Schneier on Security
APRIL 1, 2021
A mafia fugitive hiding out in the Dominican Republic was arrested when investigators found his YouTube cooking channel and identified him by his distinctive arm tattoos.
Krebs on Security
APRIL 1, 2021
Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 1, 2021
Firefox's new feature automatically redirects from HTTP to HTTPS and should be considered a must-use for the security-minded. Jack Wallen explains, and shows you how to enable it.
Malwarebytes
APRIL 1, 2021
A newly discovered piece of Android malware shares the same capabilities found within many modern stalkerware-type apps—it can swipe images and video, rifle through online searches, record phone calls and video, and peer into GPS location data—but the infrastructure behind the malware obscures its developer’s primary motivations. First spotted by the research team at Zimperium zLabs , the newly found malware is already detected by Malwarebytes for Android.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
APRIL 1, 2021
Does every device in your home really need to be connected to the internet? And could your smart appliance be turned against you? The post Is your dishwasher trying to kill you? appeared first on WeLiveSecurity.
Graham Cluley
APRIL 1, 2021
CISA, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 1April 5 to scan their networks for evidence of intrusion by hackers, and report back the results. Read more in my article on the Tripwire State of Security blog.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Heimadal Security
APRIL 1, 2021
Managing thousands of IP-connected devices can become a great challenge for many organizations. But imagine trying to keep track of which IP Address is assigned to each device, which DHCP lease is up, or when the IP has changed? Fortunately, there is a solution to managing IP addressing tracking issues just like the ones mentioned […]. The post What Is IPAM in Networking and Cybersecurity?
Security Boulevard
APRIL 1, 2021
When it comes to information security and stressing the importance of cyber risk management, getting the whole company (especially the C-suite) on the same playing field becomes paramount. There’s no question that when diving into it for the first time, cyber security can be a daunting function. There are countless acronyms, concepts, and approaches that can be difficult to wrangle into layman’s terms.
Bleeping Computer
APRIL 1, 2021
Networking device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a January security breach, as revealed by a whistleblower earlier this week. [.].
CyberSecurity Insiders
APRIL 1, 2021
Endpoint security is at the forefront of digital transformation due to the very nature of needing to protect devices outside the company’s network perimeter. This started with traditional devices such as laptops and desktops. Endpoint security then quickly expanded to include mobile security, for smartphones and tablets. And, as more data moved to the cloud endpoint security came to include servers and containers, both inside and outside of the network perimeter.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
SC Magazine
APRIL 1, 2021
Activision reported finding postings on hacking forums on YouTube by a threat actor promoting a Remote Access Trojan that can be embedded in cheat mods for games like Call of Duty. (Image from Activision press kit.). They say cheaters never prosper, and new security research indicates that malicious hackers are doing their part to bring that bromide to life for unscrupulous gamers, including those who are downloading trojanized video game cheat mods on their work devices.
CyberSecurity Insiders
APRIL 1, 2021
By Tony Goulding, Cybersecurity Evangelist at Centrify. The consequences of a data breach can vary greatly depending on the intention of the adversary. Some hackers simply aim to cause disruption. Others extract valuable personally identifiable information (PII) to sell on the Dark Web, while others look to extort money due to ransomware. When a cyberattack is attempted against critical infrastructures such as hospitals, electrical grids, or water systems, the potential repercussions can affect
Tech Republic Security
APRIL 1, 2021
COVID lockdowns may be behind a major change toward targeting e-commerce and using new forms of attacks, Kaspersky finds.
The Hacker News
APRIL 1, 2021
A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
APRIL 1, 2021
From February this year, there have been multiple instances where hackers have taken control of corporate networks by exploiting vulnerabilities in MS Email Exchange Servers. CyberCube, a cyber analytics firm, claims that the rise in cyber-attacks on Microsoft servers could also increase cyber insurance claims filed by many companies. . The analytics stated that SMBs operating in North America are super-vulnerable to MS Exchange attacks than other parts of the world with the vulnerability that
Adam Shostack
APRIL 1, 2021
For Passover, we made a lamb and bitter greens pizza. Now, you may be saying to yourself that that’s wrong, but allow me to explain. A few years ago, Seattle Food Geek wrote about a No-Yeast, No-Rise, Champagne Pizza Dough. It makes use of an encapsulated leavener called WRISE. I had a sample of the WRISE leavener from a friend, and Modernist Pantry has it, listed as encapsulated baking powder here.
Security Boulevard
APRIL 1, 2021
The first quarter of 2021 went by so quickly! The whirlwind of 2020 brought its challenges, yet as we dive into 2021 — more resilient and mutually committed to our common goals — I am confident that LogRhythm can tackle…. The post The Latest LogRhythm Employee Initiatives appeared first on LogRhythm. The post The Latest LogRhythm Employee Initiatives appeared first on Security Boulevard.
Hot for Security
APRIL 1, 2021
The Internal Revenue Service (IRS) has urged university students and staff to watch out for emails that claim to come from the IRS but seek to steal sensitive personal information. Although IRS impersonation scams are not new, this phishing campaign seems to target individuals in the higher educational system, using “ edu”email addresses.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
APRIL 1, 2021
Editor's note: This article, originally published on August 7, 2018, has been updated to include new information on phishing kit features. Phishing is a social attack, directly related to social engineering. Commonly centered around email, criminals use phishing to obtain access or information. Phishing attacks can be basic or customized toward the victim and their organization.
Digital Guardian
APRIL 1, 2021
Organizations would need to ensure they have proper data security, data disposal and data breach reporting obligations in place under the law if it's passed.
SC Magazine
APRIL 1, 2021
The website for Securielite, a fake company set up to phish job-seekers. (Image from Google blog). Google on Wednesday evening announced that North Korean hackers have continued to target information security professionals with fake job offers, perpetuating a campaign that previously involved the use of a zero-day browser exploit. This recruitment scam creates an unusual problem for security pros trying to inoculate their office from such threats: How do you start a conversation with employees a
Security Boulevard
APRIL 1, 2021
Have you let cybersecurity standards slide? See how to clean up your company's act fast to avoid a data breach disaster! The post Low Cybersecurity Standards Lead to Disaster appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CSO Magazine
APRIL 1, 2021
CISO definition. The chief information security officer (CISO) is the executive responsible for an organization's information and data security. While in the past the role has been rather narrowly defined along those lines, these days the title is often used interchangeably with CSO and VP of security, indicating a more expansive role in the organization.
The Hacker News
APRIL 1, 2021
A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A.
Threatpost
APRIL 1, 2021
Some legacy models of QNAP network attached storage devices are vulnerable to remote unauthenticated attacks because of two unpatched vulnerabilities.
Security Boulevard
APRIL 1, 2021
The COVID-19 pandemic has been a boon to online retailers, as well as cybercriminals, according to a recent report from Tala Security. The report reveals that U.S. retailers’ online year-over-year revenue growth was up 68%, with a 148% growth in all online retail orders. While that might be good news for e-commerce, the bad news. The post Client-Side XSS Vulnerabilities Growing Fast appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
APRIL 1, 2021
A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily.
Threatpost
APRIL 1, 2021
A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags.
Security Boulevard
APRIL 1, 2021
API Fuzzing is technique where a comprehensive suite of inputs is generated to test an API. By using fuzzing techniques to generate inputs and observing the response from the application, an API fuzzer can quickly iterate through multitudes of test cases to find weakness in an API’s functionality or security. The post The Hidden Cost of A 500 Internal Server Error appeared first on Security Boulevard.
CyberSecurity Insiders
APRIL 1, 2021
By now, many business owners understand the value of leveraging the internet in order to promote their business and to connect with their target market. However, very few business owners think beyond the marketing benefits. Contrary to popular belief, cloud computing is a more secure option for small businesses, and a growing number of small businesses are beginning to use cloud computing for its security benefits.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
282 
Let's personalize your content