Schneier on Security
DECEMBER 21, 2020
Cellebrite announced that it can break Signal. (Note that the company has heavily edited its blog post, but the original — with lots of technical details — was saved by the Wayback Machine.). News article. Slashdot post. The whole story is puzzling. Cellebrite’s details will make it easier for the Signal developers to patch the vulnerability.
Tech Republic Security
DECEMBER 21, 2020
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 21, 2020
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor.
Tech Republic Security
DECEMBER 21, 2020
TechRepublic spoke with dozens of experts who said the influx of companies interested in doing more with their data is only increasing.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 21, 2020
The IT giants VMware and Cisco revealed they were impacted by the recently disclosed SolarWinds supply chain attack. VMware and Cisco confirmed to have been both impacted by the recent SolarWinds hack. A recent advisory published by the NSA is warning that Russian state-sponsored hackers are exploiting the recently patched CVE-2020-4006 VMware flaw to steal sensitive information from their targets.
Tech Republic Security
DECEMBER 21, 2020
With cybersecurity issues, it's especially important that users understand the information provided by IT and leadership. Here are tips on dealing with the "curse of knowledge.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
DECEMBER 21, 2020
Some experts argue that users might actually be the most vital link when it comes to certain types of cyberattacks.
Security Affairs
DECEMBER 21, 2020
Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. The attackers used an exploit chain named Kismet that was part of the arsenal of the controversial Pegasus spyware that is sold by the surveillance firm NSO Gr
Tech Republic Security
DECEMBER 21, 2020
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.
Security Affairs
DECEMBER 21, 2020
Multiple Dell Wyse thin client models are affected by critical vulnerabilities that could be exploited by a remote attacker to take over the devices. Critical vulnerabilities tracked as CVE-2020-29492 and CVE-2020-29491 affect several Dell Wyse thin client models that could be exploited by a remote attacker to execute malicious code and gain access to arbitrary files.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The State of Security
DECEMBER 21, 2020
Every website on the Internet is somewhat vulnerable to security attacks. The threats range from human errors to sophisticated attacks by coordinated cyber criminals. According to the Data Breach Investigations Report by Verizon, the primary motivation for cyber attackers is financial. Whether you run an eCommerce project or a simple small business website, the risk […]… Read More.
Security Affairs
DECEMBER 21, 2020
Flavor and fragrance producer Symrise is the last victim of the Clop ransomware gang that claims to have stolen 500 GB of unencrypted files. Symrise AG, a major producer of flavours and fragrances, was hit by Clop ransomware operators. The threat actors claim to have stolen 500 GB of unencrypted files. The attack was reported last week by Handelsblatt , the website databreaches.net also reported the news after @Chum1ng0 alerted them. .
Digital Shadows
DECEMBER 21, 2020
As the holidays rapidly approach, our halls are decked with images of Santa Claus. Kids are told stories of his. The post A Christmas 2020 Review: Confronting and controlling insider threats first appeared on Digital Shadows.
Identity IQ
DECEMBER 21, 2020
Every day, criminals scour the internet for personal information they can use to commit fraud and identity theft. In this digital age, individuals need to take steps to protect their privacy and information from fraudsters. This is as true for children as it is for adults, as kids can be victims of identity theft well before they reach adulthood. Social media can be a valuable trove of information for identity thieves looking to assume the identity of children.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Veracode Security
DECEMBER 21, 2020
It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the issue. We???ll use this project , which deactivates or deletes user accounts from the Veracode platform, to illustrate the functionality.
We Live Security
DECEMBER 21, 2020
When it comes to holiday gifts, surprise and wonder are always welcome. When it comes to protecting your security, however, you don’t want to leave anything to chance. The post Cybersecurity Advent calendar: Stay aware, stay safe! appeared first on WeLiveSecurity.
Trend Micro
DECEMBER 21, 2020
Many kids now have school-supplied computer equipment away from the school network. However, with this come privacy and security concerns. Some are easy to avoid, but others need some modifications to ensure safety.
Threatpost
DECEMBER 21, 2020
Investigation reveals device sector is problem plagued when it comes to security bugs.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
DECEMBER 21, 2020
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.
Threatpost
DECEMBER 21, 2020
Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.
CompTIA on Cybersecurity
DECEMBER 21, 2020
While containers should help increase your security profile, that doesn’t mean it doesn’t need any extra attention. Cybersecurity isn’t just the garnish on the container, it’s an essential ingredient.
Dark Reading
DECEMBER 21, 2020
The Wall Street Journal identified 24 businesses so far that have downloaded the SolarWinds software infected with malicious code.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Threatpost
DECEMBER 21, 2020
Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks.
Dark Reading
DECEMBER 21, 2020
End-of-life is here: Adobe's support for Flash is gone as of Jan. 1. Here's what we won't miss about the multimedia software platform.
Threatpost
DECEMBER 21, 2020
FortiGuard Labs’ Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs.
The State of Security
DECEMBER 21, 2020
Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term efforts to mitigate the threat. […]… Read More.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
DECEMBER 21, 2020
Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world.
Acunetix
DECEMBER 21, 2020
In the previous installment of this series, we have shown you how to manage Acunetix scans using Bash and the Acunetix API. In this article, you will learn how to do the same using PowerShell. As an example, we will create a PowerShell V7 script. Read more. The post Managing Scans using PowerShell and the Acunetix API appeared first on Acunetix.
Threatpost
DECEMBER 21, 2020
The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE.
Digital Shadows
DECEMBER 21, 2020
On the first day of Christmas my true love sent to me an index of the dark web for free…. The post QUO, QUO, QUO! Merry Christmas…. first appeared on Digital Shadows.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
318 
Let's personalize your content