Schneier on Security

JANUARY 20, 2021

Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malwa

Malware 262

Malware Hacking 262

Tech Republic Security

JANUARY 20, 2021

2020 was a security struggle in the world of web applications, and it isn't going to get any better in 2021, research from cybersecurity provider Radware said.

Cybersecurity 217

Cybersecurity 217

WIRED Threat Level

JANUARY 20, 2021

Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.

Software 145

Software 145

Tech Republic Security

JANUARY 20, 2021

Atlas VPN drills down into a Gallup poll to understand Americans' perceived threat level. It turns out 55% are more worried about cyberattacks.

VPN 159

VPN Hacking 159

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JANUARY 20, 2021

The far-right platform still hasn't found a US-based home. Where it lands could have serious consequences for its users' privacy.

143

143

Security Affairs

JANUARY 20, 2021

The Russian cryptocurrency exchange Livecoin has announced it is terminating its operation following the December cyberattack. The Russian cryptocurrency exchange was hacked on Christmas Eve, it published a message on its website warning customers to stop using its services. “Dear clients, we ask you to stop using our service in all meanings: don’t deposit funds, don’t trade, don’t use API.

Cryptocurrency 116

Cryptocurrency Scams Hacking Accountability 116

Threatpost

JANUARY 20, 2021

Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.

Software 139

Software 139

Security Affairs

JANUARY 20, 2021

Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. The experts explained how the UNC2452 and other threat actors breached the infrastructure and moved laterally from on-premises networks to the Microsoft 365 cloud.

Authentication 104

Authentication Cybersecurity Passwords Hacking 104

PCI perspectives

JANUARY 20, 2021

At times, Nicole Braun was the only female Qualified Security Assessor (QSA) in the entire country of New Zealand. In our 2021 podcast series debut, Nicole explains how she found success in the payments industry, against all odds, and why she thinks there are encouraging signs that a gender shift is coming.

98

98

Security Affairs

JANUARY 20, 2021

Flaws in popular messaging apps, such as Signal and FB Messenger allowed to force a target device to transmit audio to an attacker device. Google Project Zero security researcher Natalie Silvanovich found multiple flaws in popular video conferencing apps such as Signal and FB Messenger, that allowed to force a target device to transmit audio of the surrounding environment to an attacker device.

Mobile 104

Mobile Media Encryption Hacking 104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Hot for Security

JANUARY 20, 2021

OpenWRT open-source project says someone used an administrator’s credentials to breach their forum and stole a list of list user names, email addresses, and various other statistical data. Forum data breaches are not uncommon, as threat actors take advantage of vulnerabilities or employ other methods to gain access. Unfortunately, one of those methods is to use valid credentials, which allows attackers to bypass protection measures and directly access to the targeted resources.

Data breaches 98

Data breaches Passwords Authentication Internet 98

SecureWorld News

JANUARY 20, 2021

The FBI has released a private industry notification detailing how cybercriminals have been exploiting network access and escalating network privilege. As remote work has become the norm during the pandemic, many companies have adapted to changing environments and technologies. Due to this, network access and privilege escalation may not be monitored as closely.

VPN 98

VPN Accountability Social Engineering Phishing 98

We Live Security

JANUARY 20, 2021

Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices. The post DNSpooq bugs expose millions of devices to DNS cache poisoning appeared first on WeLiveSecurity.

DNS 96

DNS Software 96

Threatpost

JANUARY 20, 2021

The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory.

128

128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

JANUARY 20, 2021

Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.

139

139

Threatpost

JANUARY 20, 2021

The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365.

Hacking 126

Hacking 126

GlobalSign

JANUARY 20, 2021

Smishing text message scams are not new. But it’s important to remember: they are not going to disappear any time soon. All companies should include smishing as a priority in their cybersecurity training.

Scams 76

Scams Cybersecurity 76

SiteLock

JANUARY 20, 2021

Malware lurks on 17.6 million of the world’s websites—and many users have no idea their site is infected. Among the most obvious signs of malware infections are hosting suspensions, website blacklisting, and redirects to malicious websites. While these examples are simple to spot, other attacks go largely unnoticed—because it’s easy for malware to hide among […].

Malware 75

Malware 75

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SecurityTrails

JANUARY 20, 2021

Learn about the risks associated with the use of private IP addresses in public DNS records.

DNS 98

DNS Risk 98

Threatpost

JANUARY 20, 2021

Users of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment-fraud scammers.

Hacking 83

Hacking 83

Dark Reading

JANUARY 20, 2021

The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.

Cybersecurity 102

Cybersecurity 102

Graham Cluley

JANUARY 20, 2021

The world of cybersecurity isn’t fair. Security teams need to secure everything, but attackers need only find one weak link. For most organizations, cloud workload security is dependent upon the installation and maintenance of security agents across all assets. Something that rarely happens, as Orca Security's new report reveals.

Cybersecurity 62

Cybersecurity 62

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SecureWorld News

JANUARY 20, 2021

The well-known Wentworth Golf Club in the U.K. recently became one of the latest victims of a cyberattack. Wentworth is headquarters for the European PGA tour and hosts the annual PGA championships. The club's membership include some of England's most rich and famous people, such as Major winner Georgia Hall, Ladies European Tour player Annabel Dimmock, Sir Michael Parkinson, cricket's Kevin Pietersen, and presenters Ant and Dec.

Data breaches 57

Data breaches Hacking Risk Encryption 57

Graham Cluley

JANUARY 20, 2021

Your privacy may be at risk if you're on Fleek, hackers not only steal COVID-19 vaccine data but then tamper with it to spread mistrust, and the Bitcoin bungles keep on coming. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Hacker Valley Studio's Ron Eddings.

Hacking 58

Hacking Risk Data breaches 58

Digital Guardian

JANUARY 20, 2021

The FBI is again warning organizations of increased voice phishing - vishing - attacks targeting teleworkers.

Phishing 105

Phishing 105

Malwarebytes

JANUARY 20, 2021

Metadata, which gives background information on pieces of data , is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps , it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this information out. This is because it can reveal more than intended when it hits the public domain.

Mobile 61

Mobile Accountability Risk 61

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Digital Shadows

JANUARY 20, 2021

When it comes to selecting an external threat intelligence tool or managed service, “plenty of fish in the sea” is. The post Our Top 3 Takeaways from Forrester: Now Tech: External Threat Intelligence Services, Q4 2020 first appeared on Digital Shadows.

52

52

Hot for Security

JANUARY 20, 2021

AnyVan, a provider of delivery, transport and removal services in Europe, said it has fallen victim to a data breach involving theft of customer data. According to an email to impacted customers, the data breach was discovered on New Year’s Eve. “This leaking of data came to our attention on the 31st December but we understand the incident itself occurred at the end of September,” AnyVan said. “As soon as the incident came to our attention, our specialist IT team investig

Data breaches 52

Data breaches Hacking Passwords Phishing 52

Threatpost

JANUARY 20, 2021

Mystery of spying using popular chat apps uncovered by Google Project Zero researcher.

75

75

Naked Security

JANUARY 20, 2021

The more things change. the more they stay the same!

78

78

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.