AI Security Risk Assessment Tool
Schneier on Security
MAY 11, 2021
Microsoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.” Details on their blog.
Schneier on Security
MAY 11, 2021
Microsoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.” Details on their blog.
Krebs on Security
MAY 11, 2021
Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
MAY 11, 2021
By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be. Related: DHS launches 60-day cybersecurity sprints. Obviously, one change for the better would be if software developers and security analysts paid much closer attention to the new and updated coding packages being assembled and depl
Tech Republic Security
MAY 11, 2021
Cybersecurity expert discusses the many ways attackers could have gotten access to the Colonial Pipeline company and reminds us why the threat always looms.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MAY 11, 2021
Humans are the biggest risk to an organization’s cybersecurity posture, and it might be a bigger risk than many realize. According to research from Elevate Security, human behavior had a direct role in 88% of total losses in the largest cybersecurity incidents over the past five years and about two-thirds of major data breaches are. The post Your Security Awareness Training Isn’t Working appeared first on Security Boulevard.
Tech Republic Security
MAY 11, 2021
Though it likes to promote itself as being "philanthropic," the DarkSide gang represents a dangerous threat to organizations around the world.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MAY 11, 2021
Expert says there are several ways the hackers may have gotten access and how we can possibly prevent these attacks in the future.
Threatpost
MAY 11, 2021
A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.
Dark Reading
MAY 11, 2021
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
Security Boulevard
MAY 11, 2021
The range of predictive security analytics use cases a vendor offers fundamentally defines the maturity. The post Predictive Security Analytics Use Cases appeared first on Gurucul. The post Predictive Security Analytics Use Cases appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
MAY 11, 2021
So, what do you do if you're a ransomware gang which has just caught the attention of not just the world's media, but also the FBI and the President of the United States?
We Live Security
MAY 11, 2021
Your account won’t be deleted, but here's what you may want to be aware of if not even repeated reminders to accept the new policy do the trick. The post WhatsApp will limit features for users who don’t accept new data‑sharing rules appeared first on WeLiveSecurity.
Hot for Security
MAY 11, 2021
Unknown actors took control over a quarter of all Tor network relays to launch man-in-the-middle attacks, target bitcoin addresses and much more. Tor is a software that lets users obfuscate their network traffic by routing it automatically through numerous volunteer-operated relays worldwide. That traffic is typically encrypted, so intercepting it is not really an option, but the attacker did something more subtle.
The Hacker News
MAY 11, 2021
Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
MAY 11, 2021
The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare.
Bleeping Computer
MAY 11, 2021
A Microsoft Outlook update released today for the desktop client introduced bugs that prevent users from creating or viewing mail. [.].
Hot for Security
MAY 11, 2021
In 2020, The National Cyber Security Centre’s (NCSC) Active Cyber Defense (ACD) program managed to curb the online scam economy in a record-breaking takedown of 700,595 scams. The agency’s latest annual report highlights a fifteen-fold increase in campaign takedowns compared to 2019. Nearly 1.5 million URLs were taken down in 2020, including: Fake celebrity endorsement scams – 286,213 campaigns taking down 731,080 URLs Fake shops – 139,522 campaigns taking down 222,353 URLs.
Threatpost
MAY 11, 2021
Statement by the ransomware gang suggests that the incident that crippled a major U.S. oil pipeline may not have exactly gone to plan for overseas threat actors.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
SC Magazine
MAY 11, 2021
An aerial view of a Colonial Pipeline tank farm. A cyberattack that forced company to pause operations has cybersecurity experts questioning what tactics the U.S. government can take to deter cybercriminals. (Colonial Pipeline). The cyberattack on the Colonial Pipeline spurred a clear message from the White House Monday that the onus lies with critical infrastructure owners and operators to secure their own networks.
Bleeping Computer
MAY 11, 2021
Today is Microsoft's May 2021 Patch Tuesday, and with it comes three zero-day vulnerabilities, so Windows admins will be rushing to apply updates. [.].
Security Affairs
MAY 11, 2021
Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate.
Bleeping Computer
MAY 11, 2021
Adobe has released a massive Patch Tuesday security update release that fixes vulnerabilities in twelve different applications, including one actively exploited vulnerability Adobe Reader. [.].
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Security Affairs
MAY 11, 2021
Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them. . The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it. “The German security researcher Stack Smashing tweeted today ( via The 8-bit ) that he was able to “break into the microcontroller of the AirTag” and modified elements of the item tracker software.” reported the
The State of Security
MAY 11, 2021
Over the weekend, the Alpharetta, GA based Colonial Pipeline was hit by an extensive ransomware attack that shut down its information technology (IT) and industrial operational technology (OT) systems. Simply put, an all-too-common ransomware event targeting IT systems encouraged a voluntary shutdown on the production side (OT) of the business to prevent further exposure.
The Hacker News
MAY 11, 2021
The ransomware attack against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a regional emergency declaration in 17 states and the District of Columbia (D.C.).
Malwarebytes
MAY 11, 2021
Both the Australian Cyber Security Centre (ACSC) and the US Federal Bureau of Investigation (FBI) have issued warnings about an ongoing cybercrime campaign that is using Avaddon ransomware. The FBI states that is has received notifications of unidentified cyber actors using Avaddon ransomware against US and foreign private sector companies, manufacturing organizations, and healthcare agencies.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
SC Magazine
MAY 11, 2021
Researchers at Intezer released details behind a previously undisclosed vulnerability that could allow Microsoft Azure users with low-level privileges to leak private data from any virtual machine extension plugged into their cloud environment. (Photo by Jeenah Moon/Getty Images). Researchers at Intezer released details behind a previously undisclosed vulnerability that could allow Microsoft Azure users with low-level privileges to leak private data from any virtual machine extension plugged int
Security Affairs
MAY 11, 2021
Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed to make signatures invisible infrastructure. Cosign supports: Hardware and KMS signing Bring-your-own PKI Our free OIDC PKI (Fulcio) Built-in binary transparency and timestamping service (Rekor).
SC Magazine
MAY 11, 2021
An Office 365 retail pack. (Raysonho @ Open Grid Scheduler / Grid Engine, CC0, via Wikimedia Commons). Researchers last week spotted a phishing campaign that leveraged an online email authentication solution from Zix, in hopes that potential victims would be lulled into a false sense of security. The attack reached 5,000 to 10,000 mailboxes, targeting Office365 users with the goal of stealing their credentials, according to a new blog post today from Abnormal Security.
Security Boulevard
MAY 11, 2021
While there is no doubt that a Secure Sockets Layer (SSL) certificate is crucial for your website to safeguard against cyberattacks, it could be challenging to choose the right one. The post What are the Different Types of SSL Certificates Available? appeared first on Indusface. The post What are the Different Types of SSL Certificates Available? appeared first on Security Boulevard.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Let's personalize your content