Wed.Nov 18, 2020

article thumbnail

Linux and open source: The biggest issue in 2020

Tech Republic Security

This year was rough for all involved--even Linux and open source didn't come through unscathed. See what Jack Wallen considers to be the biggest issue for Linux in 2020.

203
203
article thumbnail

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Security Affairs

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defense evasion and social engineering,” reads a message pub

Phishing 132
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

"123456" tops list of most common passwords for 2020

Tech Republic Security

People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.

Passwords 218
article thumbnail

Cybersecurity Training for Beginners: How to Train for CompTIA Security+

CompTIA on Cybersecurity

Learn about the cybersecurity industry for beginners and how you can further your cybersecurity career with IT certifications like CompTIA Security+.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Microsoft's new security chip takes PC protection to a higher level

Tech Republic Security

Intel, AMD and Qualcomm will use the Microsoft-designed Pluton security processor from Xbox One and Azure Sphere in future SoCs to deliver better protection than a TPM.

183
183
article thumbnail

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users of a large e-commerce platform in Latin America with malware tracked as Chaes.

Phishing 114

More Trending

article thumbnail

CompTIA PenTest+ Is Now DoD Approved: Why It Matters

CompTIA on Cybersecurity

CompTIA PenTest+ is now approved by the U.S. Department of Defense (DoD) 8570 for three cybersecurity job categories.

article thumbnail

Zoom: These new features will prevent trolls and meeting-crashers

Tech Republic Security

Zoom hosts can now pause a meeting while they remove a disruptive participant, and a new web-scanning tool will seek out compromised meeting links.

166
166
article thumbnail

Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women

WIRED Threat Level

A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored.

126
126
article thumbnail

How to improve the security of your public cloud

Tech Republic Security

Almost all the professionals who responded to a survey from BitGlass were concerned about the security of their public cloud apps and data.

172
172
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

Researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability. . Symantec’s Threat Hunter Team, a Broadcom division, uncovered a global campaign conducted by a China-linked APT10 cyber-espionage group targeting businesses using the recently-disclosed ZeroLogon vulnerability. .

article thumbnail

Webex security flaw allows people to secretly sneak into meetings as "ghosts"

Tech Republic Security

Now patched by Cisco, three flaws in Webex would have given intruders full access to a meeting without being seen, says IBM.

175
175
article thumbnail

What Truebill and Other Financial Apps Have in Common With EDR

McAfee

Truebill, Chargebee, Fusebill and other financial apps have been inundating my social feeds and until recently I didn’t understand why I would need one of these apps. I’m the type that knows her bank account balance to the penny and I was shocked to discover that many of my co-workers and, of course, my college kid had no idea their balance was low until they tried to use their debit card and got declined.

Banking 98
article thumbnail

Security experts level criticism at Apple after Big Sur launch issues

Tech Republic Security

Users took to social media to complain about slow systems with one report pointing to an OCSP responder as the culprit.

Media 173
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

LAPD Bans Facial Recognition, Citing Privacy Concerns

Threatpost

The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.

article thumbnail

GoPhish: How to run a phishing attack simulation

Tech Republic Security

Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.

Phishing 145
article thumbnail

Cisco fixed flaws in WebEx that allow ghost participants in meetings

Security Affairs

Cisco has addressed three flaws in Webex Meetings that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. Cisco has addressed three vulnerabilities in Webex Meetings ( CVE-2020-3441 , CVE-2020-3471 , and CVE-2020-3419 ) that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. “A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attack

Media 92
article thumbnail

66% of companies say it would take 5 or more days to fully recover from a ransomware attack ransom not paid

Tech Republic Security

Veritas research finds data protection strategies are not keeping pace with the complexity of the attacks enterprises are facing.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

How to Identify Cobalt Strike on Your Network

Dark Reading

Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.

Antivirus 110
article thumbnail

Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping

Threatpost

Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.

104
104
article thumbnail

Researchers Say They've Developed Fastest Open Source IDS/IPS

Dark Reading

With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab.

93
article thumbnail

Widespread Scans Underway for RCE Bugs in WordPress Websites

Threatpost

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.

Internet 118
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings

Dark Reading

Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.

109
109
article thumbnail

Ghostery’s New Search Engine Will Be Entirely Ad-Free

WIRED Threat Level

The tracker-blocking company will soon launch a privacy-friendly desktop browser as well.

article thumbnail

As Businesses Move to Multicloud Approach, Ransomware Follows

Dark Reading

The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change.

article thumbnail

Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole

Threatpost

Overall Google's Chrome 87 release fixed 33 security vulnerabilities.

111
111
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Out With the Old Perimeter, in With the New Perimeters

Dark Reading

A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.

81
article thumbnail

Why Fuzzing Works

ForAllSecure

Have you heard of fuzzing before but wondered what all the fuss was about, or have you seen the “ bug walls ” of well-known fuzzers and wondered how they could possibly uncover so many problems, especially in heavily tested, well-audited codebases? Today I’ll talk about the fundamental reasons why fuzzing is so effective, and why it’s likely to remain a useful part of a secure software development lifecycle for quite a while.

article thumbnail

Online Shopping Surge Puts Focus on Consumer Security Habits

Dark Reading

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.

103
103
article thumbnail

Nature vs. Nurture Tip 1: Use DAST With SAST

Veracode Security

When conducting research for this year???s State of Software Security report , we looked at how ???nature??? and ???nurture??? contribute to the time it takes to close out a security flaw. For the ???nature??? side, we looked at attributes that we cannot change, like application size or age. For ???nurture,??? we looked at application attributes we can change, like security scan frequency and cadence.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.