many years. Last year we introduced new policies, improved our systems, and further optimized our processes to better protect our users, assist good developers and strengthen our guard against bad apps and developers.
Security Boulevard
APRIL 21, 2021
Cybercriminals are using big data technology to make money from data obtained on the Chinese-language underground. Quelle surprise. An analysis of open source information and data drawn from a variety of closed forums showed a cycle that included multiple layers of cybercriminals, the use of insider information and unwitting victims, according to researchers at Intel.
The Hacker News
APRIL 21, 2021
Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild.
CSO Magazine
APRIL 21, 2021
Red Canary recently unveiled its 2021 Threat Detection Report. Included in the report is a mapping of many of the top cyberattack techniques to the MITRE ATT&CK framework. The findings presented by Red Canary researchers underscore the need to fully understand your network. Take the time to monitor what is normal in your firm. Review and document what scripts are used on a regular basis and what event IDs are thrown off in the event logs , especially those relevant to the most used attack te
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
APRIL 21, 2021
Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact.
Security Boulevard
APRIL 21, 2021
Do your customers know about your compliance efforts and trust your organization’s ability to keep their data safe? Read More. The post How to Communicate Your Security and Compliance Posture to Build Trust With Customers appeared first on Hyperproof. The post How to Communicate Your Security and Compliance Posture to Build Trust With Customers appeared first on Security Boulevard.
CyberSecurity Insiders
APRIL 21, 2021
This blog was written by an independent guest blogger. Software as a service (SaaS) is one of the most important parts of the modern digital business. Unfortunately, when it comes to cybercrime, it can also be one of the weakest. The Cybersecurity newsletter, The Hacker News, have highlighted this in detail, noting interest from across the digital industry in addressing the holes created by misconfigured SaaS setups.
TrustArc
APRIL 21, 2021
Validations Confirm Company’s Status as a Privacy-Forward Organization ZoomInfo, a global leader in go-to-market (GTM) intelligence solutions, has announced that it has attained a pair of important privacy validations that demonstrate its policies are in line with the strictest privacy regulations in the world. With the General Data Protection Regulation (GDPR) Practices Validation and California […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
313 
Let's personalize your content