Schneier on Security

DECEMBER 15, 2020

This is interesting : Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo.

Authentication 329

Authentication Passwords Accountability Network Security 329

Tech Republic Security

DECEMBER 15, 2020

Jack Wallen explains why he's not worried that the rise in popularity of the Linux operating system will mean your open source platforms will be vulnerable to attacks.

200

200

Schneier on Security

DECEMBER 15, 2020

The press is reporting a massive hack of US government networks by sophisticated Russian hackers. Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material. […].

Government 253

Government Hacking Telecommunications Education 253

Tech Republic Security

DECEMBER 15, 2020

Find out two steps your business can take now to prepare employees, as well as infrastructure, for possible quantum computing-related cybersecurity risks.

Cybersecurity 194

Cybersecurity Risk 194

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

SecureWorld News

DECEMBER 15, 2020

When news broke a few days ago that IT management company SolarWinds was compromised in a supply chain cyber attack, we discovered that attackers accessed both the U.S Treasury Department and the Department of Commerce. Read the related story. Now we know that was just the start. Here are updates coming in: CISA emergency directive to unplug SolarWinds Orion products.

Cyber Attacks 144

Cyber Attacks Government Software Cybersecurity 144

Tech Republic Security

DECEMBER 15, 2020

Learn how applying cognitive science is one way to thwart cybercriminals' abilities to get unsuspecting users to do their bidding.

Cybersecurity 185

Cybersecurity 185

Tech Republic Security

DECEMBER 15, 2020

Jack Wallen explains why he's not worried that the rise in popularity of the Linux operating system will mean your open source platforms will be vulnerable to attacks.

155

155

Security Affairs

DECEMBER 15, 2020

Norwegian cruise company Hurtigruten disclosed a cyber attack that impacted its entire worldwide digital infrastructure. The Norwegian cruise company Hurtigruten announced its entire worldwide digital infrastructure was the victim of a cyber attack. “It’s a serious attack,” said the Hurtigruten’s chief digital officer Ole-Marius Moe-Helgesen in a statement. “The entire worldwide digital infrastructure of Hurtigruten seems to have been hit.” “The attack s

Ransomware 135

Ransomware Cyber Attacks Hacking Information Security 135

Tech Republic Security

DECEMBER 15, 2020

Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.

170

170

TrustArc

DECEMBER 15, 2020

On 17 November 2020, the Canadian Minister of Information Science and Economic Development, Navdeep Bains, introduced bill C-11, the long-awaited update to the federal Canadian privacy legislation. For many years, this legislative update had been rumoured, and now that it was finally put on the table, we can see some sweeping changes. The Digital Charter […].

130

130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Adam Shostack

DECEMBER 15, 2020

I had not seen Threat modelling at the FT. In in Lisa Fiander and Costas K share their experiences with Elevation of Privilege played remotely. It’s a pleasant surprise to see how well EoP works in this remote world. I’d written about and then done a session with Agile Stationery; seeing independent reports is great!

100

100

WIRED Threat Level

DECEMBER 15, 2020

Amateur and professional cryptographers, including those at the FBI, had been trying to decode the infamous serial killer's message to the media for decades.

Media 109

Media 109

Dark Reading

DECEMBER 15, 2020

Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.

Cybersecurity 144

Cybersecurity 144

Threatpost

DECEMBER 15, 2020

Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities.

IoT 115

IoT Internet Internet Technology 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

ImmuniWeb

DECEMBER 15, 2020

ImmuniWeb brings you our forecast of top cybercrime and cybersecurity trends that will likely predominate the global cyber threat landscape in 2021.

Cybercrime 110

Cybercrime Cybersecurity Cyber threats 110

Threatpost

DECEMBER 15, 2020

Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support.

Engineering 109

Engineering 109

Security Affairs

DECEMBER 15, 2020

Experts reported flaws in Medtronic ’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device. Experts from IoT security firm Sternum discovered vulnerabilities discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device.

Firmware 91

Firmware Authentication Mobile IoT 91

Threatpost

DECEMBER 15, 2020

From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.

Healthcare 94

Healthcare Ransomware Risk IoT 94

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The State of Security

DECEMBER 15, 2020

For the longest time, or as far as I can remember, the holy grail of all networking platforms has been the need for a single pane of glass, that single source of all information that you would need to be most effective. So, what is a single pane of glass? If you take it […]… Read More. The post From a Single Pane of Glass, to Functional Dashboards to Manage Cyber Risk appeared first on The State of Security.

Cyber Risk 88

Cyber Risk Risk 88

Threatpost

DECEMBER 15, 2020

A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.

Healthcare 87

Healthcare 87

CompTIA on Cybersecurity

DECEMBER 15, 2020

This year’s list of CompTIA’s top technology business blogs demonstrates how the tech industry responded to the pandemic, how our businesses pivoted in the midst of unprecedented chaos and change, and, ultimately, how we’ve emerged tougher and more resilient.

Technology 78

Technology 78

Threatpost

DECEMBER 15, 2020

Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware.

Scams 105

Scams Phishing Malware 105

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

DECEMBER 15, 2020

Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.

Hacking 127

Hacking Software 127

Threatpost

DECEMBER 15, 2020

The worm returned in recent attacks against web applications, IP cameras and routers.

Cryptocurrency 116

Cryptocurrency IoT Malware Hacking 116

Dark Reading

DECEMBER 15, 2020

Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.

Cyber threats 107

Cyber threats 107

Threatpost

DECEMBER 15, 2020

The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.

Malware 86

Malware 86

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

We Live Security

DECEMBER 15, 2020

Other leaked data included a range of personal information such as names, addresses and personal healthcare information. The post Medical scans of millions of patients exposed online appeared first on WeLiveSecurity.

Healthcare 83

Healthcare 83

Dark Reading

DECEMBER 15, 2020

More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.

Internet 116

Internet Internet 116

Threatpost

DECEMBER 15, 2020

A poorly configured file opens users up to site takeover.

102

102

SecureList

DECEMBER 15, 2020

All statistics in this report are from the global cloud service Kaspersky Security Network (KSN), which receives information from components in our security solutions. The data was obtained from users who have given their consent to it being sent to KSN. Millions of Kaspersky users around the globe assist us in this endeavor to collect information about malicious activity.

Banking 60

Banking Internet Internet Malware 60

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.