Tech Republic Security
JANUARY 22, 2021
Cybersecurity bad actors are taking advantage of the COVID-19 pandemic and attacking businesses. Follow these best practices for protecting your organization before a security attack.
Troy Hunt
JANUARY 22, 2021
I'm back into a normal home routine and it's business as usual again. You know, stuff like data breaches, new tech toys and having your genitalia locked in an vulnerable IoT device and held for ransom. Just normal stuff like that ?? References Turing Tumble is a really neat game for kids (it's a "marble powered computer") I bought a LaMetric display (I'll probably plug that into an API to track HIBP subscriber signups) Imagine an IoT chastity belt. with a security vulnerability. that locks your
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 22, 2021
Worker's union Prospect warned that the UK was at risk of 'sleepwalking into a world of surveillance' as more businesses turn to digital tools to keep tabs on remote workers.
eSecurity Planet
JANUARY 22, 2021
A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. And that boom in devices shows no signs of stopping. In 2019, there were an estimated 9.9 billion Internet of Things (IoT) devices. By 2025, we expect 21.5 billion. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 22, 2021
Veteran Michael Kassner says former military personnel might know more about cybersecurity than employers think. Read about some of the skills veterans could bring to a cybersecurity job.
Anton on Security
JANUARY 22, 2021
From Google Cloud Blog: “New whitepaper: Designing and deploying a data security strategy with Google Cloud” Here is another very fun resource we created (jointly with Andrew Lance from Sidechain ), a paper on designing and running data security strategy on Google Cloud. Read our launch blog here ?—?a long excerpt is quoted below. Read Sidechain blog here ?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
JANUARY 22, 2021
Here’s how to spot scams where criminals use deceptive text messages to hook and reel in their marks. The post Why do we fall for SMS phishing scams so easily? appeared first on WeLiveSecurity.
Tech Republic Security
JANUARY 22, 2021
The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web.
CSO Magazine
JANUARY 22, 2021
Somewhere around 2015, the security industry adopted a new mantra, “cybersecurity is a boardroom issue.” This statement was supported by lots of independent research, business press articles, webinars, local events, and even sessions at RSA and Black Hat crowing about the burgeoning relationship between CISOs, business executives, and corporate boards.
Tech Republic Security
JANUARY 22, 2021
A punitive approach toward employees reporting data breaches intensifies problems.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JANUARY 22, 2021
Threat actors are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. Attackers are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. The Microsoft Remote Desktop Protocol (RDP) is a built-in service in Microsoft Windows operating systems that provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers.
Tech Republic Security
JANUARY 22, 2021
President Brad Smith said that national security is threatened by the industry's inability to learn lessons from the past.
CompTIA on Cybersecurity
JANUARY 22, 2021
2021 will be a challenging but exciting year for IT pros. Here are the top skills in demand they will need in order to gain ground in their career.
Security Affairs
JANUARY 22, 2021
KindleDrip : Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims’ devices. Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. The researchers noticed that the “Send to Kindle” feature allows Kindle users to send e-books to their devices as email attachments, a behavior that could be potentially explo
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Quick Heal Antivirus
JANUARY 22, 2021
We recently came across 2 malicious Joker family malware applications on Google Play Store — the company was. The post Stay Alert, Joker still making its way on Google Play Store! appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Tech Republic Security
JANUARY 22, 2021
The SolarWinds compromise means you can no longer put off privileged account management.
Security Affairs
JANUARY 22, 2021
Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library. The PEAR Archive_Tar class provides handling of tar files in PHP. It supports creating, listing, extracting, and adding to tar files.
Tech Republic Security
JANUARY 22, 2021
Having an AI tool to help can ease the burden on cybersecurity teams, which are struggling to keep up with constant and more serious threats.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
JANUARY 22, 2021
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.
Cisco Security
JANUARY 22, 2021
In cybersecurity, nation states, cyber criminals, hacktivists, and rogue employees are the usual suspects. They fit nicely into categories like external attackers or insider threats. But what about our essential suppliers, partners, and service providers? We rely on them, sometimes inviting them in to help manage our networks and internal systems. It’s easy to overlook them as possible pathways for cyberattacks.
CSO Magazine
JANUARY 22, 2021
As part of a Zero Trust approach to cybersecurity, network flows should be authenticated before being processed and access determined by dynamic policy. A network that is intended to never trust, and to always verify all connections, requires technology that can determine confidence and authorize connections and provide that future transactions remain valid.
Cisco Security
JANUARY 22, 2021
Take back control with an integrated security platform. In a makeshift SOC in the corner of his home , Matt starts his day wi th an alarm going off on his computer. There are four monitors ganged together, multiple consoles on each one of them, and numerous empty coffee mug s. Th is probably draws a snapshot of what’s been real for many of us.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Digital Guardian
JANUARY 22, 2021
Copycats, searchable phishing campaigns, and cybersecurity policy in the new administration - catch up on all of the week's infosec news with the Friday Five!
The Hacker News
JANUARY 22, 2021
Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history.
Threatpost
JANUARY 22, 2021
A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.
The Hacker News
JANUARY 22, 2021
Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Hot for Security
JANUARY 22, 2021
On Sunday evening, the CHwapi hospital in Belgium suffered a cyberattack that prompted the facility to redirect emergency patients to other hospitals and delay surgical procedures. As reported by local media group L’Avenir , 80 of the hospital center’s 300 servers were affected by the attack, forcing staff and nurses to abandon digital entries and turn to pen and paper for patient assessments.
GlobalSign
JANUARY 22, 2021
Miraculously, we’ve made it through one whole week without a large-scale ransomware attack. How refreshing! Naturally, there are a few smaller-scale events being reported. Here's a run-down.
Dark Reading
JANUARY 22, 2021
Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.
Threatpost
JANUARY 22, 2021
The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
216 
Let's personalize your content