Schneier on Security
DECEMBER 9, 2020
FireEye was hacked by — they believe — “a nation with top-tier offensive capabilities”: During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers.
Adam Levin
DECEMBER 9, 2020
FireEye is a global leader in cybersecurity. The company disclosed this week that a data breach had occurred, announcing that “a highly sophisticated threat actor” compromised their systems and stole tools the company used to simulate cyberattacks and data breaches. . Here’s what you need to know: The threat actors responsible have yet to be identified.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 9, 2020
A new global report on phishing attempts shows how the workforce has responded to security threats since COVID-19, and the new vulnerabilities that have resulted from the remote work landscape.
Adam Shostack
DECEMBER 9, 2020
[Update: 3 comments] Fireeye’s announcement of their discovery of a breach is all over the news. The Reuters article quotes a ‘Western security official’ as saying “Plenty of similar companies have also been popped like this.” I have two comments. First, it’s easy for anyone to label attackers “sophisticated.” Fireeye certainly has more data and experience in assessing that, and I’d like to see their scale.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 9, 2020
A survey of nearly 1,200 FOSS contributors found security to be low on developers' list of priorities.
Security Affairs
DECEMBER 9, 2020
Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities. Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code issues. The flaws impact multiple products including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
DECEMBER 9, 2020
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.
Tech Republic Security
DECEMBER 9, 2020
The hackers stole the firm's Red Team tools, which are used to help organizations counter cyberattacks.
Threatpost
DECEMBER 9, 2020
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets.
Security Affairs
DECEMBER 9, 2020
Security researchers have uncovered a new technique to inject a software skimmer onto websites, the malware hides in CSS files. Security researchers have uncovered a new technique used by threat actors to inject a software skimmer onto websites, the attackers hide the malware in CSS files. Security experts have analyzed multiple Magecart attack techniques over the past months, threat actors compromised websites by hiding malicious code in multiple components of the sites, including live chat win
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
DECEMBER 9, 2020
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.
Security Affairs
DECEMBER 9, 2020
The European Medicines Agency (EMA) announced it has been targeted by a cyber attack. The European Medicines Agency (EMA) announced it has been targeted by a cyber attack. The EMA did not provide technical details about the attack, nor whether it will have an impact on its operations while it is evaluating and approving COVID-19 vaccines. “EMA has been the subject of a cyberattack.
Dark Reading
DECEMBER 9, 2020
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.
Security Affairs
DECEMBER 9, 2020
The importance of computer identity in network communications: how to protect it and prevent threat actors from spying or stealing on online communications. When you fill out a registration form to take advantage of a web service, a virtual personal profile is generated, creating your own IT identity characterized by specific attributes. Even those who must manage and provide this service must have their own digital identity.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Trend Micro
DECEMBER 9, 2020
While tracking the activities of the SideWinder group, we identified a server used to deliver a malicious LNK file and host multiple credential phishing pages. In addition, we also found multiple Android APK files on their phishing server.
Dark Reading
DECEMBER 9, 2020
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
WIRED Threat Level
DECEMBER 9, 2020
Imperial troops have finally figured out how to do more than charge straight ahead.
Threatpost
DECEMBER 9, 2020
Cybercriminals are leveraging the recent rollout of the COVID-19 vaccines globally in various cyberattacks - from stealing email passwords to distributing the Zebrocy malware.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Digital Shadows
DECEMBER 9, 2020
It’s been a tough few months for the healthcare industry (and for all of us in general). While we’ve reported. The post Impersonator Syndrome: Supply chain lures and COVID-19 cures first appeared on Digital Shadows.
TrustArc
DECEMBER 9, 2020
External Validation Highlights Importance of Data Privacy in Securing Customer Trust TrustArc, the leader in data privacy management and automation, has been selected by OnePIN for GDPR Validation. OnePIN is the world’s leading provider of User Engagement services for Mobile Network Operators. The validation provides an independent way to demonstrate GDPR compliance to OnePIN’s customers […].
Threatpost
DECEMBER 9, 2020
Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware.
SecureWorld News
DECEMBER 9, 2020
If your organization is attacked by nation-state backed threat actors, can those involved hide behind claims of diplomatic immunity? The U.S. Ninth Circuit Court of Appeals just ruled that it can during a December 2020 decision. Let's take a high-level look at the case between a U.S. based company and the nation of Qatar. Revenge cyberattack allegedly launched by Qatar.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
InfoWorld on Security
DECEMBER 9, 2020
As multicloud strategies become fully mainstream, companies and dev teams are having to figure out how to create consistent approaches among cloud environments. Multicloud, itself, is ubiquitous: Among companies in the cloud, a full 93% have multicloud strategies—meaning they use more than one public cloud vendor like Amazon Web Services, Google Cloud Platform, or Microsoft Azure.
McAfee
DECEMBER 9, 2020
Government and Private Sector organizations are transforming their businesses by embracing DevOps principles, microservice design patterns, and container technologies across on-premises, cloud, and hybrid environments. Container adoption is becoming mainstream to drive digital transformation and business growth and to accelerate product and feature velocity.
Dark Reading
DECEMBER 9, 2020
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.
The State of Security
DECEMBER 9, 2020
Hey, did you get that sketchy email? You know, the one from that malicious hacker trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh. A hypothetical scenario, but one that plays out every day in organizations across the globe — a very real […]… Read More. The post 12 Essential Tips for Keeping Your Email Safe appeared first on The State of Security.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
DECEMBER 9, 2020
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.
Google Security
DECEMBER 9, 2020
Posted by Ian Eldred Pudney, Google Information Security On Friday, we announced that we’ve released the Atheris Python fuzzing engine as open source. In this post, we’ll briefly talk about its origins, and then go into lots more detail on how it works. The Origin Story Every year since 2013, Google has held a “Fuzzit”, an internal event where Googlers write fuzzers for their code or open source software.
Dark Reading
DECEMBER 9, 2020
Problem has to do with a print driver component found in all versions of Windows going back to Windows 7, security researcher from Singular Security Lab says at Black Hat Europe 2020.
SiteLock
DECEMBER 9, 2020
If you’ve landed on this page, you’re likely asking yourself, “Is my WordPress site not secure?” Luckily, we have some tips. When maximizing your WordPress site’s security, updating its themes and plugins is paramount. It shouldn’t be a question of if or when, but how frequently. A regular update schedule can save you from WordPress […]. The post 5 WordPress Security Issues—And A Simple Strategy To Avoid Them appeared first on The SiteLock Blog.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
305 
Let's personalize your content