Thu.Dec 31, 2020

article thumbnail

Brexit Deal Mandates Old Insecure Crypto Algorithms

Schneier on Security

In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information. The protocol s/MIME (V3) allows signed receipts, security labels, and secure mailing lists… The underlying certificate used by s/MIME mechanism has to be in compliance with X.509 standard… The processing rules for s/MIM

article thumbnail

SMBs: How to find the right MSP for your cybersecurity needs

Tech Republic Security

Cybercriminals do what they do for money, so why not make it unworthy of their time to attack your small or medium business?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Golang-based Crypto worm infects Windows and Linux servers

Security Affairs

Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since early December targeting public-facing services, including MySQL, Tomcat admin panel and Jenkins that are protected with weak passwords.

Malware 145
article thumbnail

20 for 2020: The Edge's Top Articles of the Year

Dark Reading

Variety is the spice of life, and it's also the perfect analogy for the article topics that resonated most with Edge readers this past year.

144
144
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

SolarWinds hackers gained access to Microsoft source code

Security Affairs

The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products. The threat actors behind the SolarWinds attack could have compromised a small number of internal accounts and used at least one of them to view source code in a number of source code repositories. Shortly after the disclosure of the SolarWinds attack, Microsoft confirmed that it was one of the companies breached in the recent supply chain attack, but the IT giant de

article thumbnail

Would you take the bait? Take our phishing quiz to find out!

We Live Security

Is the message real or fake? Take our Phishing Derby quiz to find out how much you know about phishing. The post Would you take the bait? Take our phishing quiz to find out! appeared first on WeLiveSecurity.

Phishing 106

More Trending

article thumbnail

The Coolest Hacks of 2020

Dark Reading

Despite a pandemic and possibly the worst cyberattack campaign ever waged against the US, the year still had some bright spots when it came to "good" and creative hacks.

Hacking 139
article thumbnail

Threat actor is selling 368.8 million records from 26 data breaches

Security Affairs

A data breach broker is selling user records allegedly from twenty-six data breaches on a hacker forum. Security experts from Bleeping Computer reported that a threat actor is selling user records allegedly stolen from twenty-six companies on a hacker forum. The total volume of data available for sale is composed of 368.8 million stolen user records. “Last Friday, a data broker began selling the combined total of 368.8 million stolen user records for twenty-six companies on a hacker forum.

article thumbnail

What’s Next for Ransomware in 2021?

Threatpost

Ransomware response demands a whole-of-business plan before the next attack, according to our roundtable of experts.

article thumbnail

Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code

Dark Reading

Malicious SolarWinds Orion backdoor installed in Microsoft's network led to the attackers viewing some of its source code.

145
145
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft: 'Hackers Viewed Our Source Code'

SecureWorld News

It was a New Year's Eve 2020 revelation from Microsoft. During its internal investigation into the SolarWinds supply chain attack Microsoft uncovered an unsettling surprise. Hackers have successfully accessed the company's network and worked their way into valuable data repositories. Microsoft reveals hackers accessed source code. The company says its internal investigation did not find the typical tactics, techniques and procedures (TTPs) associated with the SolarWinds cyberattack.

article thumbnail

How to Build Cyber Resilience in a Dangerous Atmosphere

Dark Reading

Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.

article thumbnail

Episode 198: Must Hear Interviews from 2020

The Security Ledger

Trying times have a way of peeling back the curtains and seeing our world with new eyes. We. The post Episode 198: Must Hear Interviews from 2020 appeared first on The Security Ledger. Related Stories Episode 195: Cyber Monday Super Deals Carry Cyber Risk DHS Looking Into Cyber Risk from TCL Smart TVs Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!

article thumbnail

Cybersecurity 2020 in Review

ZoneAlarm

2020 was a year we will never forget. The year where the words “COVID-19” and “corona” were being said by the entire world in every other sentence. Where takeout food, wearing a mask became the norm. And it wasn’t just the pandemic that caused the world to go into panic mode and uncertainty. The world … The post Cybersecurity 2020 in Review appeared first on ZoneAlarm Security Blog.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?