Krebs on Security
SEPTEMBER 10, 2021
On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.
Schneier on Security
SEPTEMBER 10, 2021
After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
SEPTEMBER 10, 2021
An early one today as I made space in the schedule to get out on the water 😎 I'm really liking the new Apple AirTags, I'm disliking some of the international media coverage about Australia's COVID situation, another gov onto HIBP and a blog post I've wanted to write for a long time on biometrics. That last one in particularly I felt was really important as time and time again, I hear these irrational statements from people about the perceived "risks" of biomet
Schneier on Security
SEPTEMBER 10, 2021
Researchers have found possible evidence of paternal care among bigfin reef squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 10, 2021
Biometrics are moving beyond banks and joining fingerprints and faceprints as a way to confirm employee and customer identities.
Security Boulevard
SEPTEMBER 10, 2021
And…they’re back. The REvil ransomware gang that is. You may recall these are the same guys behind the recent massive attacks at both Kaseya and JBS meat. But the list doesn’t end there. The post Cybersecurity News Round-Up: Week of September 6, 2021 appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 10, 2021
Despite economic optimism, many companies are concerned about the impacts of the coronavirus pandemic and have temporarily closed as they adapt to new tech tools and work models.
Bleeping Computer
SEPTEMBER 10, 2021
This week marked the return of the notorious REvil ransomware group, who disappeared in July after conducting a massive attack using a Kaseya zero-day vulnerability. [.].
eSecurity Planet
SEPTEMBER 10, 2021
Palo Alto Networks (PANW) is bringing its enterprise-class security to small business and home markets with Okyo , a Wi-Fi 6 hardware device announced today. At $349 a year, the security and router system seems attractively priced for small businesses and companies looking to secure remote workers , who have surged in number since the start of the Covid pandemic 18 months ago.
We Live Security
SEPTEMBER 10, 2021
Elderly men and women were the main targets of the romance scams operated by the fraudsters. The post Victims duped out of US$1.8 million by BEC and Romance scam ring appeared first on WeLiveSecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 10, 2021
Microsoft has fixed the Azurescape issue, a flaw in Azure Container Instances that allows to take over containers of other platform users. Microsoft has addressed a vulnerability in Azure Container Instances (ACI) called Azurescape that could have allowed a malicious container to take over containers belonging to other users. An attacker could exploit the vulnerability to execute commands in the containers of other users and access to their data.
CSO Magazine
SEPTEMBER 10, 2021
President Biden’s cybersecurity Executive Order on Improving the Nation’s Cybersecurity has triggered massive buzz regarding software bills of material (SBOMs). While we advocate for improving software supply chain security through greater transparency regarding the components contained therein, the hype surrounding SBOMs needs direction to resolve a series of key implementation questions.
Security Affairs
SEPTEMBER 10, 2021
The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg. The United Nations on Thursday confirmed that its computer networks were hit by a cyberattack earlier this year. “We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” Stéphane Dujarric, spokesman for the UN Secretary-General, told Bloomberg.
Threatpost
SEPTEMBER 10, 2021
With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home. Here are five recommendations for securing your home office.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Veracode Security
SEPTEMBER 10, 2021
Back in May 1998, as a member of the hacker think tank, L0pht, I testified under my hacker name, Weld Pond, in front of a U.S. Senate committee investigating government cybersecurity. It was a novel event. Hackers, testifying under their hacker names, telling the U.S. government how the world of cybersecurity really was from those down in the computer underground trenches.
Threatpost
SEPTEMBER 10, 2021
Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks.
Digital Guardian
SEPTEMBER 10, 2021
The latest Windows zero day, ProtonMail under fire, and creating a more diverse cybersecurity workforce - catch up on the infosec news of the week with the Friday Five!
Bleeping Computer
SEPTEMBER 10, 2021
MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
SEPTEMBER 10, 2021
Data is the lifeblood of every business. But protecting data can be a huge challenge for organizations because of varying legal and regulatory compliance standards—and the way data lives under constant threat from cybercriminals, error-prone employees and more. The pandemic and the shift to a remote workforce means information lives in more places than ever.
The Hacker News
SEPTEMBER 10, 2021
A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly.
Security Boulevard
SEPTEMBER 10, 2021
Scalable, cloud-native solutions like Azure Sentinel help security teams streamline security operations in cloud environments. The post Strengthen your cloud security posture with Azure Sentinel appeared first on Software Integrity Blog. The post Strengthen your cloud security posture with Azure Sentinel appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 10, 2021
A Canadian man, who helped North Korean threat actors to launder stolen funds, plead guilty to laundering tens of millions of dollars stolen in bank fraud schemes. A Canadian man who conspired to launder tens of millions of dollars stolen bank fraud schemes has been sentenced to 140 months in prison. The man is Ghaleb Alaumary (36), a Canadian citizen who also laundered money stolen in a massive cyberheist carried out by North Korea-linked threat actors.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
SEPTEMBER 10, 2021
Maryland recently joined seven other U.S. states to permit users to carry “digital driver’s licenses.” Under the program—which initially will work with Apple devices like iPhones—users can download a digital credential—a digital driver’s license—to their phones. The digital ID would be carried in the Apple digital wallet in much the same way as a regular.
The Hacker News
SEPTEMBER 10, 2021
The Linux community was caught unprepared when, in December 2020, as part of a change in the way Red Hat supports and develops CentOS, Red Hat suddenly announced that it's cutting the official CentOS 8 support window from ten years – to just two, with support ending Dec 31, 2021.
CyberSecurity Insiders
SEPTEMBER 10, 2021
Micheal Dell, the CEO and founder of Dell Technologies said that corporate companies can easily prevent ransomware attacks by going for a layered security approach. Speaking and disclosing his mind at a virtual conference, Dell said that he was extremely pleased with the way White House has taken steps against ransomware spread. Reacting to Joe Biden’s call for private companies to figure out best practices that help threat cyber attacks, the tech giant head said that his company will do its bes
TrustArc
SEPTEMBER 10, 2021
How this new initiative impacts you and your customers. In late 2020 an initiative to help keep consumer’s information safe and secure gained momentum among many large organizations around the world. This initiative is known as Global Privacy Control, or GPC for short. GPC allows consumers an easy way to opt-out of organizations selling or […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
SEPTEMBER 10, 2021
Facebook, neck-deep in virtual / augmented reality with the Oculus headset, continues to move things up a gear. It’s announced “Ray-Ban stories”, smart glasses which take video and photos. The company may yet go one step further and incorporate these features into Augmented Reality (AR) specs which a Facebook rep said were in development. Hold my beer.
Threatpost
SEPTEMBER 10, 2021
Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future.
eSecurity Planet
SEPTEMBER 10, 2021
From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. For many organizations, the idea of storing data or running applications on infrastructure that they do not manage directly seems inherently insecure. CloudPassage’s 2021 AWS Cloud Security Report found that misconfiguration of cloud platforms (71 percent), exfiltration of sensitive data (59 percent), and insecure APIs (54 percent) are the top cloud secu
Dark Reading
SEPTEMBER 10, 2021
The threat group, which leaked some 500,000 credentials for Fortinet SSL VPN devices, views ransomware as just one way to profit from compromised networks, experts say.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
276 
Let's personalize your content