Tue.Sep 08, 2020

article thumbnail

Microsoft Patch Tuesday, Sept. 2020 Edition

Krebs on Security

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web br

Software 228
article thumbnail

More on NIST's Post-Quantum Cryptography

Schneier on Security

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: We're in the process of moving this blog to Wordpress. Comments will be disabled until the move it complete. The management thanks you for your cooperation and support.

262
262
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ransomware Hits City of Hartford, Cancels First Day of School

Adam Levin

The city of Hartford, Connecticut’s capital, was hit by a ransomware attack that disrupted many of its critical systems and caused the city’s first day of school to be postponed. “We are often the subject of cyberattacks,” said Hartford mayor Luke Bronin. This was, however, the most extensive and significant attack that the city has been subject to in the last five years.” .

article thumbnail

How SMBs are overcoming key challenges in cybersecurity

Tech Republic Security

Small and midsized businesses cited budget constraints as their biggest security obstacle, according to Untangle.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Newcastle University infected with DoppelPaymer Ransomware

Security Affairs

UK research university Newcastle University suffered a DoppelPaymer ransomware attack and took its systems offline in response to the attack. UK research university Newcastle University was infected with the DoppelPaymer ransomware, in response to the incident it was forced to take systems offline on the morning of August 30th. The Newcastle University did not provide info about the family of ransomware behind the attack, but the DoppelPaymer ransomware operators are claiming to be responsible.

article thumbnail

Your work laptop may not be as secure as it should be

Tech Republic Security

Nearly a quarter of work computers provided by employers lack any additional security software, research from Kaspersky reveals.

Software 168

More Trending

article thumbnail

State of Cybersecurity Industry Exposure at Dark Web

ImmuniWeb

97% of the leading cybersecurity companies have had their data exposed on the Dark Web in 2020, with over 160,000 high or critical incidents that may jeopardize their clients.

article thumbnail

France, Japan, and New Zealand warn of a surgein Emotet attacks

Security Affairs

Cybersecurity agencies from multiple countries are warning of the surge of Emotet attacks targeting the private sector and public administration entities. Cybersecurity agencies across Asia and Europe are warning of Emotet spam campaigns targeting businesses in France, Japan, and New Zealand. The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France.

Malware 105
article thumbnail

Purple Fox EK Relies on Cloudflare for Stability

Trend Micro

We’ve talked about Purple Fox malware being delivered by the Rig exploit kit. Other researchers later found evidence that it had its own delivery mechanism, and thus named it the Purple Fox exploit kit. We recently found a spike in the Purple Fox exploit kit with improved delivering tactics.

Malware 98
article thumbnail

Cryptobugs Found in Numerous Google Play Store Apps

Threatpost

A new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Indictment: Russian Tried Hacking a Human at Tesla

SecureWorld News

Egor Igorevich Kriuchkov is in a U.S. jail, accused of trying to hack a human target. That human target is a Tesla employee that Kriuchkov and his ransomware gang were willing to bribe with $1 million if the company insider would help them launch a cyberattack against Tesla. The U.S. Department of Justice announced charges against the 27-year-old Russian citizen in early September: "According to the indictment, from about July 16, 2020, to about Aug. 22, 2020, Kriuchkov conspired with associates

Hacking 91
article thumbnail

Critical Intel Active Management Technology Flaw Allows Privilege Escalation

Threatpost

The critical Intel vulnerability could allow unauthenticated attackers gain escalated privileges on Intel vPro corporate systems.

article thumbnail

Expert found multiple critical issues in MoFi routers

Security Affairs

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. The researchers Rich Mirch from CRITICALSTART discovered ten vulnerabilities MOFI4500 MoFi Network routers. The expert reported the issues to the vendor in May but some of the flaws have yet to be patched. Most of the flaws affect the web management interface, some of the vulnerabilities can be exploited by an unauthenticated, remote attacker with access t

article thumbnail

Microsoft’s Patch Tuesday Packed with Critical RCE Bugs

Threatpost

The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email.

111
111
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Microsoft September 2020 Patch Tuesday addresses 129 flaws

Security Affairs

Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities, including twenty critical remote code execution issues. Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities in Microsoft products across 15 products (Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), SQL Server, Office and Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Exchange Server, ASP.NET, OneDrive, and Azure De

article thumbnail

Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers

Threatpost

Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches.

106
106
article thumbnail

Adobe fixes critical flaws in Adobe InDesign, Framemaker, and Experience Manager

Security Affairs

Adobe has released security updates to address 12 critical vulnerabilities in Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager. Adobe has released security updates to address twelve critical vulnerabilities that could be exploited by attackers to execute arbitrary code on systems running vulnerable versions of Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager. “Adobe has published security bulletins for Adobe InDesign ( APSB20-52 ), Adobe Framemaker ( APSB20-54 )

article thumbnail

Bug in Google Maps Opened Door to Cross-Site Scripting Attacks

Threatpost

A researcher discovered a cross-site scripting flaw in Google Map's export function, which earned him $10,000 in bug bounty rewards.

89
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

VPNs: The Cyber Elephant in the Room

Dark Reading

While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.

90
article thumbnail

Visa Security Alert: 12 Steps to Keep Card Skimmers Off Your Website

SecureWorld News

From time to time, Visa issues cybersecurity alerts as new waves of payment fraud either emerge or surge in various countries around the globe. Its latest alert is about "Baka" which cybercriminals are using to skim credit cards from customers checking out on websites. Criminals groups can either use the stolen data themselves or sell the legitimate and current accounts before anyone knows the account numbers are compromised.

article thumbnail

8 Frequently Asked Questions on Organizations' Data Protection Programs

Dark Reading

Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.

84
article thumbnail

Phishing Awareness Training: Best Providers 2020

Spinone

About 25% of all data breaches are caused by human error. Phishing attacks are one of the main cyber threats involving mistakes by workers. Arranging training for your employees is a great way to protect your company against phishing and its expensive and time-consuming consequences. So, let’s take a look at notable phishing awareness training providers.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Microsoft Fixes 129 Vulnerabilities for September's Patch Tuesday

Dark Reading

This month's Patch Tuesday brought fixes for 23 critical vulnerabilities, including a notable flaw in Microsoft Exchange.

90
article thumbnail

Your AST Guide for the Disenchanted: Part 1

ForAllSecure

At ForAllSecure, we’ve observed an increasing uptick in organizations looking for alternatives to mainstream application security tools. Why? Organizations are finding that today’s AST tools aren’t servicing their objectives to develop software faster and deploy frequently.

article thumbnail

Google Cloud Expands Confidential Computing Lineup

Dark Reading

Google plans to build out its Confidential Computing portfolio with the launch of Confidential GKE Nodes for Kubernetes workloads.

81
article thumbnail

September Patch Tuesday Updates Exchange, SharePoint

Trend Micro

This month’s update includes 129 updates for the Microsoft Office suite, with 15 specifically addressing SharePoint vulnerabilities.

52
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

WordPress Plug-in Has Critical Zero-Day

Dark Reading

The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim's website.

81
article thumbnail

Your AST Guide for the Disenchanted: Part 1

ForAllSecure

At ForAllSecure, we’ve observed an increasing uptick in organizations looking for alternatives to mainstream application security tools. Why? Organizations are finding that today’s AST tools aren’t servicing their objectives to develop software faster and deploy frequently. In this blog series, we’ll chronicle the top challenges of incorporating application security testing in DevOps workflows.

article thumbnail

Post-COVID-19 Cybersecurity Spending Update

Dark Reading

Security spending growth will slow in 2020, but purse strings are looser than for other areas of IT.

article thumbnail

Your AST Guide for the Disenchanted: Part 1

ForAllSecure

At ForAllSecure, we’ve observed an increasing uptick in organizations looking for alternatives to mainstream application security tools. Why? Organizations are finding that today’s AST tools aren’t servicing their objectives to develop software faster and deploy frequently. In this blog series, we’ll chronicle the top challenges of incorporating application security testing in DevOps workflows.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.