Schneier on Security
APRIL 13, 2021
News : President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD). I know them both, and think they’re both good choices. More news.
Krebs on Security
APRIL 13, 2021
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
APRIL 13, 2021
The second Tuesday of April has been christened “ Identity Management Day ” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses. Related: The role of facial recognition. Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities.
Security Boulevard
APRIL 13, 2021
Familiarising With The Term Cyber Security You must have heard of the word cyber security, making headlines in the news, internet, social media, The post 5 Major Reasons for “Why is Cyber Security Important?” appeared first on Kratikal Blog. The post 5 Major Reasons for “Why is Cyber Security Important?” appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Hot for Security
APRIL 13, 2021
Company hit with ransomware was unable to deliver food to supermarkets Firm’s director says he suspects hackers exploited Microsoft Exchange Server flaw. Shoppers at Dutch supermarkets may have noticed that some cheeses were in short supply last week, and it was cybercriminals who are to blame. Branches of Albert Heijn, the largest supermarket chain in the Netherlands, suffered from food shortages after a ransomware attack hit food transportation and logistics firm Bakker Logistiek over th
SecureList
APRIL 13, 2021
While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Graham Cluley
APRIL 13, 2021
Many Facebook users think they only have to worry about the data that they personally share about themselves on Facebook, by posting messages on the site, connecting with their friends, and liking posts. But the truth is that Facebook knows much more about you than that, by collecting data from your activities off-site as well.
Security Boulevard
APRIL 13, 2021
Over the weekend, Sonatype spotted a rather unique malware sample published to the npm registry, within a day of its release on npm. The post Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt appeared first on Security Boulevard.
The Hacker News
APRIL 13, 2021
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim.
Bleeping Computer
APRIL 13, 2021
A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
APRIL 13, 2021
A majority of the open source codebases found in commercial applications analyzed by Synopsys contained security vulnerabilities.
Bleeping Computer
APRIL 13, 2021
Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. [.].
Tech Republic Security
APRIL 13, 2021
Cloud-based user accounts were hit by almost 3.1 million external cyberattacks throughout the year, according to McAfee.
CyberSecurity Insiders
APRIL 13, 2021
Companies of all sizes need clear and cohesive security visibility over every aspect of their organization. As data and assets are trending to mobile, it’s critical to be equipped with the right tools to gain insights on mobile devices and users on the endpoints and mitigate threats whenever needed. Collecting threat data from mobile devices and discovering mobile assets on the network is a core requirement to help detect malicious activity.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CSO Magazine
APRIL 13, 2021
Organizations—especially large companies—often don't learn about an intrusion or breach of their systems until an external party like a security researcher, law enforcement agency or business partner alerts them to it. The expanding range of attack methods, the growing use of open-source components, and the adoption of cloud services have significantly expanded the attack surface at many organizations and made it harder for security teams to discover breaches on their own.
Bleeping Computer
APRIL 13, 2021
Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won't be any easier, so please be nice to your IT staff today. [.].
Adam Shostack
APRIL 13, 2021
I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there’s a strong expectation that training involves whiteboards. (I remember one course in particular, about 15 minutes in, the buyer said: “Let’s get to the whiteboards already!”). And there’s no doubt: people learn by doing.
Bleeping Computer
APRIL 13, 2021
A new malicious package been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems for its recon activities. The malicious package is called "web-browserify." It imitates the popular Browserify npm component, downloaded over 160 million times over its lifetime. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Webroot
APRIL 13, 2021
Ransomware attacks generate big headlines when the targets are government entities, universities and healthcare organizations. But there’s one increasingly frequent target of ransomware attacks that tends to slip under the radar. Small and midsize businesses (SMBs) have become bigger financial targets for hackers. As Webroot Senior Threat Researcher Kelvin Murray points out in a recent Hacker Files podcast , the SMB sector has become a cash cow for cybercriminals.
We Live Security
APRIL 13, 2021
An attacker can lock you out of the app using just your phone number and without requiring any action on your part. The post WhatsApp flaw lets anyone lock you out of your account appeared first on WeLiveSecurity.
CyberSecurity Insiders
APRIL 13, 2021
Broadcom Inc has announced that it will move its security offerings acquired through Symantec onto Google Cloud Platform (GCP). Tom Krause, the President of Broadcom Software Group confirmed the news and stated that the rest of the security offerings that were hosted in the data center will be moved to GCP by this year end. First, Symantec Web Security Service (WSS) and Cloud Access Security Broker (CASB) are expected to be moved to GCP and later the company is intending to offer its services su
Malwarebytes
APRIL 13, 2021
A US diplomatic mission in Nigeria warns of a visa scam affecting Nigerian citizens looking to move to the United States. It’s an old scam message, dressed up with a fresh coat of paint. Shall we take a look? Fraud Alert! Scammers and fraudsters are circulating a fake “press release” claiming to offer a new type of work visa to Nigerian citizens aged 40-55.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
APRIL 13, 2021
The world of cybersecurity is constantly evolving with new types of attacks and vulnerabilities being discovered and exploited all the time. With the amount of potential threats and the ever growing quantities of data, there has been a significant increase in use of automated machine learning methods as an integral part of cybersecurity solutions. These models play important roles in network anomaly detection, malware detection and classification, spam detection and more.
Bleeping Computer
APRIL 13, 2021
Capcom has released a new update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. [.].
CyberSecurity Insiders
APRIL 13, 2021
By Brian Schwarz. As organizations extend their business-critical applications into cloud environments, the attack surface they’re defending evolves. At one point, organizations’ primary concern was maintaining a well-defined network perimeter, however, in today’s world organizations are likely dealing with multiple public clouds in addition to a private data center footprint, and applications.
The Hacker News
APRIL 13, 2021
In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Identity IQ
APRIL 13, 2021
Check scams are staging a comeback as criminals continue to seize on the confusion the COVID-19 pandemic has created in people’s lives and finances. Recently, Wells Fargo sent a message to bank customers warning them to be on the lookout for check scammers. One age group in particular – the 18 to 24 group – is especially vulnerable because they aren’t as familiar with what to look for in a check anymore.
CyberSecurity Insiders
APRIL 13, 2021
Google Chrome seems to have taken data privacy seriously as it is ditching its usual cookies technology to be replace it by FloC technology. The technology has already been rolled to some chrome users (say 0.5%) from the first week of April this year and news is out that the services were offered to every 1 in every 200 people from countries such as India, United States, Japan, Indonesia, Mexico, New Zealand, Philippines, Australia and Canada leaving UK populace because of GDPR.
Security Boulevard
APRIL 13, 2021
Pen-testers offer several types of pen-tests such as white, grey, and black box penetration testing. However, cutting through the jargon and finding the right one from among the different types. The post What is Black Box, Grey Box, and White Box Penetration Testing? appeared first on Indusface. The post What is Black Box, Grey Box, and White Box Penetration Testing?
Hot for Security
APRIL 13, 2021
Last Thursday, a Wichita Falls resident was arrested for allegedly attempting to bomb an AWS data center in Virginia. According to the US Department of Justice (DOJ), 28-year Seth Aaron Pendley was detained after a concerned citizen alerted authorities to disturbing statements posted on the MyMilitia.com forum. On March 31, with the help of a confidential source, Pendley got in touch with an FBI agent posing as an explosives dealer.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
309 
Let's personalize your content