Schneier on Security
OCTOBER 20, 2020
The Hewlett Foundation just announced its top five ideas in its Cybersecurity Visuals Challenge. The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity. A Google Images Search demonstrates the problem: locks, fingerprints, hands on laptops, scary looking hackers in black hoodies. Hewlett wanted to go beyond those tropes.
Tech Republic Security
OCTOBER 20, 2020
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to perform reconnaissance, discovery, and fingerprinting of the devices on your network.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
OCTOBER 20, 2020
The Nefilim ransomware operators have posted a long list of files that appear to belong to Italian eyewear and eyecare giant Luxottica. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com.
Dark Reading
OCTOBER 20, 2020
Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
OCTOBER 20, 2020
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users.
Dark Reading
OCTOBER 20, 2020
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
OCTOBER 20, 2020
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
Threatpost
OCTOBER 20, 2020
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
Security Affairs
OCTOBER 20, 2020
The US National Security Agency (NSA) has shared the list of top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild. The US National Security Agency (NSA) has published a report that includes details of the top 25 vulnerabilities that are currently being exploited by China-linked APT groups in attacks in the wild.
Threatpost
OCTOBER 20, 2020
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
OCTOBER 20, 2020
The global data privacy landscape is changing and everyday we can see new regulations emerge. These regulations are encouraging organizations to be better custodians of the consumers data and create a healthier space for data privacy. In order to do so organizations will need to rework their operations and revamp their processes in order to comply with these regulations.
Threatpost
OCTOBER 20, 2020
With Stanford research showing that nearly half of the U.S. labor force is now working from home full-time, insider threats are a much more difficult problem.
Dark Reading
OCTOBER 20, 2020
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
Threatpost
OCTOBER 20, 2020
Cybercriminal gang Darkside sent $20K in donations to charities in a ‘Robin Hood’ effort that’s likely intended to draw attention to future data dumps, according to experts.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
OCTOBER 20, 2020
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Threatpost
OCTOBER 20, 2020
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.
Dark Reading
OCTOBER 20, 2020
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
Threatpost
OCTOBER 20, 2020
Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
OCTOBER 20, 2020
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
SecureWorld News
OCTOBER 20, 2020
They are all members of Unit 74455 of the Russian Main Intelligence Directorate (GRU). A grand jury in Pittsburgh, Pennsylvania, just indicted 6 members of this Russian military unit for unleashing some of the most widespread and damaging cyberattacks ever seen. Russian officers charged in NotPetya cyberattack. The NotPetya cyberattack crashed networks around the globe, doing billions in damage.
Dark Reading
OCTOBER 20, 2020
Farsight Security's platform will offer no-cost access to certain tools and services.
Security Affairs
OCTOBER 20, 2020
Group-IB assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering web-bot and social engineering attacks. Group-IB , a global threat hunting and intelligence company headquartered in Singapore, has assisted Paxful , an international peer-to-peer cryptocurrency marketplace, in countering a wave of web-bot and social engineering attacks, and customer account takeovers.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
eSecurity Planet
OCTOBER 20, 2020
Virtual private networks (VPNs) come with different protocols and features, so choosing the best one requires some research. We outline your options.
Threatpost
OCTOBER 20, 2020
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.
McAfee
OCTOBER 20, 2020
Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear – we need more time.
SecureWorld News
OCTOBER 20, 2020
If you are looking to defend your agency or organization from Chinese Nation-State cyberattacks, you have your work cut out for you. The United States National Security Agency (NSA) sums up the threat for Chinese hacking targets and targeted networks: "These networks often undergo a full array of tactics and techniques used by Chinese state-sponsored cyber actors to exploit computer networks of interest that hold sensitive intellectual property, economic, political, and military information.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
ForAllSecure
OCTOBER 20, 2020
In a previous post of AST Guide for the Disenchanted , we identified the minimum appsec risks that need to be addressed as a part of your DevSecOps pipeline. The two risks are: known and unknown vulnerabilities. In today’s post, we’ll focus on how fuzz testing can help you address those unknown vulnerabilities. To let coders do what they do best, code, they need a solution that reduces false-positives.
NSTIC
OCTOBER 20, 2020
Here’s a one-question multiple-choice test: What's new at NIST on Internet of Things (IoT) security?
ForAllSecure
OCTOBER 20, 2020
In a previous post of AST Guide for the Disenchanted , we identified the minimum appsec risks that need to be addressed as a part of your DevSecOps pipeline. The two risks are: known and unknown vulnerabilities. In today’s post, we’ll focus on how fuzz testing can help you address those unknown vulnerabilities. To let coders do what they do best, code, they need a solution that reduces false-positives.
Security Affairs
OCTOBER 20, 2020
Researchers discovered that MMO game Street Mobster is leaking data of 1.9 million users due to SQL Injection critical vulnerability. Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data. Original Post: [link]. The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
280 
Let's personalize your content