Schneier on Security
MARCH 2, 2021
This is weird : Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.
Krebs on Security
MARCH 2, 2021
PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR handles everything from payroll processing and human resources to health insurance and tax forms for hundreds of “professional employer organizations” (PEOs) that serve more than two million employees.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 2, 2021
A new Red Hat report also finds that app development and digital transformation are important to users and that security perceptions have improved.
Krebs on Security
MARCH 2, 2021
Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 2, 2021
Too many people shrug off SELinux on their data center systems. Jack Wallen says it's time to stop giving into that siren song so your operating systems are weakened.
Security Boulevard
MARCH 2, 2021
On Feb. 23, 2021 Twitter booted a gaggle of accounts from its platform, including those determined to be associated with the Russian government and the well-known disinformation machine Internet Research Agency (IRA). Twitter regularly culls users; this isn’t rare – those who violate their terms of service, including the former U.S. president, are banned.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
MARCH 2, 2021
The first thing a CISO should remember when considering a new position is that C-level security professionals are a valuable commodity. That means take your time and be picky so you don’t land the wrong job. Or, as the world’s first CISO Steve Katz says, “Don’t go shopping when you’re hungry.
Bleeping Computer
MARCH 2, 2021
Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform for added protection against a wide range of threats. [.].
Heimadal Security
MARCH 2, 2021
Salt is one of the largest open source communities in the world, based on automation and Infrastructure management. A vulnerability, named CVE-2020-28243, was identified as a privilege escalation bug impacting SaltStack Salt minions. This allowed an unprivileged user to create files in any non-blacklisted directory via a command injection in a process name.
Anton on Security
MARCH 2, 2021
This is a quick “let’s think about it together” post focused on the future of cloud security. Our logical starting point is: “Through 2025, 99% of cloud security failures will be the customer’s fault.” ( source: Gartner ) My experience in my analyst days and perhaps today mostly confirms it. I’d say that “it feels right.” So, let’s agree that it describes today’s reality correctly.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MARCH 2, 2021
This is weird : Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.
Bleeping Computer
MARCH 2, 2021
?Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program. [.].
Security Boulevard
MARCH 2, 2021
When Christopher Krebs was director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), his job was to make sure he understood the risk management landscape so the agency could fulfill its role as the nation’s risk management advisor. CISA became a household name in the aftermath of the 2020 elections, when.
TrustArc
MARCH 2, 2021
On 2 March 2021, Governor Northam of Virginia signed the next U.S. privacy bill into law: the Virginia Consumer Data Protection Act (CDPA) will apply as of 1 January 2023 and will offer a range of new rights to the residents of the Old Dominion. Like the California Consumer Privacy Act (CCPA), the CDPA includes […]. The post Virginia Introduces Consumer Data Protection Act appeared first on TrustArc Privacy Blog.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MARCH 2, 2021
Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks. [.].
The Hacker News
MARCH 2, 2021
Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild. Chrome 89.0.4389.
Bleeping Computer
MARCH 2, 2021
Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. [.].
Security Affairs
MARCH 2, 2021
JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack. The ransomware attack only impacted JFC International’s Europe Group, the malware caused the disruption of some of its IT systems. “JFC International (Europe) was recently subject to a ransomware attack that briefly disrupted its IT syste
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Hot for Security
MARCH 2, 2021
Internet scams are everywhere, inflicting billions of dollars in reported losses from victims each year. Anyone can fall for online scams, as tactics are tailored to the interests of all age groups. Although email phishing and fraudulent websites are not a new threat to the digital community, the attack vectors deployed by scammers have become more diverse and sophisticated.
The Hacker News
MARCH 2, 2021
Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
Security Boulevard
MARCH 2, 2021
Gab has been hacked. The app fell “victim” to a simple SQL injection attack. But the CEO’s response was a trans-phobic slur. The post Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it appeared first on Security Boulevard.
WIRED Threat Level
MARCH 2, 2021
The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
MARCH 2, 2021
SANTA CLARA, Calif., March 2, 2021 /PRNewswire/ — Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, announced that it has completed its acquisition of Bridgecrew, a developer-first cloud security company. The acquisition will enable “shift left” security, with Prisma® Cloud becoming the first cloud security platform to deliver security across the full application lifecycle.
Security Affairs
MARCH 2, 2021
French multinational dairy products corporation Lactalis discloses cyberattack, but claimed that had no evidence of a data breach. France-based dairy giant Lactalis announced that it was hit by a cyber attack, but claimed that it had found no evidence of a data breach. Lactalis employs more than 80,000 people worldwide, at more than 230 production sites in 43 different countries.
CyberSecurity Insiders
MARCH 2, 2021
Malaysia Airlines, also known as Malaysian Airlines System in some parts of the world was reportedly cyber attacked by hackers during the period of March 2010 to July 2019. However, the data security incident is said to have taken place at the server farm of a third party IT service provider and so the airliner cannot be blamed directly on this note.
Malwarebytes
MARCH 2, 2021
The French government’s computer emergency readiness team, that’s part of the National Cybersecurity Agency of France, or ANSSI, has discovered a Ryuk variant that has worm-like capabilities during an incident response. For those unacquainted with Ryuk , it is a type of ransomware that is used in targeted attacks against enterprises and organizations.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Hot for Security
MARCH 2, 2021
A common misconception among internet users is that basic cyber hygiene is enough to protect against malicious threats. This couldn’t be more wrong. Cyber threats are evolving rapidly at the hands of their puppeteers, and it’s impossible for users to hone their cybersecurity skills at the same rate. Every browsing session and online activity you indulge in could be harmful.
ImmuniWeb
MARCH 2, 2021
ImmuniWeb® Community Edition, designed for SMEs and small governmental entities, now provides free continuous security monitoring, phishing and Dark Web exposure detection.
SC Magazine
MARCH 2, 2021
Microsoft released patches Tuesday for four critical vulnerabilities Chinese hackers are using in targeted attacks on Exchange Server, SC Media has learned. On a series of three blog posts to be released Tuesday, Microsoft said targeted hacking from a group operating out of China that the company calls Hafnium, linked together chains of vulnerabilities to garner access. “We are sharing this information with our customers and the security community to emphasize the critical nature of these
Bleeping Computer
MARCH 2, 2021
Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
331 
Let's personalize your content