Krebs on Security
JANUARY 11, 2021
Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.
Schneier on Security
JANUARY 11, 2021
If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes: User phone numbers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 11, 2021
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
Security Affairs
JANUARY 11, 2021
Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
JANUARY 11, 2021
Fraudsters are quick to exploit current events for their own gain, but many schemes do the rounds regardless of what’s making the news. Here are 5 common scams you should look out for. The post 5 common scams and how to avoid them appeared first on WeLiveSecurity.
Security Affairs
JANUARY 11, 2021
American technology company Ubiquiti Networks is disclosed a data breach and is notifying its customers via email. American technology vendor Ubiquiti Networks suffered a data breach and is sending out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts. Ubiquiti, which makes a range of IoT gear (routers, locks, Web cams, NVRs) & has a cloud solution for managing those, just told customers to reset passwords/enable 2FA after discoverin
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 11, 2021
The source code for the ChastityLock ransomware that was used in attacks aimed at the users of the Qiui Cellmate adult toy is now publicly available. Recently a family of ransomware was observed targeting the users of the Bluetooth-controlled Qiui Cellmate chastity device. Qiui Cellmate made the headlines in October when the researchers at Pen Test Partners published a report that provides details about security vulnerabilities affecting them.
Threatpost
JANUARY 11, 2021
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.
Identity IQ
JANUARY 11, 2021
The start of a new year is a great time to reassess your financial health and implement habits that help positively impact your credit profile. Monitoring your credit report and identity is the best place to start your financial resolutions since it can have a ripple effect in other aspects of your life as the year goes on. This is especially true if you’ve got a big move coming up — and want to qualify for a lease or mortgage — or even if you simply want to open a cash-back credit card to earn
WIRED Threat Level
JANUARY 11, 2021
Security researchers have found links between the attackers and Turla, a sophisticated team suspected of operating out of Moscow’s FSB intelligence agency.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
JANUARY 11, 2021
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.
Threatpost
JANUARY 11, 2021
The release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for.
Graham Cluley
JANUARY 11, 2021
The CEO of FireEye, the cybersecurity company hacked by a state-sponsored attack, received a postcard at his home mocking any claims that Russia might have been responsible.
Threatpost
JANUARY 11, 2021
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
JANUARY 11, 2021
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
Security Affairs
JANUARY 11, 2021
Researchers obtained gained access to the Git Repositories belonging to the United Nations, exposing staff records and credentials. The research group Sakura Samurai was able to access the repositories of the United Nations as part of the Vulnerability Disclosure Program and a Hall of Fame operated by the organization. The group, composed of Jackson Henry, Nick Sahler, John Jackson , and Aubrey Cottle, has identified an endpoint that exposed Git Credentials.
Dark Reading
JANUARY 11, 2021
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
The State of Security
JANUARY 11, 2021
In their attempt to extort as much money as quickly as possible out of companies, ransomware gang know some effective techniques to get the full attention of a firm's management team. And one of them is to specifically target the sensitive information stored on the computers used by a company's top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
JANUARY 11, 2021
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
SecureList
JANUARY 11, 2021
Introduction. On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo” FireEye did not link this activity to any known actor; instead, they gave it an unknown, temporary moniker – “UNC2452” This attack is remarkable from many poin
IT Security Guru
JANUARY 11, 2021
Cloud native technologies have the potential to truly change the way we access and secure applications, but the success of this relies on the people and processes in place to handle the roll out of these technologies. This requires appropriate leadership, and decision makers within an organisation who demonstrate robust cloud security leadership are more likely to see this filter down throughout the business.
Kali Linux
JANUARY 11, 2021
We have always worked to support the information security community as a whole, and over the years experimented with different ideas (some with a greater success than others). One of the key components to Kali is the tools included (either pre-installed or installed via apt). Joining together infosec professional/hobbyist and tool authors, today we are announcing another partnership: Kali has partnered with BC Security.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Digital Shadows
JANUARY 11, 2021
ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover: Post-holiday updates on. The post ShadowTalk Update: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More! first appeared on Digital Shadows.
The Security Ledger
JANUARY 11, 2021
Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based development account for the U.N. and lift data on more than 100,000 staff and employees, according to a report released Monday. The post Researchers Test UN’s Cybersecurity, Find Data on 100k appeared first. Read the whole entry. » Related Stories Podcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan Hunt Episod
ImmuniWeb
JANUARY 11, 2021
OWASP A1 (Injection) covers diversified injection vulnerabilities and security flaws including SQL and NoSQL injections, OS command injection and LDAP query manipulations.
Dark Reading
JANUARY 11, 2021
How two traditionally disparate security disciplines can be united.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecurityTrails
JANUARY 11, 2021
Brute force attacks defined, explained and explored in-depth with notable examples and best protection practices.
Dark Reading
JANUARY 11, 2021
Cloud provider hosting "certain" IT systems attacked, company says.
Joseph Steinberg
JANUARY 11, 2021
Government Issued identity documents (IDs), such as passports and drivers’ licenses, may be appropriate forms of authentication when presented in person, but we must stop trusting images of any such documents when they are utilized online. In fact, images of government issued IDs are commonly available on the dark web for purchase, trade, or even gratis – and it should be no surprise as to why.
Security Affairs
JANUARY 11, 2021
A U.S. court on Thursday sentenced the Russian hacker Andrei Tyurin to 12 years in prison for his role in an international hacking campaign. A U.S. court sentenced this week Andrei Tyurin (37) to 12 years in prison for carrying out an international hacking campaign that targeted several financial institutions, brokerage firms, financial news publishers, and other American companies.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
332 
Let's personalize your content