Schneier on Security
FEBRUARY 3, 2021
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.
Joseph Steinberg
FEBRUARY 3, 2021
Cybersecurity For Dummies , the best-selling cybersecurity guide written by Joseph Steinberg for general audiences, is now available in French. Like its English, German, and Dutch counterparts, the French edition, entitled La Cybersécurité pour les Nuls , helps people stay cyber-secure regardless of their technical skillsets. Readers of the book learn what threats exist, as well as how to identify, protect against, detect, and respond to such threats.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
FEBRUARY 3, 2021
It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. Related: The quickening of cyber warfare. The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.
Tech Republic Security
FEBRUARY 3, 2021
Enterprise security software is essential to protecting company data, personnel, and customers. Learn about some of the popular options available for your organization.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
FEBRUARY 3, 2021
Recently discovered Linux SUDO privilege escalation vulnerability, CVE-2021-3156 (aka Baron Samedit) also impacts the latest Apple macOS Big Sur with no patch available yet. [.].
Tech Republic Security
FEBRUARY 3, 2021
The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 3, 2021
A joint effort across the US and Europe led to the disruption of Emotet and the arrest of two gang members, says Digital Shadows.
Bleeping Computer
FEBRUARY 3, 2021
Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. [.].
CyberSecurity Insiders
FEBRUARY 3, 2021
Most of the American office workers are reportedly becoming vulnerable to cyber attacks and that’s because of their oversharing on social media platforms says a survey conducted by email services provider named Tessian. Out of 4000 UK and US Professionals interviewed in during the research titled “How to hack a human”, the email security vendor discovered that half of the IT professionals were seen sharing personal details on Facebook and Twitter like their driving license numbers, contact detai
Security Boulevard
FEBRUARY 3, 2021
Warning: Businesses can get addicted to the cloud. It might start with a small experiment; just one application and no critical data. Next, scattered employees start messing around in the cloud, shadow IT-style. In the end, all your data has gone cloudy! Even if a company only uses SaaS applications, they could conceivably achieve such. The post Getting Started With Cloud Data Protection appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Quick Heal Antivirus
FEBRUARY 3, 2021
We observed a considerable uptick in Phishing Attacks during the COVID-19 pandemic. During our analysis, we came across. The post Spear Phishing targets Microsoft to amass large numbers of credentials appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
CyberSecurity Insiders
FEBRUARY 3, 2021
Pretty soon, the police officers in Greece will soon have access to body worn surveillance cameras that will be used for real-time facial recognition and fingerprint scanners. Thus, by doing so, the law enforcement is planning to keep a watch on the citizens when stopped by the police for verification- all as a part of ‘Smart Policing’. Anyone who cannot prove their identity to the police officer on beat might be transferred to the nearest police station, where they have to complete their verifi
Security Boulevard
FEBRUARY 3, 2021
Staying on top of cybersecurity risk can feel like a losing battle in today’s modern, hyperconnected reality. The influx of IoT devices and increased reliance of BYOD devices has created a diverse, complex threatscape rife with overlapping vulnerabilities across physical and cyber assets. The post 2021: The Year SOCs Embrace Cybersecurity Convergence appeared first on Security Boulevard.
CSO Magazine
FEBRUARY 3, 2021
Microsoft recently changed how it presents and explains its security vulnerabilities in its products. The new security guide aligns itself with security and industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System ( CVSS ), which presents a vulnerability’s key characteristics and assigns a numerical score to its severity.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
FEBRUARY 3, 2021
An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database. [.].
The Hacker News
FEBRUARY 3, 2021
High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands on the systems remotely.
Security Boulevard
FEBRUARY 3, 2021
It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. Related: The quickening of cyber warfare. The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer … (more…). The post ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular appeared first on Security Boulevard.
CyberSecurity Insiders
FEBRUARY 3, 2021
From the past few months, the fear of being cyber attacked seems to have gripped most of the technologists so much that every small outage is being considered because of cyber attack. The latest goes with the February 3rd,2021 disruption witnessed across all the apple products and services and that includes iCloud, Apple Music, the App Store and the iTunes.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
FEBRUARY 3, 2021
New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads.
Hot for Security
FEBRUARY 3, 2021
As millions of US taxpayers prepare for 2021 tax season, hordes of fraudsters and scammers are preparing to rip off residents and non-residents alike. Fraudsters had an early start anticipating the buzz surrounding tax filing season, with phishing campaigns impersonating the government agency as early as November 25, 2020, according to Bitdefender Antispam Lab.
Graham Cluley
FEBRUARY 3, 2021
Dutch penetration tester Melvin Boers, aka V1s3r1on, was kind enough to invite me onto his live stream on Monday night for an hour-or-so of chit-chat. In the video I describe how I first got into computers, joke programs I wrote to play pranks on my fellow students, how I entered the cyber security industry, and much much more.
Hot for Security
FEBRUARY 3, 2021
CD Projekt Red (CDPR), the developers of Cyberpunk 2077, is warning PC gamers against downloading mods and custom saves due to a vulnerability that may let threat actors deploy arbitrary code on their computers. PC gamers should avoid mods until the Polish video game developer releases a fix for the exploit. “If you plan to use @CyberpunkGame mods/custom saves on PC, use caution,” CD Projekt Red said in a tweet. “We’ve been made aware of a vulnerability in external DLL fi
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
FEBRUARY 3, 2021
If you use AWS RDS, your organization is part of a worldwide trend. Forward-thinking companies everywhere are embracing database-as-a-service (DBaaS) to help bring new applications and services to market faster, or to reduce the cost and complexity of their database operations. What isn’t changing for these organizations, however, is their long list of security and […].
Hot for Security
FEBRUARY 3, 2021
Bitdefender Antispam Lab has observed a spike in phishing campaigns impersonating popular delivery services that seek to lure consumers into downloading malicious files on their devices. Email-based attacks that exploit trusted delivery companies increased by 30% since January 10 to date, compared to the holiday season. As usual, threat actors mimic well-known delivery services such as DHL , TNT , FedEx, and UPS , as they send out fake shipping notification emails that urge recipients to review
Bleeping Computer
FEBRUARY 3, 2021
Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database belonging on a hacker forum. [.].
SC Magazine
FEBRUARY 3, 2021
SolarWinds and some of its top executives have been hit with a class action lawsuit by stockholders in the wake of the cyberattack that infiltrated the supply chain through its Orion management software. (Stephen Foskett/ CC BY-NC-SA 2.0 ). Researchers at Trustwave reported three new vulnerabilities in SolarWinds products – the latest hurdle for the first company linked to a massive espionage campaign that breached government agencies and private sector firms.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
FEBRUARY 3, 2021
Cisco has addressed multiple pre-auth remote code execution (RCE) vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. [.].
Malwarebytes
FEBRUARY 3, 2021
Modern browsers include synchronization features (like Google Chrome’s Sync ) so that all your browsers, on all your devices, share the same tabs, passwords, plugins, and other features. While this is certainly convenient, particularly when you’re migrating to a new device, synchronizing browsers also comes with some risks. What is browser sync?
Bleeping Computer
FEBRUARY 3, 2021
Kaspersky has released a decryptor for the Fonix Ransomware (XONIF) that allows victims to recover their encrypted files for free. [.].
Security Affairs
FEBRUARY 3, 2021
Experts warn that the recently discovered heap-based buffer overflow bug in Linux SUDO also impacts the latest version of Apple macOS Big Sur. Recently Qualys researchers found a Sudo vulnerability, tracked as CVE-2021-3156 , that has allowed any local user to gain root privileges on Unix-like operating systems without authentication. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based o
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
333 
Let's personalize your content