Krebs on Security
SEPTEMBER 8, 2021
Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.
Schneier on Security
SEPTEMBER 8, 2021
Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse. Here’s a link to an archived version.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 8, 2021
Technology is not the only answer: An expert suggests improving the human cyber capacity of a company's workforce plus cybersecurity technology offers a better chance of being safe.
Bleeping Computer
SEPTEMBER 8, 2021
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 8, 2021
Only 33% of users surveyed by NordPass changed the default passwords on their IoT devices, leaving the rest susceptible to attack.
Security Boulevard
SEPTEMBER 8, 2021
T- Mobile was the latest victim of a massive cyber-attack where the personal information of more than 40 million customers was leaked in a data breach. A New York Times article titled, “T – Mobile Says Hack Exposed Personal Data of 40 million People” by Isabella Grullón stated that a vendor had reportedly been trying […]. The post Why You Should Invest in Cyber Security appeared first on Phoenix TS.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
SEPTEMBER 8, 2021
Microsoft’s revised hardware specifications for the upcoming Windows 11 release on October 5 don’t change the fact that I’m stuck on Windows 10 for most of the machines in my network. Microsoft has expanded its testing application to include a few more processors that support Windows 11 (Intel Core X-series, Xeon W-series, and some Intel Core 7820HQ), but the end result is the same: We will have a mixed network of Windows 10 and Windows 11 machines going forward.
Tech Republic Security
SEPTEMBER 8, 2021
Supervised and unsupervised machine learning are good ways to detect threats. But what's the difference?
CyberSecurity Insiders
SEPTEMBER 8, 2021
After going for a brief hiatus, REvil aka Sodinokibi Ransomware gang has re-appeared on the dark web. The file encrypting malware group that is suspected to be operating from Russia has reinstated its “Happy Blog” and started posting stolen data details that were siphoned from victims who did not pay the demanded ransom of $11 million. According to Adam Meyers, the President of the Cybersecurity firm CrowdStrike, REvil ransomware spreading group’s customer care is also back online and are ready
Tech Republic Security
SEPTEMBER 8, 2021
Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 8, 2021
Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the threat actors.
Tech Republic Security
SEPTEMBER 8, 2021
Sites used by the infamous cybercrime group have mysteriously come back to life. Does that mean it's back in business after a brief respite?
CyberSecurity Insiders
SEPTEMBER 8, 2021
Germany has officially put the blame on Russian government for launching cyber attacks to disrupt the country’s general elections. The Germany Ministry issued a public statement on this note yesterday and stated that it has reliable information that the GRU Military Intelligence service involved in espionage tactics where it stole login credentials of some bureaucrats and federal law-makers.
Tech Republic Security
SEPTEMBER 8, 2021
Selling prices for stolen PayPal accounts have shot up by 194%, according to research by Comparitech.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
SEPTEMBER 8, 2021
The post Frontline Announces Integration with Core Impact Penetration Testing Tool appeared first on Digital Defense, Inc. The post Frontline Announces Integration with Core Impact Penetration Testing Tool appeared first on Security Boulevard.
Malwarebytes
SEPTEMBER 8, 2021
Several researchers have independently reported a 0-day remote code execution vulnerability in MSHTML to Microsoft. The reason it was reported by several researchers probably lies in the fact that a limited number of attacks using this vulnerability have been identified, as per Microsoft’s security update. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.
CyberSecurity Insiders
SEPTEMBER 8, 2021
Are you responsible for hiring members of the cybersecurity team at your organization? Then we want to hear from you! (ISC)² is looking to meet with professionals who hire cybersecurity practitioners, specifically entry level staff. We are holding a two-day virtual meeting for this purpose which is scheduled for September 27-28, 2021. It will run from 8:30 a.m. to 4:30 p.m.
Cisco Security
SEPTEMBER 8, 2021
Cisco Secure Firewall provides industry-leading firewall capabilities for Amazon Virtual Private Cloud (VPC)and resources deployed inside. Customers use these firewalls to protect north-south and east-west traffic. Typically, we provide north-south traffic inspection in AWS infrastructure by deploying a load balancer and adding firewalls behind it. Another approach uses Amazon VPC Ingress Routing to steer traffic to Cisco Secure Firewalls.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
SEPTEMBER 8, 2021
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.
Security Through Education
SEPTEMBER 8, 2021
This newsletter is unique because we have two writers this month: Curt and Shelby. Over the past two years of working together, we have analyzed our approaches to vishing and the rapport building techniques that we each naturally lean towards. We have done this so we can better understand our own strengths, as well as learn from one another. You will probably identify more with one of our approaches than the other.
Security Boulevard
SEPTEMBER 8, 2021
Organizations are increasingly turning to AI and ML to enhance their cybersecurity operations. Having algorithms to do some of the most tedious but necessary tasks has taken a lot of stress off of overworked security teams. But as AI/ML become more ubiquitous within organizations in many other areas, the technologies themselves are at risk of. The post Securing AI and ML at the Edge appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 8, 2021
Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
eSecurity Planet
SEPTEMBER 8, 2021
A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security controls and gain unauthorized access to sensitive data. Researchers with JFrog Security uncovered the vulnerability, CVE-2021-40346, during their regular searches for new and previously unknown vulnerabilities in popular open-source projects.
Digital Guardian
SEPTEMBER 8, 2021
There's no patch yet but Microsoft has released a workaround to mitigate the latest zero day, a vulnerability announced this week in WIndows 10 and Windows Server.
Graham Cluley
SEPTEMBER 8, 2021
I hate to give advice to those who work for cybercrime gangs, but maybe - if they care about their liberty - they should think long and hard before making any international travel plans. Read more in my article on the Hot for Security blog.
Security Boulevard
SEPTEMBER 8, 2021
With today’s newest release of ForgeRock Autonomous Identity, we continue to advance the way artificial intelligence (AI) and machine learning (ML) make our customers’ lives easier. This commitment to innovation helps enterprises reduce risk and more efficiently manage workforce access. Autonomous Identity’s AI-driven approach to identity governance and administration (IGA) offers new capabilities to help security and IT teams to increase an organization’s security posture by avoiding excessive
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
eSecurity Planet
SEPTEMBER 8, 2021
The cybercriminal gang behind the Ragnar Locker ransomware attacks is threatening victims that it will go public with data captured in an attack if they contact law enforcement agencies or hire negotiators. The Ragnar Locker group posted on its darknet leak site a note outlining the warning, putting even more pressure on target companies (which the group calls “clients”) and increasing attention on the already high-profile debate about organizations paying ransoms.
The Hacker News
SEPTEMBER 8, 2021
A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.
Security Boulevard
SEPTEMBER 8, 2021
The Guardian gets part of their history right in a new article about government use of political theory and economics: British government’s fondness for minor behavioural modification tactics began in the David Cameron era… Indeed, you may recall in 2014 we hosted a discussion on exactly that topic: …interface between economics and political science in … Continue reading Governance Always Has Been About “Nudge” Behavior Economics ?.
CSO Magazine
SEPTEMBER 8, 2021
If you do business with the Department of Defense (DoD), then the Cybersecurity Maturity Model Certification (CMMC) is known to you. The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) approved the first company to become a certified assessor in May 2021. Since then, three additional companies have been approved. That’s it. Four companies have been approved to be a Certified Third-Party Assessment Organization (C3PAO) and assessed DoD contractor cybersecurity compliance with the
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
318 
Let's personalize your content