Troy Hunt

SEPTEMBER 9, 2021

111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence. We've all since watched enough crime shows to understand that fingerprints are unique personal biometric attributes and to date, no two people have ever been found to have a matching set. As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication.

Authentication 335

Authentication Passwords Data breaches Risk 335

Schneier on Security

SEPTEMBER 9, 2021

We knew the basics of this story , but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.

Hacking 279

Hacking Firewall 279

Tech Republic Security

SEPTEMBER 9, 2021

Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate.

Phishing 218

Phishing 218

Trend Micro

SEPTEMBER 9, 2021

Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger.

145

145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 9, 2021

IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a "thankless task" and that they're the "bad guys" for implementing these rules.

Cybersecurity 218

Cybersecurity 218

Bleeping Computer

SEPTEMBER 9, 2021

New details have emerged about the recent Windows CVE-2021-40444 zero-day vulnerability, how it is being exploited in attacks, and the threat actor's ultimate goal of taking over corporate networks. [.].

145

145

Security Affairs

SEPTEMBER 9, 2021

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as M?ris. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown.

DDOS 144

DDOS Internet Internet IoT 144

Tech Republic Security

SEPTEMBER 9, 2021

Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.

165

165

We Live Security

SEPTEMBER 9, 2021

The university suffered a ransomware attack, however there is no evidence so far of data being accessed or stolen. The post Howard University suffers cyberattack, suspends online classes in aftermath appeared first on WeLiveSecurity.

Ransomware 140

Ransomware Cybersecurity 140

The Hacker News

SEPTEMBER 9, 2021

There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety.

IoT 136

IoT Software Cybersecurity 136

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

SEPTEMBER 9, 2021

Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and reportedly continues this week. [.].

DDOS 136

DDOS Internet Internet 136

CSO Magazine

SEPTEMBER 9, 2021

In most enterprise stacks today, the database is where all our secrets wait. It’s part safe house, ready room, and staging ground for the bits that may be intensely personal or extremely valuable. Defending it against all incursions is one of the most important jobs for the database administrators, programmers, and DevOps teams that rely upon it. Alas, the job isn’t easy.

CSO 133

CSO Cybersecurity 133

Bleeping Computer

SEPTEMBER 9, 2021

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on average, whereas arborist gets downloaded over 300,000 times every week. [.].

Software 132

Software 132

The State of Security

SEPTEMBER 9, 2021

In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations. The security hole, dubbed CVE-2021-40444, is a previously unknown remote code execution vulnerability in MSHTML, a core component of Windows which helps render web-based content. According to Microsoft, attacks exploiting the vulnerability […]… Read More.

132

132

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

SEPTEMBER 9, 2021

In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.

Software 120

Software 120

Bleeping Computer

SEPTEMBER 9, 2021

A new distributed denial-of-service (DDoS) botnet that kept growing over the summer has been hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second. [.].

DDOS 129

DDOS Internet Internet 129

Security Boulevard

SEPTEMBER 9, 2021

Each week, Sontiq uses its BreachIQ capability to identify recent notable reported data breaches. These breaches are highlighted because of the heightened identity security risks to the victims. BreachIQ uses a proprietary algorithm to analyze more than 1,300 factors of a data breach and create a risk score on a scale of 1-10. The higher. The post Breach Clarity Data Breach Report: Week of Sept. 6 appeared first on Security Boulevard.

Data breaches 127

Data breaches Risk Cybersecurity 127

The Hacker News

SEPTEMBER 9, 2021

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan.

VPN 124

VPN Passwords Accountability Network Security 124

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

SEPTEMBER 9, 2021

Another Five Eyes government is trying to stop end-to-end encryption—this time, it’s the UK. The post Think of the Children: Anti-E2EE Ads Ahoy appeared first on Security Boulevard.

Encryption 122

Encryption Government Social Engineering Security Awareness 122

CyberSecurity Insiders

SEPTEMBER 9, 2021

By Narendran Vaideeswaran, Director Product Marketing, Identity & Zero Trust, CrowdStrike. The traditional working format has completely changed over the last 18 months for many organizations, with an increasing number switching to a ‘remote working’ model during the pandemic. Organizations have had no choice but to adapt and build on their existing cybersecurity systems.

Risk 121

Risk Authentication Marketing Accountability 121

CSO Magazine

SEPTEMBER 9, 2021

Microsoft Active Directory (AD), which handles identity management, reportedly holds 90% to 95% market share among fortune 500 companies. Given such broad adoption, it is no surprise that it is so heavily targeted by malicious actors and researchers alike. Among the most cited types of attacks against AD are legacy protocols. One such protocol that receives a lot of focus from attackers is NT LAN Manager (NTLM ).

Authentication 117

Authentication Marketing 117

Tech Republic Security

SEPTEMBER 9, 2021

Two-step verification can better secure and safeguard your account. Here's how to set it up.

Accountability 144

Accountability 144

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

TrustArc

SEPTEMBER 9, 2021

The Irish Data Protection Commission (DPC) has imposed a fine of €225 million on WhatsApp’s European headquarters, following an investigation that took many years to complete. In addition to the fine, WhatsApp has received a compliance order, which it needs to fulfill within 3 months. The sanctions are imposed for violations of the transparency principle […].

113

113

Security Affairs

SEPTEMBER 9, 2021

The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown.

DDOS 122

DDOS Internet Internet Firmware 122

CyberSecurity Insiders

SEPTEMBER 9, 2021

We have seen world renowned adventurer Bear Grylls fight with snakes, lions and alligators. But now the British enthusiast is seen busy fending off attacks from hackers having the intention to steal currency from him and put a dent to his business and its reputation. Bear Grylls who has taken many guests like Former US President Barack Obama, Indian Prime Minister Shri Narender Modi, on various adrenaline filled expeditions including Hollywood celebrities like Scarlett Johnson, Kate Winslet, Mic

Cyber Attacks 107

Cyber Attacks Software Encryption Cybersecurity 107

Google Security

SEPTEMBER 9, 2021

Posted by Suzanne Frey, VP, Product, Android & Play Security and Privacy We introduced Android’s Private Compute Core in Android 12 Beta. Today, we're excited to announce a new suite of services that provide a privacy-preserving bridge between Private Compute Core and the cloud. Recap: What is Private Compute Core ? Android’s Private Compute Core is an open source, secure environment that is isolated from the rest of the operating system and apps.

Mobile 105

Mobile Media Technology 105

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

SEPTEMBER 9, 2021

A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.

114

114

The Hacker News

SEPTEMBER 9, 2021

The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.

Ransomware 104

Ransomware Technology 104

Heimadal Security

SEPTEMBER 9, 2021

In the course of two months (July and August), security experts at GitHub Robert Chen and Philip Papurt have discovered arbitrary code execution vulnerabilities in the open-source Node.js packages, tar, and @npmcli/arborist. According to BleepingComputer, the tar package receives 20 million weekly downloads on average, whereas arborist gets downloaded over 300,000 times every week.

Cybersecurity 102

Cybersecurity 102

Acunetix

SEPTEMBER 9, 2021

In our old advertisements, you could often read that 70 percent of websites are hackable. The sad truth is, however, that every website and web application can be hacked, given enough time and resources. What makes a website or web application fall within the 70 percent. Read more. The post Web Security Basics: Is Your Web Application Safe? appeared first on Acunetix.

Advertising 98

Advertising Hacking 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.