Schneier on Security
JANUARY 5, 2021
The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points: The breach is far broader than first believed.
Tech Republic Security
JANUARY 5, 2021
Most successful cybercrimes leverage known human weaknesses. Isn't it time we stop getting psyched by the bad guys? Here are five steps cybersecurity pros can take now.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Threatpost
JANUARY 5, 2021
Researcher discovered info of 35 million credit-card users from an attack on the Indian startup, which handles payments for numerous online marketplaces.
Tech Republic Security
JANUARY 5, 2021
If you'd rather not have to enter your password every time you open the Bitwarden password manager on your mobile device, Jack Wallen shows you how to enable biometric login.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CompTIA on Cybersecurity
JANUARY 5, 2021
It’s time to look forward—to better times, new beginnings, and a brighter future. For CompTIA, 2021 means focusing on initiatives, resources and projects that bring more value to members and the IT industry. Here’s what to expect.
Tech Republic Security
JANUARY 5, 2021
If you're still using unsecured copy methods to transfer data to and from client devices, there's no better time to learn SCP. Here's why it's beneficial to encrypt your transfers.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 5, 2021
According to a new report published by Check Point, organizations in the healthcare industry have faced a 45% increase in attacks since November. Check Point researchers reported a surge in the number of attacks against organizations in the healthcare industry , +45% since November. This is more than double the overall increase observed by the experts in the other sectors on a global scale during the same period.
We Live Security
JANUARY 5, 2021
It’s hardly fun and games for top gaming companies and their customers as half a million employee credentials turn up for sale on the dark web. The post Stolen employee credentials put leading gaming firms at risk appeared first on WeLiveSecurity.
Threatpost
JANUARY 5, 2021
At least 6,500 cryptocurrency users have been infected by new, 'extremely intrusive' malware that's spread via trojanized macOS, Windows and Linux apps.
Quick Heal Antivirus
JANUARY 5, 2021
It has been evident now that the COVID-19 pandemic has led to a sharp spike in digital payments. The post E-wallets are becoming prominent targets for cyberattacks! appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
JANUARY 5, 2021
Researchers say a recent attack targeting videogaming developers has 'strong links' to the infamous APT27 threat group.
Security Affairs
JANUARY 5, 2021
The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online. The gaming industry is a privileged target for threat actors, threat actors leaked online over 500,000 stolen credentials belonging to top 25 gaming firms. The alarm was raised by the threat intelligence firm Kela that reported the availability for sale of the credentials in multiple hacking forums and criminal marketplace. “KELA found nearly 1 million
SecurityTrails
JANUARY 5, 2021
Learn how ASRv2 can help your organization to reduce the attack surface by discovering unknown servers, hostnames, open ports, expired ssl certificates, and more.
Dark Reading
JANUARY 5, 2021
Two campaigns have resulted in encrypted drives and ransom notes, suggesting that some China-linked nation-state advanced persistent threat groups have added financial gain as a motive, researchers say.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
JANUARY 5, 2021
The "People Nearby" feature in the secure messaging app can be abused to unmask a user's precise location, a researcher said.
Security Affairs
JANUARY 5, 2021
A German security researcher demonstrated how to break, once again, the Google Audio reCAPTCHA with Google’s own Speech to Text API. Back in 2017, researchers from the University of Maryland demonstrated an attack method, dubbed unCaptcha , against Google’s audio-based reCAPTCHA v2. The system receives the audio challenge, downloads it, and submits it to Speech To Text.
Threatpost
JANUARY 5, 2021
Google's Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.
Trend Micro
JANUARY 5, 2021
RansomExx is a ransomware variant responsible for several high-profile attacks in 2020. We take a look at its current techniques which include the use of trojanized software to deliver malicious payloads and an overall short and fast attack.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
JANUARY 5, 2021
SolarWinds shareholders accuse the company of lying about its security practices ahead of the disclosure of a massive security incident.
Threatpost
JANUARY 5, 2021
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.
Dark Reading
JANUARY 5, 2021
Researchers analyzed the activity of five popular English- and Russian-speaking Dark Web forums and discovered exponential membership growth.
SecureWorld News
JANUARY 5, 2021
Try to picture a nice and quiet evening with your family. You and your partner just cooked a wonderful dinner and now you sit down to play some games with the kids. The games are just starting to get competitive when suddenly law enforcement bursts into your home with guns drawn, screaming "Freeze! Police! Everyone down on the floor!". Your family is thrown into a state of panic.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
JANUARY 5, 2021
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
Vipre
JANUARY 5, 2021
All antiviruses might claim to be secure, but how do those claims hold up when real-life attacks happen? According to the latest test results from AV-Comparatives, VIPRE is certified to fully protect users in this realm. In other words, VIPRE doesn’t just sound secure on paper — our protection holds up during even the most dangerous attacks. .
Security Through Education
JANUARY 5, 2021
Go back about 15 years and if you and I were sitting over a whisky having a chat I would never have imagined that social engineering would be where it is today. When I started this company and began writing Social Engineering: The Art of Human Hacking , I never thought we would be where we are today either. . Jumping forward all these years, social engineering (SE) is the largest vector used in the present day for malicious hacking purposes and is now a fully-fledged industry. .
Dark Reading
JANUARY 5, 2021
The attacks appear to be an "intelligence-gathering" mission, the agencies said.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
JANUARY 5, 2021
Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from Intezer uncovered a large scale operation targeting cryptocurrency users with a previously undetected RAT named ElectroRAT. The campaign was uncovered in December, but according to the experts is active since at least January 2020.
Spinone
JANUARY 5, 2021
If you are here, you are probably considering moving your business data to the cloud, and you’re concerned about its security. When you ask, “Is the cloud safe for my data?” the real answer will be: it depends. In many ways, the cloud has an advantage over the on-premises solutions: it’s accessible anywhere and anytime, has a top-notch infrastructure, and a good deal of baseline security.
Veracode Security
JANUARY 5, 2021
Digital transformation continues to accelerate, and with it, businesses continue to modernize their technological environments, leveraging developer-first cloud-native solutions to build, host, and secure their software. At Veracode, we continue to see customers leveraging large cloud providers, such as AWS, as a central platform to conduct these activities.
IT Security Central
JANUARY 5, 2021
Data privacy is often overlooked in today’s digital landscape, but stakeholders are increasingly recognizing privacy as a competitive imperative, leading many companies to update their compliance and audit standards. In many ways, 2020 was a year of reckoning for data privacy on the internet. After more than a decade of enthusiastically embracing a “freemium” model […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
314 
Let's personalize your content