Schneier on Security
AUGUST 18, 2021
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision : two images that hash to the same value.
Krebs on Security
AUGUST 18, 2021
T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 18, 2021
I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents.
The Last Watchdog
AUGUST 18, 2021
So NortonLifeLock has acquired Avast for more than $8 billion. This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering. Related: The coming of ubiquitous passwordless access.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 18, 2021
Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.
Malwarebytes
AUGUST 18, 2021
Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. And the brands phishers like most are the ones you’re expecting to hear from, or wouldn’t be surprised to hear from, like Amazon or DHL. Now you can add DocuSign to that list. DocuSign is a service that allows people to sign documents in the Cloud.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Malwarebytes
AUGUST 18, 2021
A deep dive into macOS 11’s internals reveals some security surprises that deserve to be more widely known. Contents. Introduction Disclaimers macOS 11’s better known security improvements Secret messages revealed? CPU security mitigation APIs The NO_SMT mitigation The TECS mitigation Who benefits from NO_SMT and TECS ? Endpoint Security API improvements More message types More notifications, less polling More metadata Improved performance A vulnerability quietly fixed O_NOFOLLOW_ANY
Tech Republic Security
AUGUST 18, 2021
71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty.
CyberSecurity Insiders
AUGUST 18, 2021
Cybersecurity Researchers from Mandiant have disclosed that millions of IoT devices operating across the globe were vulnerable to cyber attacks because of a flaw in Kalay Cloud platform software supplied by ThroughTek. On Tuesday this week, the bug dubbed as CVE-2021-28372 was reported to US Cybersecurity and Infrastructure Security Agency (CISA) by the researchers of FireEye Mandiant.
Tech Republic Security
AUGUST 18, 2021
Zero-trust is a good way to prevent hackers from gaining control of our infrastructure and energy industries, expert says.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
AUGUST 18, 2021
The German state’s data protection agency (DPA) warns that the use of the videoconferencing platform Zoom violates the European Union’s GDPR. The German state’s data protection agency (DPA) warns that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR).
Tech Republic Security
AUGUST 18, 2021
Facilities in the sector saw an average of 1,739 attacks per organization each week last month, according to Check Point Research.
Security Boulevard
AUGUST 18, 2021
Cyberattacks are on the rise. Hackers will seize on any opportunity to accelerate or obscure their cyberattacks. So imagine their delight when the COVID-19 pandemic forced companies to shutter their offices and conduct most, if not all, of their business remotely. It was open season with easy targets everywhere. The attacks that followed were some. The post How Much Cybersecurity Do You Need?
Tech Republic Security
AUGUST 18, 2021
The zero-trust model prevents attacks, but also greatly limits the impact of a successful breach, such as a ransomware attack.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
AUGUST 18, 2021
Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. [.].
CSO Magazine
AUGUST 18, 2021
International ransomware gangs aren't the only people after your enterprise's money. Long after a ransomware attack fades into gloomy history, your organization could face another potentially devastating financial threat: lawyers filing action lawsuits on behalf of clients who may have lost confidential personal or business information to the attackers. [ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the latest
Bleeping Computer
AUGUST 18, 2021
Microsoft has released Windows 10 21H2 19044.1200 with the awaited new Windows Hello security feature, WPA3 HPE support, and GPU computing in the Windows Subsystem for Linux. [.].
CSO Magazine
AUGUST 18, 2021
Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the Trend Microās biannual Cyber Risk Index (CRI) report, you expect to experience a data breach that compromises customer data in the next 12 months. [ Learn the 7 keys to better risk assessment. | Get the latest from CSO by signing up for our newsletters. ].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
AUGUST 18, 2021
T-Mobile has confirmed that attackers who recently breached its servers stole files containing the personal information of tens of millions of individuals. [.].
Tech Republic Security
AUGUST 18, 2021
Human error is still responsible for the majority of breaches, but we're getting better about watching for suspicious links, expert says.
CyberSecurity Insiders
AUGUST 18, 2021
SonicWall Cyber Threat report has confirmed that the year 2021 witnessed a record number of ransomware attacks in just 6 months, taking the number to 304.3 million; double than what was observed in the first six months of 2020. The network protecting firm stated that the cyber criminals sped up the attacks on corporate networks and innocent WFH individuals, as the year, till date, was filled with uncertainty and anxiety over the global shutdowns because of the quick spread of Corona Virus Delta
Webroot
AUGUST 18, 2021
If you attended Black Hat this year, you couldnāt avoid the topic of supply chain attacks. From keynotes to vendor messaging to booth presentations, they were a ubiquitous topic in Las Vegas this year. Supply chain attacks are cyberattacks targeting an upstream vendor for the ultimate purpose of compromising one or more of its customers. Cybercriminals are aware that, by compromising updates from trusted vendors, they can easily bypass installed security software to infect all customers that ins
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
AUGUST 18, 2021
US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. [.].
CyberSecurity Insiders
AUGUST 18, 2021
A week ago, Poly Network, a cryptocurrency notifying block chain site was hitting the google news headlines for wrong reasons. A hacker stole $600m worth of crypto from the block chain network and transferred the currency to three digital wallets. Now news is out that the hacker returned half of the money gathered from the heist and promised to return the full amount by this month’s end.
Bleeping Computer
AUGUST 18, 2021
Larry Dean Harmon, the owner of a dark web cryptocurrency laundering service known as Helix, pleaded guilty today of laundering over $300 million worth of bitcoins between 2014 and 2017. [.].
Security Affairs
AUGUST 18, 2021
Adobe has addressed two critical security vulnerabilities affecting its Photoshop image manipulation software. Ad obe released security updates to address two critical security vulnerabilities, tracked as CVE-2021-36065 and CVE-2021-36066, affecting the popular image manipulation software Photoshop. The flaws affect versions of the software for both Windows and macOS, their exploitation could lead to?
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, āDo you know whatās in your software?
We Live Security
AUGUST 18, 2021
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns. The post Health authorities in 40 countries targeted by COVID‑19 vaccine scammers appeared first on WeLiveSecurity.
The Hacker News
AUGUST 18, 2021
A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.
Bleeping Computer
AUGUST 18, 2021
GitHub is urging its user base to toggle on two-factor authentication (2FA) after deprecating password-based authentication for Git operations. [.].
WIRED Threat Level
AUGUST 18, 2021
The alleged digital operation has deployed hundreds of websites and social media accounts to attack the broadcaster's reporting.
Speaker: Erika R. Bales, Esq.
When we talk about ācompliance and security," most companies want to ensure that steps are being taken to protect what they value most ā people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and itās more important than ever that safeguards are in place. Letās step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
363 
Let's personalize your content