Schneier on Security
FEBRUARY 26, 2021
Excellent Brookings paper: “ Why data ownership is the wrong approach to protecting privacy.” From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it.
Troy Hunt
FEBRUARY 26, 2021
I honestly don't know where my time goes. I get up, have great plans for all the things I want to do then next minute, the day is gone. There's probably some hints in the range of different things I'm speaking about this week and the book is certainly now consuming a heap of time, but at least I'm doing what I love. Also, at about the 29 minute mark, I started getting a little static in the audio.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
FEBRUARY 26, 2021
The benefits of working remotely are numerous, but there are significant hidden costs that need to be factored in.
Bleeping Computer
FEBRUARY 26, 2021
A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
FEBRUARY 26, 2021
Almost a year ago, the world turned upside down and seemingly everything changed due to the COVID-19 pandemic. In that time, entire workforces went – and stayed – home, cloud adoption skyrocketed and digital transformation. The post Pandemic Cyber Crime, By the Numbers appeared first on Security Boulevard.
PCI perspectives
FEBRUARY 26, 2021
Industry feedback is fundamental to the evolution of the PCI Data Security Standard (PCI DSS). Because of the broad impact PCI DSS has on the payment community, the Council is seeking additional feedback into the PCI DSS v4.0 validation documents. As a result of expanding stakeholder feedback opportunities to include these supporting documents, the Council is now targeting a Q4 2021 completion date for PCI DSS v4.0.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
FEBRUARY 26, 2021
American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks. [.].
We Live Security
FEBRUARY 26, 2021
As screen time has increased, so has the risk of cyberbullying. What you can do to help protect your children from online harassment? The post Safeguarding children against cyberbullying in the age of COVID‑19 appeared first on WeLiveSecurity.
Bleeping Computer
FEBRUARY 26, 2021
Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware. [.].
The Hacker News
FEBRUARY 26, 2021
A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
FEBRUARY 26, 2021
?A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data. [.].
Security Affairs
FEBRUARY 26, 2021
French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute allowing it to self replicate over the local network.” reads the report published by the ANSS
Anton on Security
FEBRUARY 26, 2021
Those who follow me on social media already knows this, but we have launched THE Cloud Security Podcast. TL;DR: Find this on Google Podcasts , Apple Podcasts , Spotify , Stitcher and wherever else podcasts can be found. You can also download the episodes directly here. Follow @CloudSecPodcast. The whole story from our GCP blog is cross-posted below: Security continues to be top of mind for large enterprises as well as smaller organizations and businesses.
The Hacker News
FEBRUARY 26, 2021
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
FEBRUARY 26, 2021
Neither clinical research into the coronavirus nor any patient data were affected by the incident. The post Oxford University COVID‑19 lab hacked appeared first on WeLiveSecurity.
Security Boulevard
FEBRUARY 26, 2021
A really nasty remote code execution vulnerability is being exploited right now. VMware vCenter can be trivially broken into. The post ‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It appeared first on Security Boulevard.
Hot for Security
FEBRUARY 26, 2021
The National Cyber Security Centre (NCSC) has issued a family-oriented guide to help parents and caretakers ensure a safe digital learning experience for students. Although remote education provides continuous learning outside physical classrooms, parents need to be aware of the potential issues and risks associated with the increased use of digital tools and second-hand devices issued by school districts.
Graham Cluley
FEBRUARY 26, 2021
UK energy firm Npower has scrapped its smartphone app following an attack by hackers that saw some users' accounts accessed and personal information stolen.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
We Live Security
FEBRUARY 26, 2021
A snapshot of some of the ways ESET makes an impact supporting the well-being of people, communities and the environment. The post Championing worthy causes: How ESET gives a helping hand appeared first on WeLiveSecurity.
The Hacker News
FEBRUARY 26, 2021
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company said in an advisory published yesterday.
Security Boulevard
FEBRUARY 26, 2021
“I feel the need – the need for speed.” Pete “Maverick” Mitchell’s phrases in Top Gun (1986) stand true for today’s application development world, where it is important to deliver. The post Faster, Better, Safer – With Little Help of Web Application Security Testing Tools appeared first on Indusface. The post Faster, Better, Safer – With Little Help of Web Application Security Testing Tools appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 26, 2021
The number of attacks had slowed down after the winter holidays, but after the past two weeks, it's evident that the ransomware attacks are back at full speed. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
FEBRUARY 26, 2021
Enterprises and their staff dealt with a lot of change in 2020. The pandemic and resulting lockdowns forced organizations to allow staff to work from home. This vastly increased mobility, cloud computing and social networking usage; in some cases, this transition occurred before companies and staff were fully prepared. Work from home (WFH) moved insiders.
Digital Guardian
FEBRUARY 26, 2021
Hackers targeting the US electric grid, M1 chip compatible malware, and a new attack framework for inferring keystrokes - catch up on all of the week's infosec news with the Friday Five!
Zero Day
FEBRUARY 26, 2021
There's been a 2,000% increase of new malware written in Go over the past few years.
CyberSecurity Insiders
FEBRUARY 26, 2021
Nutanix, a cloud infrastructure and software provider has made it official that its cloud platform will be ransomware protected, thus making it conducive for businesses to implement their virtualization and other enterprise network storage needs with no hesitation. Technically, Nutanix has added a threat monitoring and detection service along with data replication and robust access controls to its Nutanix stack.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
FEBRUARY 26, 2021
Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What’s Going On? Our online security team has uncovered a massive data breach originating from a misconfigured Amazon Bucket, which was operated by a Turkish Legal advising company, INOVA YÖNETIM & AKTÜERYAL DANI?
Security Boulevard
FEBRUARY 26, 2021
Google and the Linux Foundation announced this week they will underwrite two full-time maintainers for Linux kernel security development. Gustavo Silva is currently working full time on eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare.
Threatpost
FEBRUARY 26, 2021
Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.
SC Magazine
FEBRUARY 26, 2021
At a joint hearing of the House Oversight and Homeland Security Committee about the SolarWinds-related espionage campaign, Rep. Michael McCaul, R-Texas, said that he and Rep. Jim Langevin, D-R.I., are working on legislation to require companies to notify the federal government after similar breaches. The Friday House hearing was the second hearing of the week on the topic, with the Senate Intelligence Committee holding a similar hearing on Tuesday.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
251 
Let's personalize your content