Troy Hunt
JULY 6, 2021
A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn't understand, namely devoting a bunch of my time to creating things for the community. Not for money, not for glory, but for the love of technology and for the joy of seeing it make a difference to people.
Tech Republic Security
JULY 6, 2021
Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JULY 6, 2021
Microsoft has released the KB5004945 emergency security update to address the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. [.].
Tech Republic Security
JULY 6, 2021
The REvil group is claiming that over 1 million devices have been infected and is demanding $70 million for a universal decryption key.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
JULY 6, 2021
Zimperium, a globally recognized mobile security firm has made it official that it is going to acquire application security company whiteCryption for an undisclosed amount. The details of the deal are kept under wraps. But highly placed sources report that ZIMPERIUM was in talks with InterTrust, the previous owner of whiteCryption since October 2020 and the deal took place after a delay because of the Corona Virus propelled business slowdown. whiteCryption offers advanced application shielding a
Tech Republic Security
JULY 6, 2021
Audacity software has been acquired, and the new verbiage added to the privacy policy has the open-source community up in arms.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JULY 6, 2021
Nearly half of professionals also admit to sharing passwords and more than a third say they write them on paper, according to Beyond Identity.
Bleeping Computer
JULY 6, 2021
Microsoft is updating Microsoft Defender for Identity to allow security operations (SecOps) teams to block attacks by locking a compromised user's Active Directory account. [.].
Tech Republic Security
JULY 6, 2021
Jack Wallen explains how to protect your web browsing from supercookies with Firefox's new privacy feature.
Trend Micro
JULY 6, 2021
We discovered a new malware that targets online gambling companies in China via a watering hole attack, in which visitors are tricked into downloading a malware loader disguised as a legitimate installer for well-known apps such as Adobe Flash Player or Microsoft Silverlight.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JULY 6, 2021
The pandemic paved the way for expanded remote work possibilities, but companies looking to ensure employees remain on the job while at home have led some to consider technologies to digitally monitor worker activity, in some cases through AI. Those initiatives come laden with thorny privacy concerns, legal landmines and, more than likely, stiff resistance.
CyberSecurity Insiders
JULY 6, 2021
This blog was written by an independent guest blogger. Lethal unauthorized code injections like XXS (cross site scripting) attacks are some of the most dynamic cyber-attacks. They are often very difficult to detect and can result in credit card theft, fraud, and endpoint data breaches, having a huge impact on small to medium sized businesses. In a recent AT&T cybersecurity survey, 88% of respondents reported that they had experienced at least one security incident within the past year.
CSO Magazine
JULY 6, 2021
In mid-June, Senator Kirsten Gillibrand (D-NY) reintroduced a new version of her bill , the Data Protection Act of 2021 , that would create a new independent, executive-level government agency, the Data Protection Agency (DPA). The DPA would "protect Americans' data, safeguard their privacy, and ensure data practices are fair and transparent.". [ How well do you know your regulations?
Heimadal Security
JULY 6, 2021
The bitcoin price rise has been fluctuating lately. It was worth roughly $10,600 in October. An analysis from Baracuda Networks reveals that with the boost of the cryptocurrency popularity, threat actors thought it’s the proper time to launch some cyberattacks through BEC (business email compromise) and phishing impersonations in order to steal credentials that eventually […].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CSO Magazine
JULY 6, 2021
Rainbow table definition. A rainbow table is a large, precomputed table designed to cache the output of cryptographic hash functions to decrypt hashed passwords into plaintext. Rainbow tables were invented by IT expert Philippe Oechslin, who published a paper on his work in 2003. The method itself is based on research from the early 1980s by Martin Hellman and Ronald Rivest that explored the performance trade-offs between processing time and the memory needed for cryptanalysis.
CyberSecurity Insiders
JULY 6, 2021
It is estimated that over 90 percent of enterprises currently use a cloud service, and the market is projected to reach $927 billion by 2027. However, managing cloud infrastructure is complex, and complexity breeds vulnerability. This article takes a look at the security challenges and solutions that go hand-in-hand with cloud adoption. A June 2021 study provided by OpsCompass, the 2021 State of Cloud Security Posture Management Report , provides a fascinating look into the top security prioriti
PCI perspectives
JULY 6, 2021
From Human Resources to IT Senior Program Manager, Lacey Johnson found her way to the payments industry purely randomly, by happy accident. Over time, she has been part of the diversification of her company’s Information Security department, which is now 40 percent women. In this edition of our blog, Lacey explains that while gender diversity and leadership has improved in recent years, there is still more to be done for true equality in the payments space.
CyberSecurity Insiders
JULY 6, 2021
British Airways (BA) has finally made a settlement with its customers by paying a compensation announced by the data watchdog in October 2020. The airliner paid the penalty for failing to protect its customer information from being accessed by hackers in 2018. Going by the details, a malicious actor is reported to have gained access to an internal database of British Airways in between June 22 to September 5th, 2018 through a vulnerability observed in the Citrix Remote Access Gateway.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SC Magazine
JULY 6, 2021
A patient receives an eye exam at a free health clinic. The health plan administrator Dominion National reached a $2 million settlement with the 2.9 million patients affected by a data breach. (Photo by John Moore/Getty Images). Insurance giant Dominion National reached a $2 million settlement with the 2.9 million patients affected by its nine-year data breach, first reported in 2019.
Security Boulevard
JULY 6, 2021
Kaseya is now reporting the software-as-a-service (SaaS) instance of its Virtual System Administrator (VSA) platform will be back online sometime between 4:00 p.m. and 7:00 p.m. EST today. It expects the on-premises editions of VSA to be patched within 24 hours after that. The company has also committed to providing access to an independent security.
Threatpost
JULY 6, 2021
REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.
Security Affairs
JULY 6, 2021
Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack. Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management platform, were impacted by the attack. “While impacting approximately 50 of Kaseya’s customers, this attack was n
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
JULY 6, 2021
In this digital age, every company is interested in hiring new talent as it is more skilled to use the automated tools. Meaning those who are above 50 should either work for a very less pay or consider retirement….isn’t it? But the Colonial Pipeline cyber attack that took place in May this year and the latest Kaseya Ransomware attack suggests that the need for manual operations is still in demand and those skills can only be got from the veterans generation who are above 50-60 in age.
Security Affairs
JULY 6, 2021
ENISA publishes Cybersecurity guide for SMEs, a document that aims at providing suggestions to secure their business. During the COVID-19 pandemic, most of organizations increased their presence online, enlarging their surface of attacks. The surface of attack for SMEs was enlarged, many of them took business continuity measures, such as adopting cloud services, improving their internet services, upgrading their websites and enabling staff to work remotely.
Security Boulevard
JULY 6, 2021
Often, ideas are ahead of their time. In October 2017, IDC’s Simon Piff and Hugh Ujhazy published a paper positing that data was the new endpoint. There is good chance that, in the near future, they will stand on the same zero-trust pedestal as Forrester’s John Kindervag, who’s credited with creating the zero-trust security model. The post Zero-Trust at the Data Layer appeared first on Security Boulevard.
IT Security Central
JULY 6, 2021
The costs and consequences of a data breach or cybersecurity incident have never been more severe. According to the FBI’s recently released Internet Crime Report 2020, cybercrime resulted in $4 billion in losses last year, a low estimate that still encapsulates the incredible value lost to threats actors. For small businesses, the costs can be catastrophic.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
JULY 6, 2021
Microsoft released the July 2021 non-security Microsoft Office updates with improvements and fixes for crashes and issues affecting Windows Installer (MSI) editions of Office 2016 products. [.].
Security Boulevard
JULY 6, 2021
Over the long weekend, a huge ransomware attack emerged. Kaseya seems to have been the common component. The post REvil Makes Monkeys out of Kaseya Customers appeared first on Security Boulevard.
Heimadal Security
JULY 6, 2021
QNAP Systems, Inc., a Taiwanese corporation that specializes in Network-attached storage (NAS) appliances has tackled a severe security flaw affecting certain legacy versions of HBS 3 (Hybrid Backup Sync). If exploited, this vulnerability allows cybercriminals to compromise the security of the operating system, escalate privileges, carry out commands remotely, or read private information without authorization.
Bleeping Computer
JULY 6, 2021
White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
285 
Let's personalize your content