Schneier on Security
OCTOBER 30, 2020
Sunoo Park and Kendra Albert have published “ A Researcher’s Guide to Some Legal Risks of Security Research.” From a summary : Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions (DMCA §1201), electronic privacy law (ECPA), and cryptography export controls, as well as broader legal areas such as contract and trade secret law.
Troy Hunt
OCTOBER 30, 2020
It was a bit of a slow start this week. "Plan A" was to use the new GoPro with the Media Mod (including light and lapel mic) and do an outdoor session. This should really be much easier than it was with multiple issues ranging from connectivity drops to audio sync to simply not having a GoPro to tripod adaptor. I'll need to get on top of that before my big Xmas holiday trip and none of these are insurmountable problems, but this stuff should be easy!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 30, 2020
According to Amazon, Nitro Enclaves will help customers reduce attack surfaces for their applications by providing a highly isolated and hardened environment for data processing.
Security Affairs
OCTOBER 30, 2020
Google researchers disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. Security researchers from Google have disclosed a zero-day vulnerability in the Windows operating system, tracked as CVE-2020-17087, that is currently under active exploitation. Ben Hawkes, team lead for Google Project Zero team, revealed on Twitter that the vulnerability was chained with another Chrome zero-day flaw, tracked as CVE-2020-15999 , that Google re
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
OCTOBER 30, 2020
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.
Security Affairs
OCTOBER 30, 2020
Microsoft researchers are warning that threat actors are continuing to actively exploit the ZeroLogon vulnerability in attacks in the wild. Microsoft is warning that threat actors are actively exploiting the ZeroLogon vulnerability in the Netlogon Remote Protocol. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it re
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
OCTOBER 30, 2020
Experts uncovered a new watering hole attack, dubbed Operation Earth Kitsune , targeting the Korean diaspora that exploits flaws in web browsers. Researchers at Trend Micro have disclosed details about a new watering hole campaign, dubbed Operation Earth Kitsune , targeting the Korean diaspora that exploits flaws in web browsers such as Google Chrome and Internet Explorer to deploy backdoors.
Threatpost
OCTOBER 30, 2020
The Roaming Mantis group is targeting the States with a malware that can steal information, harvest financial data and send texts to self-propagate.
WIRED Threat Level
OCTOBER 30, 2020
On the battlefield, any doorway can be a death trap. A special ops vet, and his businessman brother, have built an AI to solve that problem.
Dark Reading
OCTOBER 30, 2020
After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
OCTOBER 30, 2020
Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers.
Security Affairs
OCTOBER 30, 2020
Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the last victims of the Ryuk ransomware operators. Ryuk ransomware operators continue the target the US healthcare industry, the last victims in order of time are the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The news of the attack comes a few hours after The FBI, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health
Threatpost
OCTOBER 30, 2020
The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism.
Security Affairs
OCTOBER 30, 2020
Organizations and security incidents in Kubernetes environments, these are 5 key components of the control plane that demand special attention. Organizations are no strangers to security incidents in their Kubernetes environments. In its State of Container and Kubernetes Security Fall 2020 survey, StackRox found that 90% of respondents had suffered a security incident in their Kubernetes deployments in the last year.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
OCTOBER 30, 2020
In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software.
Dark Reading
OCTOBER 30, 2020
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
McAfee
OCTOBER 30, 2020
McAfee MVISION Cloud was the first to market with a CASB solution to address the need to secure corporate data in the cloud. Since then, Gartner has published several reports dedicated to the CASB market, which is a testament to the critical role CASBs play in enabling enterprise cloud adoption. Today, Gartner named McAfee a Leader in the 2020 annual Gartner Magic Quadrant for Cloud Access Security Brokers (CASB) for the fourth time evaluating CASB vendors.
Dark Reading
OCTOBER 30, 2020
Free program lets students solve real-world security problems - and learn about cybersecurity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Mitnick Security
OCTOBER 30, 2020
While there are different types of pentests , with every pen test consisting of four main phases — planning, pre-attack, attack, and post-attack— few realize the extent of work that goes into the pre-attack phase. Just as even the best-built house will crumble without a solid foundation, penetration testers must do their due diligence in the beginning to sell successful exploits.
Dark Reading
OCTOBER 30, 2020
The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.
CompTIA on Cybersecurity
OCTOBER 30, 2020
Cross-layered detection and response (XDR) takes security solutions to the next level by helping IT pros weed through the fog of more.
NSTIC
OCTOBER 30, 2020
This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Katerina Megas, program manager, Cybersecurity for the Internet of Things (IoT) program. In this post, Ms. Megas discusses how technological innovations, such as 5G, might impact the online experiences of consumers and businesses, how IoT is changing security risks, and what solutions are emerging for a more secure Internet of Things.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Schneier on Security
OCTOBER 30, 2020
Interview with Mike Vecchione , Curator of Cephalopoda — now that’s a job title — at the Smithsonian Museum of National History. One reason they’re so interesting is they are intelligent invertebrates. Almost everything that we think of as being intelligent — parrots, dolphins, etc. — are vertebrates, so their brains are built on the same basic structure.
Herjavec Group
OCTOBER 30, 2020
Contributed by David Mundhenk , Principal Consultant, Herjavec Group. Wholescale student populations are now being sequestered at home long-term and are receiving their schooling via remote classroom access due to the COVID-19 pandemic. School systems, teachers, and administrators have had to acquire and deploy cyber tech en masse; implement and administer whole-scale network systems, convert school curriculum to support remote access delivery, install complex video conferencing, end-user help d
Threatpost
OCTOBER 30, 2020
Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry -- including bugs that just won't die.
Security Affairs
OCTOBER 30, 2020
The DoppelPaymer ransomware operators have released data that was stolen from Hall County, Georgia earlier this month. The DoppelPaymer ransomware operators have published online data that was stolen from Hall County , Georgia earlier this month. The attack took place on October 7, it hit Hall County, in the northern part of the state and it disabled the county’s voter signature database.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
OCTOBER 30, 2020
Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam — and anyone working on the upcoming election needs to pay attention. .
Expert insights. Personalized for you.
299 
Let's personalize your content