Schneier on Security
AUGUST 20, 2021
In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.
Tech Republic Security
AUGUST 20, 2021
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
AUGUST 20, 2021
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
Tech Republic Security
AUGUST 20, 2021
In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
AUGUST 20, 2021
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [.].
The Hacker News
AUGUST 20, 2021
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Malwarebytes
AUGUST 20, 2021
This blog post was authored by Hossein Jazi. In late July 2021, we identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We discovered two documents written in Russian language and weaponized with the same malicious macro.
We Live Security
AUGUST 20, 2021
Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage. The post Hackers swipe almost $100 million from major cryptocurrency exchange appeared first on WeLiveSecurity.
Malwarebytes
AUGUST 20, 2021
On the Cloudflare blog , the American web infrastructure behemoth that provides content delivery network (CDN) and DDoS mitigation services reports that it detected and mitigated a 17.2 million request-per-second (rps) DDoS attack. To put that number in perspective. The company reports that this is three times as large as anything it has seen before.
CyberSecurity Insiders
AUGUST 20, 2021
China has made some amendments to the existing laws and passed a new document that discloses several provisions on how automobile companies need to collect their user data as per the stated stipulations. According to a media update released by the Cyberspace Administration of China (CAC) the new law called the Personal Information Protection Law(PIPL) will come into force from October 26th,2021 and will aim to standardize solutions pertaining to data security risks in automobile sector.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 20, 2021
Ransomware gangs continue to attack schools, companies, and even hospitals worldwide with little sign of letting up. Below we have tracked some of the ransomware stories that we are following this week. [.].
The Hacker News
AUGUST 20, 2021
Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month.
Bleeping Computer
AUGUST 20, 2021
The T-Mobile data breach keeps getting worse as an update to their investigation now reveals that cyberattack exposed over 54 million individuals' data. [.].
TrustArc
AUGUST 20, 2021
On Friday, 20 August 2021, the National Peopleās Congress of China adopted the Personal Information Protection Law (PIPL). This was reported by the website NPC Reporter. The final version of the law has been released in Chinese; an informal English translation will likely follow in the coming days. The new law will enter into force […].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
AUGUST 20, 2021
A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. [.].
Security Boulevard
AUGUST 20, 2021
Today, drawing from customer feedback on real user experiences, we look at how SCA means less overall risk, money, and effort with Sonatypeās Nexus Lifecycle and Nexus Firewall. Our third in this series, we started with the importance of data quality and then detailed the benefits to individual developers and dev teams. The post Return on Investment in Software Composition Analysis?
Jane Frankland
AUGUST 20, 2021
There’s a message women need to hear now and it’s this: meritocracy is a myth. The faster women understand this, the better. Unfortunately, many people in the workplace genuinely believe itās a reality, especially men in tech companies. Ironically, big data proves its dysfunction ā that believing in meritocracy makes people more selfish, less self-critical and more prone to introducing bias and behaving in a discriminatory way.
Bleeping Computer
AUGUST 20, 2021
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
AUGUST 20, 2021
Vulnerabilities in production code continue to increase, including vulnerabilities in open source codebases. According to a recent report from Synopsys, the number of open source vulnerabilities increased over the past year to a record 84%. Part of this increase may be attributed to the need for organizations to get their applications to production quickly to.
Security Affairs
AUGUST 20, 2021
Web infrastructure and website security company Cloudflare announced to have mitigated the largest ever volumetric DDoS attack to date. Cloudflare, the web infrastructure and website security company, announced that it has mitigated the largest ever volumetric distributed denial of service (DDoS) attack to date. Volumetric DDoS attacks are designed to overwhelm internal network capacity and even centralized DDoS mitigation scrubbing facilities with significantly high volumes of malicious traffic
Security Boulevard
AUGUST 20, 2021
Cyber insurance is driving a long overdue improvement in user access security. Multi-factor authentication (MFA) is fast becoming a requirement for all privilege and non-privilege accounts, whether users are working on the internal network or remotely. Not a requirement in previous cyber insurance renewals, cyber insurers are demanding firms have MFA.
Bleeping Computer
AUGUST 20, 2021
A distributed denial-of-service (DDoS) attack earlier this year takes the top spot for the largest such incident, peaking at 17.2 million requests per second (rps). [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
We Live Security
AUGUST 20, 2021
Who is actually paying the ransom demand? ā Be careful about what you throw away ā Records from a terrorist watchlist exposed online. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Security Affairs
AUGUST 20, 2021
Emsisoft researchers have released a decryptor for the SynAck Ransomware that could allow victims of the gang to decrypt their files for free. Emsisoft has released a free decryptor for SynAck Ransomware that can allow victims of the gang to decrypt their encrypted files. <gwmw style=”display:none;”>. Last week, the SynAck ransomware gang released the master decryption keys to allow victims to decrypt their files for free.
Heimadal Security
AUGUST 20, 2021
Apparently, the LockBit ransomware gangās new technique of āhiringā employees and other insiders in order to help them breach and encrypt corporate networks more easily has opened a whole new world of opportunities for hackers. On August 12, 2021, cloud email security platform Abnormal Security noticed certain emails received by their customers where they were […].
Security Affairs
AUGUST 20, 2021
Lojas Renner, the largest Brazilian department stores clothing company, suffered a ransomware attack that impacted its IT infrastructure. Lojas Renner, the largest Brazilian department stores clothing company, announced to have suffered a ransomware attack that impacted its IT infrastructure. According to Brazilian news outlets, the company was forced to shut down all its physical stores across the country in response to the attack, but Lojas Renner denied having closed the stores and pointed ou
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, āDo you know whatās in your software?
The Hacker News
AUGUST 20, 2021
Mozi, a peer-to-peer (P2P) botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings.
Security Affairs
AUGUST 20, 2021
During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors. Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability Report that analyzes the vulnerability landscape relevant to leading automation products used across the ICS domain.
Naked Security
AUGUST 20, 2021
Another week, another cryptocurrency catastrophe. This time, it's "only" $100 million's worth.
Security Affairs
AUGUST 20, 2021
The Internet Systems Consortium (ISC) addressed a high-severity denial-of-service (DoS) flaw (CVE-2021-25218) affecting the BIND DNS software. The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218 , that affects its BIND DNS software. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.
Speaker: Erika R. Bales, Esq.
When we talk about ācompliance and security," most companies want to ensure that steps are being taken to protect what they value most ā people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and itās more important than ever that safeguards are in place. Letās step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
350 
Let's personalize your content