Schneier on Security
SEPTEMBER 17, 2021
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.
Daniel Miessler
SEPTEMBER 17, 2021
In a previous post I talked about how security questionnaires are security theater. They were in 2018—and they still are—but pointing this out always raised the same challenge: Fine, but we have to do something. What’s the alternative? It’s a fair point, and I think we have an answer. I’m a bit allergic to 1.0 and 2.0 designations, but in this case I think we have a clear transition.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
SEPTEMBER 17, 2021
Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids. We'd love questions and topics in advance or just drop in on the day, we're planning it for 18:00 Gold Coast time on Friday 24 which will be 09:00 that morning in London and ridiculous o'clock everywhere in the US.
Tech Republic Security
SEPTEMBER 17, 2021
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
SEPTEMBER 17, 2021
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. The post Numando: Count once, code twice appeared first on WeLiveSecurity.
Tech Republic Security
SEPTEMBER 17, 2021
Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 17, 2021
Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds.
Security Boulevard
SEPTEMBER 17, 2021
The biggest story this week was over at Apple, which released security updates for a zero-day vulnerability that affects the iPhone, iPad, Mac and Apple Watch. The post Cybersecurity News Round-Up: Week of September 13, 2021 appeared first on Security Boulevard.
Tech Republic Security
SEPTEMBER 17, 2021
An August Beyond Identity report takes a look at people's password protection habits as well as their tendencies to guess other folk's passwords.
Graham Cluley
SEPTEMBER 17, 2021
The experts at security firm Bitdefender, in collaboration with "a trusted law enforcement partner", have made available a universal decryptor for victims of the REvil ransomware (also sometimes known as Sodinokibi).
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
SEPTEMBER 17, 2021
With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan.
Bleeping Computer
SEPTEMBER 17, 2021
It has been an interesting week with decryptors released, ransomware gangs continuing to rail against negotiators, and the US government expected to sanction crypto exchanges next week. [.].
Security Affairs
SEPTEMBER 17, 2021
Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux binary executables (in ELF format) natively on Windows 10, Windows 11, and Windows Server 2019.
Bleeping Computer
SEPTEMBER 17, 2021
Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
SEPTEMBER 17, 2021
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
Threatpost
SEPTEMBER 17, 2021
Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.
Bleeping Computer
SEPTEMBER 17, 2021
At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations. [.].
Security Boulevard
SEPTEMBER 17, 2021
Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability. The post ‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Quick Heal Antivirus
SEPTEMBER 17, 2021
VoLTE: Voice over LTE is a high-speed wireless communication standard for mobile phones. It has up to three. The post How Unlimited Internet Data Has Changed The Face Of Cybercrime? appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
The Hacker News
SEPTEMBER 17, 2021
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
Security Boulevard
SEPTEMBER 17, 2021
Of the many problems that threaten enterprises, entitlement and access management risks are a significant cause for concern. These issues become even more menacing as the current remote and hybrid work scenarios have fragmented and distributed the enterprise workforce. This workforce uses cloud platforms for essential tasks and data sharing daily, making it increasingly difficult.
Security Affairs
SEPTEMBER 17, 2021
Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
We Live Security
SEPTEMBER 17, 2021
Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Bleeping Computer
SEPTEMBER 17, 2021
Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. [.].
Security Boulevard
SEPTEMBER 17, 2021
No sooner had the Open Management Infrastructure (OMI) software agent silently installed by Microsoft on more than half of all Azure instances been revealed then threat actors were already on the case, exploiting the flaws. “Mirai botnet is exploiting #OMIGOD—they drop a version of Mirai DDoS botnet and then close 5896 (OMI SSL port) from. The post OMIGOD!
Dark Reading
SEPTEMBER 17, 2021
Government authorities are increasingly trying to bolster critical infrastructure security. But investments in next-generation solutions won't go far enough without also addressing security and operational fundamentals.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
SEPTEMBER 17, 2021
Our thanks to DEFCON for publishing their outstanding DEFCON Conference Blockchain Village Videos on the groups' YouTube channel. Permalink. The post DEF CON 29 Blockchain Village – Michael Lewellen’s ‘Ethereum Hacks & How To Stop Them’ appeared first on Security Boulevard.
Bleeping Computer
SEPTEMBER 17, 2021
Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. [.].
Security Boulevard
SEPTEMBER 17, 2021
The newest wearable tech on the market is a pair of glasses that can record 30-second videos and take photos, the result of a collaborative effort between Facebook and Ray-Ban. The glasses, called Ray-Ban Stories, are “designed for frictionless media capture of the world around you” according to Wired. The reporters who tried them out said the glasses are lightweight and very simple to operate.
CyberSecurity Insiders
SEPTEMBER 17, 2021
Ransomware is big business, and it’s getting even bigger. Some successful ransomware groups now operate as efficient organizations, reinvesting the proceeds from ransom payments to grow the business and refine attack methods. Instead of relaunching the same tried-and-true attacks that have generated their handsome profits, ransomware groups are using the money to invest in R&D, an approach resembling series A financing rounds.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
295 
Let's personalize your content