Troy Hunt
FEBRUARY 16, 2021
As I progressively make my house smarter and smarter , I find I keep butting against the intersection of where smart stuff meets dump stuff. Take light globes, for example, the simplest circuit you can imagine. Pass a current through it, light goes on. Kill the current, light goes off. We worked that out back in the 19th century and everything was fine. until now.
Schneier on Security
FEBRUARY 16, 2021
Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner. It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. But a December 2020 update included some new features: However, a rash of malicious activity was recently traced back to the app. Users began noticing something weird going on with their phones: their default browsers kept getting hijacked and redirected to random advertisements,
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
FEBRUARY 16, 2021
Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.
CyberSecurity Insiders
FEBRUARY 16, 2021
Pfizer company that has produced a life saving vaccine to counter the spread of Corona Virus is back in news. The intelligence committee, funded by South Korea’s National Assembly, has revealed that a cyber attack launched on Pfizer at the end of last year was launched by North Korean hackers to steal the intelligence of vaccine research that was co-sponsored by BioNTech.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
FEBRUARY 16, 2021
A panel of experts considers the best methods for safe domestic and international air travel including proof of testing, vaccination passports, and digital health passes.
CyberSecurity Insiders
FEBRUARY 16, 2021
An Interview with Joe Green, Netskope. Key takeaways. There are risks associated with a remote workforce and the at-home use of business devices and IoT devices, but the right tools are available now to continuously manage these risks. There is an ongoing increase in cloud-delivered malware, and more data loss via cloud file sharing, hosting, and email.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 16, 2021
Spyware activity spiked in 2020, and the malware-as-a-service business model got more sophisticated.
CSO Magazine
FEBRUARY 16, 2021
Ransomware has a long history , dating back to the late 1980s. Today, it’s generating billions of dollars in revenue for the criminal groups behind it. Victims incur recovery costs even if they pay the ransom. Sophos reports that the average cost of a ransomware attack in 2020 was nearly $1.5 million for victim organizations that paid ransoms and about $732,000 for those that didn’t.
Security Boulevard
FEBRUARY 16, 2021
Automation is making waves in many industries worldwide and encompasses a wide range of technologies including endpoint management, robotic process Read More. The post The Evolution of Automation Technologies appeared first on Kaseya. The post The Evolution of Automation Technologies appeared first on Security Boulevard.
CyberSecurity Insiders
FEBRUARY 16, 2021
SolarWinds hack seems to be a never-ending saga, as Microsoft President Brad Smith has made a new revelation yesterday stating over 1000 hackers could have been involved in the attack that questioned the security of the entire federal computer system by experts. Smith, who commented on the issue during the CBS 60 minute program over the weekend, stated that the attack could have been the largest and most sophisticated in the entire history of United States.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
FEBRUARY 16, 2021
Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot. [.].
Security Boulevard
FEBRUARY 16, 2021
Over the past year, like many industries, the financial sector has faced a range of both challenges and opportunities, leading to a decade’s worth of digital transformation in 12 short months. From internal requirements that demanded secure yet efficient access for remote workforces, to external pressures such as the rise of cashless payments and other forms of frictionless financial processes, the pandemic required banks to examine and overhaul many of their processes.
Bleeping Computer
FEBRUARY 16, 2021
Microsoft has pulled a problematic Windows servicing stack update (SSU) after blocking Windows 10 and Windows Server customers from installing the security updates released during this month Patch Tuesday. [.].
Hot for Security
FEBRUARY 16, 2021
Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns. Hackers could trigger ‘fake earthquakes,’ affecting emergency and economic responses to a seismic event, and generate mistrust in seismic technology among the population, the researchers say. Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, according to Michael Samios of the Natio
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
FEBRUARY 16, 2021
As dating apps experience a boom amid COVID-19, losses to romance scams soar too. The post Romance scams in 2020: Breaking hearts, wallets – and records appeared first on WeLiveSecurity.
Hot for Security
FEBRUARY 16, 2021
An unsecure database owned by webcam app Adorcam has exposed thousands of user accounts, according to security researcher Justin Paine. Adorcam is a specialized app built for P2P IP webcams, allowing iPhone and Android users to control and watch livestream videos from their home by entering their camera ID and password. The leaky database, discovered on an ElasticSearch server last month, included 124 million rows of customer data.
Security Affairs
FEBRUARY 16, 2021
Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to expose a local development server to the Internet, the server appears to be hosted on a subdomain of ngrok (e
SC Magazine
FEBRUARY 16, 2021
MITRE Corporation headquarters in McLean, Virginia. (Antony-22, CC BY-SA 4.0 [link] , via Wikimedia Commons). A recent study of 10 organizations found that, on average, rules and policies tied to security information and event management solutions, or SIEM, cover only 16 percent of the tactics and techniques listed in the MITRE ATT&CK framework.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
FEBRUARY 16, 2021
Last year, threat actors took advantage of the COVID-19 public health crisis in a way previously considered unimaginable, not only preying on uncertainty and fear during the initial months of the global pandemic, but retooling attack methods, reneging on promises, strengthening malware, and extorting victims to the tune of $100 million—and that was without the threat of ransomware encryption.
CyberSecurity Insiders
FEBRUARY 16, 2021
2021 Research Highlights Growing Security Vulnerabilities Around Targeted Social Engineering, Ransomware and Malware Attacks. Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced a new study that examines hidden vulnerabilities found in enterprise virtual private networks (VPNs) and spotlights the need for a zero-trust security approach to mitigate threats.
We Live Security
FEBRUARY 16, 2021
The Exaramel backdoor, discovered by ESET in 2018, resurfaces in a campaign hitting companies that use an outdated version of a popular IT monitoring tool. The post Attacks targeting IT firms stir concern, controversy appeared first on WeLiveSecurity.
Veracode Security
FEBRUARY 16, 2021
Cross-site request forgery ( CSRF , sometimes pronounced ???sea surf??? and not to be confused with cross-site scripting) is a simple yet invasive malicious exploit of a website. It involves a cyberattacker adding a button or link to a suspicious website that makes a request to another site you???re authenticated on. For example, a user is logged into their online banking platform which has poor security, and by clicking a ???
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
FEBRUARY 16, 2021
Palo Alto Networks today updated its Prisma Access cloud security platform to include a secure web gateway and self-healing capabilities, along with machine learning algorithms that can detect new security threats in real-time. In addition, the cloud-based management framework has been revamped to enable platform updates to be installed in real-time based on a set.
Naked Security
FEBRUARY 16, 2021
It's heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Here's what to do.
CyberSecurity Insiders
FEBRUARY 16, 2021
A quick look on a search engine for Cyber Fusion Center, and you’ll see that multiple cybersecurity companies have set up their own security divisions under this moniker. But when it comes to the very best Cyber Fusion Center, you need to look towards the one created by Interpol. What is a Cyber Fusion Center? What goes on inside? And what is Interpol doing with theirs?
Security Affairs
FEBRUARY 16, 2021
Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. The experts discovered that sending a sticker to a Telegram user could have exposed his secret chats, photos, and videos to remote attackers.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
FEBRUARY 16, 2021
Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support. [.].
Hot for Security
FEBRUARY 16, 2021
Privacy and safety are not a given when you connect to the digital world. No matter where you are or what device you use, your personal data is at risk when even the smallest security measure is overlooked. A virtual private network (VPN) provides anonymity and digital privacy by creating a secure and private tunnel between the user and the online destinations he visits.
The Hacker News
FEBRUARY 16, 2021
A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams.
Cisco Security
FEBRUARY 16, 2021
This post was authored by Frank Dickson , Program Vice President, Cybersecurity Products, IDC. The best kept secret in cloud workload security is that Cisco is number two in revenue market share according to IDC, just shy of $100 million in 2019 and almost certain to exceed $100 million in 2020 (please stay tuned). The reason for the “secret” is that the path that Cisco has taken is a bit atypical for Cisco.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
348 
Let's personalize your content