Schneier on Security

DECEMBER 8, 2020

This new protocol , called Oblivious DNS-over-HTTPS (ODoH), hides the websites you visit from your ISP. Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.

DNS 310

DNS Encryption Internet Internet 310

Krebs on Security

DECEMBER 8, 2020

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

DNS 262

DNS Backups Malware Software 262

Tech Republic Security

DECEMBER 8, 2020

Business leaders are spending close to a quarter of their budget on 5G security and will increase that spend in the next 12–18 months, according to a new report.

207

207

Security Affairs

DECEMBER 8, 2020

The OpenSSL Project disclosed a serious security vulnerability in TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The OpenSSL Project warned of a ‘high-severity’ security vulnerability in the TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The flaw is a null pointer dereference, successful exploitation could trigger denial-of-service conditions.

Hacking 145

Hacking Information Security Malware 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 8, 2020

Ensuring security for employees working remotely was cited as the biggest challenge going into the new year, says Check Point.

Cybersecurity 218

Cybersecurity 218

Dark Reading

DECEMBER 8, 2020

Sylvain Cortes, Security Evangelist and cybersecurity expert at Alsid, highlights the need for security departments to raise awareness through their organizations over cyber threats this Christmas.

Cyber threats 129

Cyber threats Cybersecurity 129

Anton on Security

DECEMBER 8, 2020

As we discussed in “The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less” , there are situations where the encryption key really does belong off the cloud and so trust is externalized. While we argue that these are rarer than some assume, they absolutely do exist. Moreover, when these situations materialize, the data in question or the problem being solved is typically hugely important for an organization.

Encryption 100

Encryption Banking Digital transformation Risk 100

Tech Republic Security

DECEMBER 8, 2020

Based on the Gluu server, the Janssen Project prioritizes security and performance and features signing and encryption functionalities.

Software 158

Software Encryption 158

Security Affairs

DECEMBER 8, 2020

An unauthenticated command injection vulnerability could be exploited by threat actors to compromise D-Link VPN routers. Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The experts initially discovered the flaws in DSR-250 router family running firmware version 3.17, further investigation allowed the experts to determine that these vulnerabilities also affect other devi

VPN 117

VPN Hacking Firmware Authentication 117

Threatpost

DECEMBER 8, 2020

A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns.

IoT 126

IoT Internet Internet Technology 126

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

DECEMBER 8, 2020

Security flaws in the PlayStation Now cloud gaming Windows application allowed hackers to execute arbitrary code on Windows systems. Bug bounty hunter Parsia Hakimian discovered multiple security flaws in the PlayStation Now (PS Now) cloud gaming Windows application that allowed hackers to execute arbitrary code on Windows devices running vulnerable app versions.

Computers and Electronics 112

Computers and Electronics Phishing Hacking Information Security 112

Tech Republic Security

DECEMBER 8, 2020

Report finds that over half the malware attacks in Q3 could bypass signature-based malware protection.

Malware 119

Malware Cybersecurity 119

Security Affairs

DECEMBER 8, 2020

The Apache Software Foundation addressed a possible remote code execution vulnerability in Struts 2 related to the OGNL technology. . The Apache Software Foundation has released a security update to address a “possible remote code execution” flaw in Struts 2 that is related to the OGNL technology. . The remote code execution flaw, tracked as CVE-2020-17530, resides in forced OGNL evaluation when evaluated on raw user input in tag attributes. “Forced OGNL evaluation, when evaluated on raw u

Software 109

Software Technology Hacking Cybersecurity 109

PCI perspectives

DECEMBER 8, 2020

After more than 10 years at PCI Security Standards Council (PCI SSC), Gill Woodcock, VP, Global Head of Programs, retires this month. In this blog, we interviewed Gill about her career in IT security and the payments industry, the most rewarding aspects of her job, and why she believes lifelong learning and taking the occasional risk are the key ingredients to success.

Risk 98

Risk 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

DECEMBER 8, 2020

Security expert disclosed technical details about a wormable, cross-platform flaw in Microsoft Teams that could allow stealth attacks. Security researcher Oskars Vegeris from Evolution Gaming has published technical details on a wormable, cross-platform vulnerability in the business communication platform Microsoft Teams. The flaw is a cross-site scripting (XSS) issue that impacts the ‘teams.microsoft.com’ domain, it could be exploited by an attacker to achieve remote code execution in the MS Te

Phishing 109

Phishing Hacking Information Security Malware 109

Approachable Cyber Threats

DECEMBER 8, 2020

Category Awareness. Risk Level. Ransomware: you’ve heard about it in the news. A classic portmanteau (like Brexit), it’s a combination of “ransom” and “malware”. The name came about because malware - a harmful program or file - gets on your computer, and holds all you information ransom by making it unreadable. You usually realize it when a ransom note pops up on your screen, but unfortunately this one isn’t made out of letters from a magazine and is going to be a big problem.

Ransomware 98

Ransomware Backups Phishing Malware 98

Security Affairs

DECEMBER 8, 2020

Network-attached storage (NAS) vendor QNAP addressed vulnerabilities that could enable attackers to take over unpatched NAS devices. The Taiwanese vendor QNAP has released security updates to fix eight vulnerabilities that could be exploited by attackers to over unpatched NAS devices. The list of vulnerabilities addressed by QNAP is available here , it includes XSS and command injection issues.

Firmware 102

Firmware Malware Ransomware Hacking 102

We Live Security

DECEMBER 8, 2020

Starting mid-January, U.S. tax-payers will be able to enroll in the Identity Protection PIN program that was previously available only to certain users. The post The Internal Revenue Service expands identity protection to all tax‑payers appeared first on WeLiveSecurity.

Cybersecurity 98

Cybersecurity 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

McAfee

DECEMBER 8, 2020

Over the past 9 months, the world has grappled with the COVID-19 pandemic. We have all felt vulnerable. With borders closed and curfews and lockdowns instituted, things that we can count on, like reliable energy and technology, have become more essential than ever… Especially now that most of us have to conduct work from home, we are grateful for reliable energy as it powers our lights, air, heating, and internet.

Artificial Intelligence 97

Artificial Intelligence Threat Detection Technology Internet 97

Security Affairs

DECEMBER 8, 2020

The cyber security giant FireEye announced that it was hacked by nation-state actors, likely Russian state-sponsored hackers. The cybersecurity firm FireEye is one of the most prominent cybersecurity firms, it provides products and services to government agencies and companies worldwide. The company made the headlines because it was the victim of a hack, and experts blame Russia-linked hackers for the attack. “FireEye revealed on Tuesday that its own systems were pierced by what it called

Hacking 97

Hacking Cybersecurity Penetration Testing Cyber threats 97

Dark Reading

DECEMBER 8, 2020

Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.

Accountability 141

Accountability 141

Threatpost

DECEMBER 8, 2020

It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure.

Financial Services 116

Financial Services Manufacturing Marketing Healthcare 116

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

DECEMBER 8, 2020

Russian citizen Alexander Vinnik was sentenced in Paris to five years in prison for money laundering and ordered to pay 100,000 euros in fines. Russian citizen Alexander Vinnik was sentenced in Paris to five years in prison for money laundering and ordered to pay 100,000 euros in fines. The man went on trial in Paris for having defrauded nearly 200 victims across the world of 135M euros using ransomware.

Cryptocurrency 93

Cryptocurrency Hacking Ransomware Cybercrime 93

The State of Security

DECEMBER 8, 2020

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their […]… Read More. The post Lessons from Teaching Cybersecurity: Week 10 appeared first on The State of Security.

Cybersecurity 93

Cybersecurity 93

Dark Reading

DECEMBER 8, 2020

Security and development are still two different worlds, with open-source developers resistant to spending time finding and fixing vulnerabilities.

141

141

Threatpost

DECEMBER 8, 2020

An attacker stole FireEye's Red Team assessment tools that the company uses to test its customers’ security.

Government 119

Government Hacking Cybersecurity 119

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

DECEMBER 8, 2020

The platform has gotten better about stamping out extremist content. But researchers say its policies and algorithms are still too opaque.

99

99

TrustArc

DECEMBER 8, 2020

Since the Schrems-II judgment came down on July 16th, the message has slowly sunk in that Europe is serious about looking at privacy and data protection through the glasses of fundamental rights protection. That was even reinforced by the Privacy International and Quadrature du Net cases, published at the start of October. Any interference with the fundamental rights […].

83

83

Threatpost

DECEMBER 8, 2020

According to Cyberseek, an interactive mapping tool that tracks the current state of the security job market, there are more than half a million open cybersecurity positions available in the U.S. alone (522,000).

Marketing 77

Marketing Cybersecurity 77

Dark Reading

DECEMBER 8, 2020

"Novel techniques" used by the attackers cheated security tools and forensics, according to FireEye CEO Kevin Mandia.

97

97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.