Schneier on Security
APRIL 14, 2021
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access.
Tech Republic Security
APRIL 14, 2021
From remote work and social media to ergonomics and encryption, TechRepublic has dozens of ready-made, downloadable IT policy templates.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
APRIL 14, 2021
This is a current list of where and when I am scheduled to speak: I’m keynoting the (all-virtual) RSA Conference 2021 , May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning (via Zoom), July 8-9, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. The list is maintained on this page.
Tech Republic Security
APRIL 14, 2021
There were more than 10 million DDoS attacks in 2020, driven by new attack vectors and new threat actors; most of the industries targeted were vital to life during the COVID-19 pandemic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Shostack
APRIL 14, 2021
On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going haywire on my Mac.
Tech Republic Security
APRIL 14, 2021
Investors pumped almost $8 billion into cybersecurity firms last year, according to Crunchbase.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
APRIL 14, 2021
The feds removed web shells that provided backdoor access to cybercriminals in a recent exploit of Microsoft Exchange.
The Hacker News
APRIL 14, 2021
Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack.
Tech Republic Security
APRIL 14, 2021
AWS customers will be able to connect their accounts to Securonix's AWS-hosted SaaS security software using what it calls a "bring your own cloud" model.
Security Boulevard
APRIL 14, 2021
On March 10 2021, Congress voted to spend $1 billion on improving government IT systems. While the $1 billion that was approved was markedly short of the $9 billion that was originally being pursued, this represents a step function increase for the Technology Modernization Fund (TMF), which had previously raised $150 million in total appropriations.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
SecurityTrails
APRIL 14, 2021
Today we'll show you one of the most misunderstood elements in bug bounty hunting: recon, and the different phases and elements you can find.
Heimadal Security
APRIL 14, 2021
On the 6th of April two plaintiffs, John Chu and Edward Baton, filed a lawsuit against Shopify Inc., Shopify USA Inc., Ledger SAS, and Ledger Technologies Inc., with the plaintiffs claiming that several users lost their cryptocurrency in phishing campaigns due to their personal data being leaked in a data breach that took place in […]. The post Shopify and Ledger Named in a New Class-Action Lawsuit Following Data Breach appeared first on Heimdal Security Blog.
Graham Cluley
APRIL 14, 2021
Should insurance companies be banned from helping companies pay ransomware demands? How has malware is messing with motorcars in the United States? And how are cybercriminals exploiting alcohol drinking during the pandemic? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley … Continue reading "Smashing Security podcast #223: Booze, nudes, and insurance dudes".
Heimadal Security
APRIL 14, 2021
In the first months of the year, researchers noticed a malicious email campaign spreading weaponized Office documents that was delivering QBot trojan, and changing the payload after a short while. Qbot, also known as “Qakbot” or “Pinkslipbot,” is a banking trojan active since 2007 that’s focusing on stealing user data and banking credentials. The malware […].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
APRIL 14, 2021
Authorities step in to thwart attacks leveraging the recently-disclosed Microsoft Exchange Server vulnerabilities. The post FBI removes web shells from compromised Exchange servers appeared first on WeLiveSecurity.
Bleeping Computer
APRIL 14, 2021
Google has released Chrome 90 today, April 14th, 2021, to the Stable desktop channel, and it includes security improvements, a new AV1 encoder, and the default protocol changed to HTTPS. [.].
Security Boulevard
APRIL 14, 2021
For decades, enterprise data encryption and effective key management were something most enterprises wanted to do but couldn’t — if they tried to do it at all. Only the largest of enterprises with the most mature security teams even attempted it. Fortunately, that’s now starting to change for the better. But this progress comes at. The post Enterprise Data Encryption Use Reaches Historic Highs appeared first on Security Boulevard.
Adam Shostack
APRIL 14, 2021
This is the second month running that MSAU2 on my Mac has gone haywire. Please fix it.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
APRIL 14, 2021
Your tax dollars at work: The FBI and NSA have been helping fix the mess caused by Microsoft Exchange hacking. The post YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs appeared first on Security Boulevard.
Digital Shadows
APRIL 14, 2021
Consistency is the first word that springs to mind when assessing ransomware activity throughout the Q1 of 2021. There have. The post Q1 Ransomware Roundup first appeared on Digital Shadows.
Tech Republic Security
APRIL 14, 2021
According to a new report, thieves are targeting the personal data of staff and students stored in the cloud.
Security Boulevard
APRIL 14, 2021
Digital Resilience is the New Digital Transformation KPI. michelle. Wed, 04/14/2021 - 08:58. Innovation and digital transformation rely on digital resilience to turn business disruption into revenue opportunities. Sharon Bell. Apr 14, 2021. With the massive market disruptions of the past year, organizations realized that digital processes, infrastructure, and applications require resilience to quickly respond to disruptions.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
APRIL 14, 2021
For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted. A new Chromium zero-day remote code execution exploit has been released on Twitter this week, kile the previous one that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.
SC Magazine
APRIL 14, 2021
For the first time in its 60-year history, the OECD offered policy guidelines for risk reduction through vulnerability management. Today’s columnists, Rayna Stamboliyska and Tarah Wheeler offer some insights on how the industry will respond. Credit: OECD/Victor Tonelli. For the first time in its history this past February, the Organization for Economic Cooperation and Development (OECD) offered policy guidelines for digital risk reduction through vulnerability management.
Security Affairs
APRIL 14, 2021
FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious code used by threat actors. A US judge granted the FBI the power to log into web shells that were injected by nation-state hackers on Microsoft Exchange servers across the US and remove the malware, announced the US Department of Justice. “Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computer
Threatpost
APRIL 14, 2021
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
APRIL 14, 2021
Lora Vaughn was at a crossroads -- and that was before mandated pandemic lockdowns came into play. Here's her story of how life got sweeter after she stepped away from the CISO job.
Security Boulevard
APRIL 14, 2021
LITTLETON, Mass, April 14, 2021 – CyGlass makes the case for a renewed focus on Network Detection and Response (NDR) as a foundational defensive component to stop ransomware and other targeted attacks in its new whitepaper titled “NDR SaaS: What it Can Do for You.” The paper contends that network defense technology deployed through software-as-a-service.
Malwarebytes
APRIL 14, 2021
A rather remarkable story has emerged, setting the scene for lively debates about permissible system access. A press release from the US Department of Justice Judge has revealed that the FBI were granted permission to perform some tech support backdoor removal. Bizarrely, they did this without letting the admins know beforehand. A campaign targeting vulnerable Exchange servers has left web shells scattered everywhere.
Graham Cluley
APRIL 14, 2021
A school janitor has lost her job, and she says it's because she refused to download a smartphone app that would track her location.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
356 
Let's personalize your content