Schneier on Security
JULY 23, 2021
A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis : The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual.
Troy Hunt
JULY 23, 2021
This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC. Plus, she has to put up with all my IoT shenanigans so that made for some fun conversation, along with how our respective homelands are dealing with the current pandemic (less fun, but very important).
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Daniel Miessler
JULY 23, 2021
There’s massive confusion in the security community around Security Through Obscurity. In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy , meaning if you hide anything, it’s Security Through Obscurity.
Tech Republic Security
JULY 23, 2021
Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JULY 23, 2021
Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [.].
Security Boulevard
JULY 23, 2021
Cyber criminals are taking advantage of the global crisis coronavirus pandemic (COVID-19) to attempt cyber scams! The Wave of Coronavirus Cyber Scams While the world is busy fighting with the coronavirus pandemic (COVID-19), cyber attackers are misusing this global crisis for their malicious use. The outbreak of newly discovered endangering infectious disease coronavirus (COVID-19) has […].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
JULY 23, 2021
The Zero Trust architecture offers an increasingly popular way to minimize cyber-risk in a world of hybrid cloud, flexible working and persistent threat actors. The post Protecting the hybrid workplace through Zero Trust security appeared first on WeLiveSecurity.
eSecurity Planet
JULY 23, 2021
A pair of vulnerabilities in the Linux kernel disclosed this week expose major Linux operating systems that could let a hacker either gain root privileges on a compromised host or shut down the entire OS altogether. The two flaws – CVE-2021-33909 and CVE-2021-33910, respectively – were disclosed by vulnerability management vendor Qualys in a pair of blogs that outlined the threat to Linux OSes from such companies Red Hat, Ubuntu, Debian and Fedora.
The Hacker News
JULY 23, 2021
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics.
CSO Magazine
JULY 23, 2021
The European Commission (EC) has set out new legislative proposals to strengthen its anti-money laundering (AML) and countering terrorism financing (CFT) rules to tackle financial crime. A key element of those proposals includes changes to make crypto asset transfers more traceable and secure by forcing companies to collect certain details on recipients and senders and prohibiting the use of anonymous cryptocurrency wallets.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Cisco Security
JULY 23, 2021
Bringing focus back to organizations’ IT, and empowering security heroes. Esports are becoming massively popular, and you’ll commonly hear about how a player “carried the team on their back,” a phrase often used when a teammate perseveres through adversity, contributes more than their fair share, and ultimately delivers a win. Over the last year and a half, IT and security heroes globally have adapted and met the needs of their workforces that had to rapidly pivot to remote work.
Bleeping Computer
JULY 23, 2021
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. [.].
Heimadal Security
JULY 23, 2021
In this article, we will discuss the functionality of a rootkit, go through classifications, detection methodologies, and, of course, rootkit prevention. What is a Rootkit? Rootkits are malicious computer programs designed to infiltrate a machine for the purpose of obtaining administrator or system-level privileges. Despite their overtly clandestine behavior, rootkits are only intended to bypass […].
Bleeping Computer
JULY 23, 2021
Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
JULY 23, 2021
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore why organizations should implement Zero Trust in 2021. In 2010, John Kindervag introduced the concept of “Zero …. The post Why implementing Zero Trust is more important than ever before appeared first on ManageEngine Blog.
Bleeping Computer
JULY 23, 2021
Apple has rolled out iOS 14.7 earlier this week with security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution. [.].
Graham Cluley
JULY 23, 2021
IT service firm Kaseya says that it has "obtained" a universal decryptor for customers hit by the REvil ransomware gang earlier this month. REvil had earlier offered to sell the decryptor for $70 million.
Security Affairs
JULY 23, 2021
A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. Security researcher Gilles Lionel (aka Topotam ) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with him.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
JULY 23, 2021
The Dutch police announced that they arrested two Dutch citizens, aged 24 and 15, for developing and selling phishing panels. The police also searched the house of another suspect, an 18 year old who was not arrested. The people behind this illegal business called themselves the Fraud Family and were active on Telegram to sell their panels to interested parties.
Heimadal Security
JULY 23, 2021
Ransomware has come to be a customary instrument in the arsenal of cybercriminals who routinely attack individuals and organizations. Under such circumstances, their victims experience financial damage either by owning up to large ransomware payouts or by bearing the price of recovering from attacks. There are times when ransomware victims can decrypt their files with free […].
IT Security Guru
JULY 23, 2021
Hackers are using weak and stolen credentials in a significant way to compromise business-critical environments. Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on other vulnerabilities. Therefore, using good password security and robust password policies is an excellent way for organizations to bolster their cybersecurity posture.
Security Boulevard
JULY 23, 2021
Girl Scouts North Carolina Coastal Pines serves 35,000+ girls and volunteers in 41 counties in central and eastern North Carolina, During the evaluation phase they quickly discovered that BlackFog was filling a pretty big security gap. The post Girl Scouts Safeguards Data with BlackFog appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
JULY 23, 2021
Tokyo Olympics 2021 Opening Ceremony is about to start in a few hours time and organizers are busy checking out the Cybersecurity arrangements meant to protect the Olympics event from state funded hackers. Security analysts from West estimate that the much renowned games event might be on the Russian Cyber Attack Radar, as disrupting such events has been a regular practice for the said nation, if history is considered.
Security Affairs
JULY 23, 2021
Estonian hacker Pavel Tsurkan has pleaded guilty in a United States court to the counts of computer fraud and of creating and operating a proxy botnet. The Estonian national Pavel Tsurkan has pleaded guilty in a United States court to two counts of computer fraud and abuse. According to court documents, Pavel Tsurkan (33) operated a criminal proxy botnet composed of more than 1,000 devices.
Security Boulevard
JULY 23, 2021
The post Why Do Ransomware Attacks Keep Happening appeared first on Digital Defense, Inc. The post Why Do Ransomware Attacks Keep Happening appeared first on Security Boulevard.
CyberSecurity Insiders
JULY 23, 2021
CHICAGO–( BUSINESS WIRE )– Trustwave Government Solutions , the wholly-owned subsidiary of Trustwave Holdings, Inc., today announced it has joined the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Information Sharing and Collaboration Program (CISCP). The overall mission of CISCP is to build cybersecurity resiliency and to harden the defenses of the U.S. and its strategic partners.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
JULY 23, 2021
Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today.
Bleeping Computer
JULY 23, 2021
This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key. [.].
Security Boulevard
JULY 23, 2021
Preventing attacks and breaches of pipeline companies is once again the theme of this week's cybersecurity news. The post Cybersecurity News Round-Up: Week of July 19, 2021 appeared first on Security Boulevard.
The Hacker News
JULY 23, 2021
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
348 
Let's personalize your content