Anton on Security
DECEMBER 21, 2021
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ), your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?—?
The Last Watchdog
DECEMBER 21, 2021
Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide. Related: Weaponized email endures as top threat. Digital native companies start from day one relying entirely on Microsoft Office 365 or Google’s G Suite and most established companies are in some stage of migrating to, or adjusting for, Office 365 or G Suite.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 21, 2021
Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.
Joseph Steinberg
DECEMBER 21, 2021
Ransomware. After years of making headlines by successfully breaching hospitals, businesses, and government agencies, and causing them to suffer many millions of dollars of damage, the dangerous type of malware known as “ransomware” continues to wreak havoc around the globe. Ransomware may seem like a straightforward concept – it is computer malware that makes data unavailable to the data’s rightful owner until that party pays a ransom to the criminal operating the ransomware.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
DECEMBER 21, 2021
Even with the growing awareness about cybersecurity, many myths about it are prevalent. These misconceptions can be a barrier to effective security. The first step to ensure the security of your business is to separate the false information, myths, and rumors from the truth. Here, we're busting some common cybersecurity myths. Read on to find out which of the following you thought were true.
Security Affairs
DECEMBER 21, 2021
Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains. Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Malwarebytes
DECEMBER 21, 2021
On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the world’s foremost law enforcement agencies, the FBI and the NCA (the UK equivalent of the FBI, the National Crime Agency). This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt.
Security Boulevard
DECEMBER 21, 2021
Disconnects in perception between security operations center (SOC) leadership and staff in terms of organizational effectiveness and capability are hampering organizational efforts to combat cybercrime and other issues, according to a report. The global survey of more than 1,000 cybersecurity professionals, conducted by the Ponemon Institute in September 2021, found more than 70% of SOC.
CSO Magazine
DECEMBER 21, 2021
Implementing security controls has long been used to mitigate risk? However not all security controls are created equal. To help prioritize the most critical security controls, sources have emerged. Easily the most notable are the 18 Critical Security Controls from CIS , which formerly was the SANS Top 20. While all 18 of the listed CIS critical controls are indeed just that, organizations realistically operate with limited time, resources and attention.
CyberSecurity Insiders
DECEMBER 21, 2021
This blog was written by an independent guest blogger. Defense strategies have evolved as hackers have changed their schemes, and one new approach companies are putting into practice for their security plan is data-centric security. Older security models focused on network infrastructure and hardware security controls while data-centric security concentrates on the data itself.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
DECEMBER 21, 2021
In 2017, the National Institute of Standards and Technology (NIST) released NIST Special Publication 800-63B Digital Identity Guidelines to help organizations properly comprehend and address risk as it relates to password management on the part of end users. Nearly every year since, NIST has undertaken to update or underscore these guidelines as security experts continue […].
Security Affairs
DECEMBER 21, 2021
Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library. The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and to the CVE-2021-45046 RCE. “More than 35,000 Java packages, amounting to over 8% of the Maven Central repository (the most significant Java package
Bleeping Computer
DECEMBER 21, 2021
Two critical and high severity security vulnerabilities in the highly popular "All in One" SEO WordPress plugin exposed over 3 million websites to takeover attacks. [.].
Security Boulevard
DECEMBER 21, 2021
Two-factor authentication (2FA) is now a part of daily life, and most of us have had first-hand experience with SMS authentication. You enter your password, then you get a prompt to enter a code or pin that’s sent to your phone number. After you type in the code, you’re in. Simple, right? We all have … Continued. The post Why Using SMS Authentication for 2FA Is Not Secure appeared first on Enterprise Network Security Blog from IS Decisions.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
eSecurity Planet
DECEMBER 21, 2021
There are few guarantees in the IT industry, but one certainty is that as the world steps into 2022, ransomware will continue to be a primary cyberthreat. The dangers from ransomware have risen sharply since WannaCry and NotPetya hit the scene in 2017, and this year has been no different. A pair of recent reports underscores just how big that threat is.
Bleeping Computer
DECEMBER 21, 2021
Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit. [.].
Security Affairs
DECEMBER 21, 2021
Researchers spotted a new botnet named Abcbot hat that mainly targeted Chinese cloud hosting providers over the past months. Security researchers discovered a new botnet, named Abcbot , that focused on Chinese cloud hosting providers over the past months. The list of targeted providers includes Alibaba Cloud, Baidu, Tencent, and Huawei Cloud. In November, researchers from Qihoo 360’s Netlab security team spotted the Abcbot botnet that was targeting Linux systems to launch distributed denial-of-s
The Hacker News
DECEMBER 21, 2021
Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
DECEMBER 21, 2021
Security Risk: High. Exploitation Level: Easy. CVSS Score: 9.9 / 7.7. Vulnerability: Privilege Escalation, SQL Injection. Patched Version: 4.1.5.3. Last week, security researcher at Automattic Marc Montpas recently discovered two severe security vulnerabilities within one of the most popular SEO plugins used by WordPress website owners: All in One SEO.
The Hacker News
DECEMBER 21, 2021
A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.
Bleeping Computer
DECEMBER 21, 2021
The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack. [.].
Threatpost
DECEMBER 21, 2021
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
DECEMBER 21, 2021
Recently released Dell BIOS updates are reportedly causing serious boot problems on multiple laptops and desktop models. [.].
CSO Magazine
DECEMBER 21, 2021
The holiday shopping season sees vast numbers of people flock online to take advantage of mass sales, most notably during the Black Friday and Cyber Monday period of late November. Cybercriminals are known to significantly expand their efforts to exploit bargain-seeking shoppers during this time in the lead up to Christmas, and 2021 has been no exception.
Bleeping Computer
DECEMBER 21, 2021
A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions (SEC) system. [.].
Security Boulevard
DECEMBER 21, 2021
Ransomware remains today’s most significant cybersecurity threat, and attacks continue to hit organizations of all sizes and in all sectors. The costliest and most destructive ransomware incidents understandably attract the most media attention. Going beyond the media scrutiny, our review of 2021’s biggest ransomware attacks outlines some crucial security lessons learned from these incidents and….
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
DECEMBER 21, 2021
A dark web marketplace named '2easy' is becoming a significant player in the sale of stolen data "Logs" harvested from roughly 600,000 devices infected with information-stealing malware. [.].
Dark Reading
DECEMBER 21, 2021
The Facebook parent company seeks court's help in identifying the individuals behind some 39,000 websites impersonating its brands to collect login credentials.
CSO Magazine
DECEMBER 21, 2021
Tick… On December 9, 2021, the world was alerted to the Log4j vulnerability [CVE-2021-44228 aka Log4Shell]. Tock… Most likely bad actors already knew about this prior to December 9 th as it’s been reported that the vulnerability was exposed much earlier in Minecraft chat forums. The vulnerability exposes how the ubiquitous Log4j Java logging utility can be taken advantage of by injecting Java Naming and Directory Interface (JNDI) code in the User-Agent HTTP Header to execute a malicious script.
The Hacker News
DECEMBER 21, 2021
Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick in malicious activities that are "just the tip of the iceberg.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
338 
Let's personalize your content