Schneier on Security
FEBRUARY 23, 2021
Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article : Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app.
Tech Republic Security
FEBRUARY 23, 2021
DDoS, SQL injection and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
FEBRUARY 23, 2021
Human suffering and economic losses weren’t the only two things that escalated with the spread of Covid 19 last year. Related: Can ‘SASE’ help companies secure connectivity? Network breaches also increased steadily and dramatically month-to-month in 2020. This development is delineated in a recent report from technology research firm Forrester.
Tech Republic Security
FEBRUARY 23, 2021
These eight online courses teach the fundamentals you need to pass various IT and cybersecurity certification exams from Cisco and CompTIA.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
FEBRUARY 23, 2021
The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. Although pertinent to the Personally Identifiable Information (PII) of citizens within the European Economic Area, its effect has reached around the world. As many organisations grappled with updating their data security practices in line with tighter legislation, several questions remained unanswered.
Tech Republic Security
FEBRUARY 23, 2021
With the shift to remote learning, schools are facing greater security risks and smaller financial margins, says BlueVoyant.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 23, 2021
Protecting the U.S. power grid from serious outages, like the one following a 2021 winter storm in Texas, will require a better use of data analytics, modeling and policy making says industry expert.
Security Boulevard
FEBRUARY 23, 2021
The reported hack of a water processing plant in Oldsmar, Florida, has raised alarms about the security of critical infrastructure IT systems and their vulnerabilities. But for those more familiar with the security processes of these local systems, this is nothing new. Malicious hackers, particularly state-sponsored groups and cyberterrorists, have been trying for a while.
Adam Shostack
FEBRUARY 23, 2021
I am very excited to announce that Linkedin Learning has released “ Threat Modeling: Denial of Service and Elevation of Privilege.” This is the sixth course I’ve done with them, and completes a cycle which starts with “ Learning Threat Modeling for Security Professionals ,” and then steps through each of the STRIDE threats in depth.
We Live Security
FEBRUARY 23, 2021
The incident raises concerns about the privacy and security of conversations taking place on the platform. The post Clubhouse chats streamed to third‑party website appeared first on WeLiveSecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
FEBRUARY 23, 2021
The National Security and Defense Council (NSDC) of Ukraine is accusing threat actors located on Russia networks of performing DDoS attacks on Ukrainian government websites since February 18th. [.].
The Hacker News
FEBRUARY 23, 2021
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.
Security Boulevard
FEBRUARY 23, 2021
Imagine there’s an attacker lurking inside your network right now. Do you have the ability to find out and respond before they can cause harm? Now imagine your adversary has privileged access to virtually every file. The post The Anatomy of the SolarWinds Attack Chain appeared first on Security Boulevard.
SC Magazine
FEBRUARY 23, 2021
Researchers reported Tuesday that they found two email phishing attacks targeting at least 10,000 mailboxes at FedEx and DHL Express that look to extract a user’s work email account. In a blog released by Armorblox, the researchers said one attack impersonates a FedEx online document share and the other pretends to share shipping details from DHL. The phishing pages were hosted on free services such as Quip and Google Firebase to trick security technologies and users into thinking the links were
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
FEBRUARY 23, 2021
Although Kia Motors America has released a press update stating that its computer network disruption was not because of the file encrypting malware attack, but because of a technical server glitch. However, the repercussions of the cyber attack are clearly visible, though the denial is being made strongly; as the DopplePaymer Ransomware gang has released some Logistics information related to Hyundai Glovis that could have probably been stolen during the cyber incident that targeted Kia Motors la
SC Magazine
FEBRUARY 23, 2021
New research from Cisco Talos suggests a second tier of APT actors serving in a support role for government hacking campaigns, behaving more like cybercriminals. . A new analysis of the noisy pro-Russian hackers Gamaredon released Tuesday by Cisco Talos suggests that maybe it is time to start thinking of hacker groups as more than either advanced persistent threat or criminal attackers. .
Tech Republic Security
FEBRUARY 23, 2021
DDoS, SQL injection and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.
Bleeping Computer
FEBRUARY 23, 2021
Twitter has removed dozens of accounts connected to Russian government-backed actors disseminating disinformation and targeting the European Union, the United States, and the NATO alliance. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Hot for Security
FEBRUARY 23, 2021
A threat actor dumped 12,000 email addresses of NuseryCam users online last Friday, prompting the service to suspend operations. NurseryCam is a remote webcam service used by around 40 daycare centers across the UK, allowing parents to watch and monitor their children’s activities. News of the breach reached NurseryCam after the attacker notified the Register that he obtained the names, email addresses, usernames and hashed passwords of users.
Security Boulevard
FEBRUARY 23, 2021
With more remote workers, there is a greater need for cloud computing services. With more cloud computing, there is a greater need for cloud security. An Exabeam study found that companies are moving their security tools to the cloud, but that raises the question: Are they right tools for cloud security? Or are companies under-investing. The post Making the Right Cloud Security Investments appeared first on Security Boulevard.
Zero Day
FEBRUARY 23, 2021
Bombardier is the latest in a long string of hacks caused by companies using old versions of the Accellion FTA file-sharing server.
Hot for Security
FEBRUARY 23, 2021
88 publicly traded companies in Japan compromised personal information last year, either because of a malware infection or misconfigured access protocols. As many as 30% of the incidents occurred simply because someone sent an email by mistake. Credit reporting agency Tokyo Shoko Research (TSR), which compiled the data, says the number is the highest since it began collecting it in 2012, reported the Japan Times.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
FEBRUARY 23, 2021
COVID-19 wasn’t the only challenge businesses faced in 2020. Last year also saw a wave of cybercrime across all industries, highlighting the need for better cybersecurity. As companies begin the recovery journey in 2021, these security needs will drive their operations. Cybersecurity standards and requirements are changing, and businesses will have to change with them.
Threatpost
FEBRUARY 23, 2021
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials.
CyberSecurity Insiders
FEBRUARY 23, 2021
Clubhouse, an audio based chat app only being used by iPhone users is in news for all wrong reasons. The app that has almost 600,000 registered users, since March 2020 was suspected to have been breached when a Chinese app developer crafted an open source app that was having the potential to access the invites meant only through Apple iOS loaded devices.
CSO Magazine
FEBRUARY 23, 2021
With the pandemic turning the business world upside down, offices look less like hives of activity and more like ghost towns. Employees have had to make do with working from home, a dangerous proposition from the perspective of any risk-averse IT administrator or security officer.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
FEBRUARY 23, 2021
Google was awarded $56.6 million or €50 million penalty in March 2020 by the France data watchdog for failing to provide transparent information to users about its rules and regulations pertaining to data collection related to its products and services. H&M Germany had to face a penalty of $41 million or €35 million for fraudulently keeping a watch on its hundreds of employees for reasons.
CSO Magazine
FEBRUARY 23, 2021
Cybersecurity audit fatigue has become a very real issue for organizations that are required to comply with multiple government, industry, and internal requirements.
Bleeping Computer
FEBRUARY 23, 2021
VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. [.].
CTOVision Cybersecurity
FEBRUARY 23, 2021
The virtual ElasticON Public Sector US Federal on April 13. This is a great event for anyone in government who wants to learn best practices from peers and industry leaders […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
267 
Let's personalize your content