Schneier on Security
DECEMBER 3, 2020
Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. So while opening up source code is a good thing, it is not a guarantee of security.
Daniel Miessler
DECEMBER 3, 2020
The Lawfare Podcast is one of my few staples, and I just listened to another great episode on espionage against US buisnesses. My main takeaway was this: Foreign governments—and especially China—are pivoting from targeting other governments for their secrets, to instead going after private companies because that’s where most of the intellectual property is.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 3, 2020
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.
Security Affairs
DECEMBER 3, 2020
E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea. E-Land Group takes part in retail malls, restaurants, theme parks, hotels and construction businesses as well as its cornerstone, fashion apparel business.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 3, 2020
Attacks against COVID-19 vaccine developers will continue, while more reports will surface about patient data leaks in the cloud, says Kaspersky.
Security Affairs
DECEMBER 3, 2020
Security experts analyzed 4 million public Docker container images hosted on Docker Hub and found half of them was having critical flaws. Container security firm Prevasio has analyzed 4 million public Docker container images hosted on Docker Hub and discovered that the majority of them had critical vulnerabilities. The cybersecurity firm used its Prevasio Analyzer service that ran for one month on 800 machines. 51% of the 4 million images were including packages or app dependencies with at least
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 3, 2020
TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature. The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. The TrickBoot functionality was documented by experts from Advanced Intelligence (AdvIntel) and Eclypsium. “This new functionality, which we have dubbe
WIRED Threat Level
DECEMBER 3, 2020
The hackers behind TrickBot have begun probing victim PCs for vulnerable firmware, which would let them persist on devices undetected.
We Live Security
DECEMBER 3, 2020
ESET experts look back at some of the key themes that defined the cybersecurity landscape in the year that’s ending and give their takes on what to expect in 2021. The post Cybersecurity Trends 2021: Staying secure in uncertain times appeared first on WeLiveSecurity.
The State of Security
DECEMBER 3, 2020
Embraer, a Brazilian manufacturer of aircraft, has disclosed that hackers managed to breach its computer systems, and steal data. Although Embraer may not be a household name, it is the world’s third-largest producer of civil aircraft (after Boeing and Airbus), having delivered more than 8,000 aeroplanes to date. According to a press release issued by […]… Read More.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We Live Security
DECEMBER 3, 2020
Using a zero-click exploit, an attacker could have taken complete control of any iPhone within Wi-Fi range in seconds. The post iPhone hack allowed device takeover via Wi‑Fi appeared first on WeLiveSecurity.
WIRED Threat Level
DECEMBER 3, 2020
As vaccines await US approval, a sophisticated global phishing campaign has tried to harvest credentials from companies involved in their distribution.
The State of Security
DECEMBER 3, 2020
As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their […]… Read More. The post Lessons From Teaching Cybersecurity: Week 9 appeared first on The State of Security.
WIRED Threat Level
DECEMBER 3, 2020
A Google researcher found flaws in Apple's AWDL protocol that would have allowed for a complete device takeover.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
DECEMBER 3, 2020
IBM X-Force experts warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain. Researchers from IBM X-Force warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020.
Threatpost
DECEMBER 3, 2020
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Cisco Teams and Edge.
Trend Micro
DECEMBER 3, 2020
The events of 2020 have confirmed what most technology leaders across the country already know: cloud computing is the key to driving business agility and unlocking value.
Threatpost
DECEMBER 3, 2020
The struggling retailer's back-end services have been impacted, according to a report, just in time for the holidays.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
DECEMBER 3, 2020
Companies involved in technologies for keeping vaccines cold enough for safe storage and transportation are being targeted in a sophisticated spear-phishing campaign, IBM says.
Threatpost
DECEMBER 3, 2020
Lookout's Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working.
Dark Reading
DECEMBER 3, 2020
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
Threatpost
DECEMBER 3, 2020
A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
DECEMBER 3, 2020
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
Threatpost
DECEMBER 3, 2020
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.
Dark Reading
DECEMBER 3, 2020
A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device.
Threatpost
DECEMBER 3, 2020
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailer’s stores.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Thales Cloud Protection & Licensing
DECEMBER 3, 2020
Zero Trust 2.0: NIST’s identity-centric architecture. madhav. Fri, 12/04/2020 - 05:15. In August, the National Institute of Standards and Technology (NIST) released its blueprint for establishing a Zero Trust security architecture, NIST SP 800-207. The publication provides “general deployment models and use cases where Zero Trust could improve an enterprise’s overall information technology security posture.”.
Threatpost
DECEMBER 3, 2020
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.
Dark Reading
DECEMBER 3, 2020
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
Threatpost
DECEMBER 3, 2020
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
293 
Let's personalize your content