Schneier on Security
AUGUST 26, 2021
If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer.
Troy Hunt
AUGUST 26, 2021
A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style). Lots of little things this week, hoping next week will be the big "hey, Pwned Passwords just passed 1 billion", stay tuned for that one 😊 References You probably should have an OnlyFans account (no, not in the way it sounds like you should.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 26, 2021
Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.
We Live Security
AUGUST 26, 2021
The man was after sexually explicit photos and videos that he would then share online or store in his own collection. The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 26, 2021
Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.
Graham Cluley
AUGUST 26, 2021
The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking US companies since November 2020. Read more in my article on the Tripwire State of Security blog.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
AUGUST 26, 2021
Cloud observability and security are quickly becoming mainstays necessary to manage and secure cloud-based applications and infrastructure. At Black Hat 2021, Datadog announced their new Cloud Workload Security offering, providing real-time eBPF-powered threat detection across containers and hosts. Datadog’s Nick Davis, senior product manager for cloud workload security, and Mitch Ashley discuss how the solution.
eSecurity Planet
AUGUST 26, 2021
There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And as even a casual reader would know from the headlines, not all of that code is flawless. In fact, there are more than a few flaws present, as well as the occasional gaping security hole.
CSO Magazine
AUGUST 26, 2021
The Java programming language offers a seamless and elegant way to store and retrieve data. However, without proper input validation and safeguards in place, your application can be vulnerable to unsafe deserialization vulnerabilities. In a best-case scenario, deserialization vulnerabilities may simply cause data corruption or application crashes, leading to a denial of service (DoS) condition.
CyberSecurity Insiders
AUGUST 26, 2021
As the Pegasus malware nuisance is slowly found politically gripping the entire world, companies offering security solutions to mobile users are getting busy in finding out a solution that helps protect against the infection repercussions caused by the Pegasus Malware. Recently, Zimperium, a US based technology company, was assigned with the duty by Department of Defense and the responsibility was to deliver a comprehensive Mobile Protection against the said spying tool.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 26, 2021
American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). [.].
Security Boulevard
AUGUST 26, 2021
“Netflow Data” is big business. It’s being traded by brokers, with zero transparency. But didn’t ISPs promise not to sell it? The post Your ISP is Selling your Data—Despite Swearing Not To appeared first on Security Boulevard.
Bleeping Computer
AUGUST 26, 2021
The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. [.].
Security Boulevard
AUGUST 26, 2021
As the COVID-19 pandemic swept the world in 2020 and upended the way businesses operated, another threat was also emerging: The ShinyHunters group has been both bothersome and threatening to security teams as the cybercriminal group tries to amass legitimate credentials, primarily for organizations’ cloud services. But if enterprise companies can detect the group’s activities, The post Tracking ShinyHunters’ Actions Can Help Thwart Attacks appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
AUGUST 26, 2021
Executives and leaders from big tech, education, the finance sector, and infrastructure have committed to bolstering US interests' security during yesterday's White House cybersecurity summit. [.].
Security Boulevard
AUGUST 26, 2021
Just three years after a code of ethics was drafted in Nuremberg (condemning Nazis for experimenting on humans without consent and with no benefit to test subjects) the US started a massive bioweapons test… violating the code: Over a period of six days in September 1950, members of the US Navy sprayed clouds of Serratia … Continue reading 1950 Operation Sea Spray: Bioweapons Test on San Francisco ?.
Bleeping Computer
AUGUST 26, 2021
Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. [.].
Security Affairs
AUGUST 26, 2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. The U.S. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. “As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples related to exploited Pulse Secure devices.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
AUGUST 26, 2021
The White House met Wednesday with numerous high-profile private sector and education leaders to discuss the wide-ranging efforts needed to address cybersecurity threats. Among those present were Microsoft chief executive Satya Nadella, JPMorgan Chase CEO Jamie Dimon, Apple CEO Tim Cook, IBM CEO Arvind Krishna and Google CEO Sundar Pichai. The summit, held in the.
Security Affairs
AUGUST 26, 2021
Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack. The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors. The threat actors compromised some administrative servers and exfiltrated sensitive documents.
Bleeping Computer
AUGUST 26, 2021
Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. [.].
eSecurity Planet
AUGUST 26, 2021
Microsoft this week issued an advisory about three vulnerabilities referred to collectively as ProxyShell days after security researchers at a federal government cybersecurity agency warned that cybercriminals were actively trying to exploit them. The ProxyShell vulnerabilities that affect Microsoft Exchange servers were put on full display at this month’s Black Hat 2021 conference when Devcore researcher Orange Tsai – who originally uncovered the vulnerabilities – compromised a Microsoft Exchan
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
AUGUST 26, 2021
Microsoft is investigating an ongoing issue impacting OneDrive for Business customers and causing their storage space to shrink down to the default setting or switching them to read-only mode, forcing some to delete files to free up space to work on their projects. [.].
Security Boulevard
AUGUST 26, 2021
Infrastructure is now declarative language-based rather than defined through the use of screwdrivers. While the software life cycle revolves around the CI/CD pipeline, deploying all elements of the software stack from app to infrastructure can be done through GitOps. Loris Degioanni, Sysdig CTO and founder talks with Mitch Ashley about infrastructure-as-code (IaC), shift-left security, GitOps, The post The Evolution of IaC, GitOps and Open Source Security appeared first on Security Boulevard.
Bleeping Computer
AUGUST 26, 2021
Western Digital has confirmed that it changed the NAND flash memory in one of its most popular M.2 NVMe SSD models, the WD Blue SN550, which crippled writing speeds according to several reports, leading to a 50% performance hit. [.].
Malwarebytes
AUGUST 26, 2021
In August of 2021, a thief stole about $600 million in cryptocurrencies from The Poly Network. They ended up giving it back, but not because they were forced to. Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. These examples of recent news about hacked cryptocurrency exchanges left many investors wondering whether it was still smart to invest in cryptocurrencies and how to keep them safe.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
AUGUST 26, 2021
United Kingdom has issued a press update on the appointment of its next information commissioner and reports are because it is going to be John Edwards, who’s currently serving as Privacy Commissioner for New Zealand since 2014. Factually speaking, an Information Commissioner plays a vital role in regurgitating data flow between companies and their customers, respectively.
WIRED Threat Level
AUGUST 26, 2021
The undersea cables that connect much of the world would be hit especially hard by a coronal mass ejection.
Security Affairs
AUGUST 26, 2021
VMware released security patches to address multiple vulnerabilities in vRealize Operations, including four high severity flaws. VMware addressed multiple vulnerabilities in vRealize Operations, including four high severity flaws. The most severe flaw, tracked as CVE-2021-22025 (CVSS score of 8.6), is a broken access control vulnerability in the vRealize Operations Manager API.
Security Boulevard
AUGUST 26, 2021
A survey published today by OPSWAT, a provider of tools for protecting IT infrastructure, suggests that, when it comes to uploading files into web applications, the level of security scrutiny being applied is minimal. Based on the responses from 302 IT professionals that have direct responsibility for the security of web applications or portals that.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
315 
Let's personalize your content