Schneier on Security

SEPTEMBER 30, 2021

The NSA and CISA have released a document on how to harden your VPN.

VPN 285

VPN 285

Tech Republic Security

SEPTEMBER 30, 2021

Microsoft has just released its most recent Windows Server platform. Check out the improved hybrid cloud features, beefed up security and improved support for large on-premises applications.

188

188

The Last Watchdog

SEPTEMBER 30, 2021

Most of us internet users are obviously familiar with CAPTCHAs: a challenge or test that is designed to filter out bots (automated programs) and only allow legitimate human users in. Related: How bots fuel ‘business logic’ hacking. The basic principle behind CAPTCHA is fairly simple: the test must be as difficult as possible (if not impossible) to solve by these bots, but at the same time it must be easy enough for human users not to hurt user experience.

Internet 133

Internet Internet Technology Hacking 133

Security Boulevard

SEPTEMBER 30, 2021

After a year spent managing increased business risks—including security, IT resiliency and cybersecurity concerns—business leaders need to adjust their mindset when it pertains to risk management and avoid the more traditional approach to crisis management and business continuity planning. The past year has also changed the inherent risks companies, both globally and here in the.

Risk 143

Risk Cybersecurity Government Network Security 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 30, 2021

If you're looking for one of the best vulnerability scanners on the market, Nessus might be the ticket. Jack Wallen shows you how to install this platform on Rocky Linux.

Marketing 129

Marketing 129

The Hacker News

SEPTEMBER 30, 2021

The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months. Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues.

Data breaches 135

Data breaches 135

CSO Magazine

SEPTEMBER 30, 2021

CISOs looking to beef up their customer-facing authentication procedures to thwart cyberattacks need to walk a fine line. You want the method to provide tight security without being too complicated, confusing, or onerous for end users. You also need to be mindful of privacy concerns, particularly when it comes to approaches like challenge questions or facial recognition.

Authentication 128

Authentication Passwords Retail CISO 128

CyberSecurity Insiders

SEPTEMBER 30, 2021

This blog was written by an independent guest blogger. DevSecOps means countering threats at all stages of creating a software product. The DevSecOps process is impossible without securing the source code. In this article, I would like to talk about Static Application Security Testing (SAST). As development fluency is growing every year, many companies are introducing DevSecOps.

Marketing 128

Marketing Software Risk Technology 128

Bleeping Computer

SEPTEMBER 30, 2021

Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers. [.].

140

140

We Live Security

SEPTEMBER 30, 2021

A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. The post ESET Threat Report T2 2021 appeared first on WeLiveSecurity.

Threat Reports 125

Threat Reports Threat Detection 125

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

SEPTEMBER 30, 2021

Security researchers have recently seen a notorious cyberespionage group with ties to the Russian government deploy a new backdoor that's designed to hook into Active Directory Federation Services (AD FS) and steal configuration databases and security token certificates. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters !

CSO 125

CSO Malware Government Software 125

Tech Republic Security

SEPTEMBER 30, 2021

Both could help businesses struggling to secure remote workforces and protect ever-increasing vulnerability footprints.

141

141

The Hacker News

SEPTEMBER 30, 2021

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.

123

123

Bleeping Computer

SEPTEMBER 30, 2021

Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files. [.].

Encryption 127

Encryption Ransomware Cybersecurity 127

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

We Live Security

SEPTEMBER 30, 2021

Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds. The post Hackers could force locked iPhones to make contactless payments appeared first on WeLiveSecurity.

Authentication 122

Authentication 122

Bleeping Computer

SEPTEMBER 30, 2021

Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit. [.].

Telecommunications 121

Telecommunications 121

Graham Cluley

SEPTEMBER 30, 2021

A secret backdoor in the notorious ransomware's code is said to allow the Ransomware-as-a-service gang to steal ransom proceeds from under the noses of its affiliates. Read more in my article on the Tripwire State of Security blog.

Ransomware 121

Ransomware Scams Malware 121

Security Boulevard

SEPTEMBER 30, 2021

Researchers found a huge nest of Trojan apps in the Google Play Store, dubbed GriftHorse. The post ‘GriftHorse’ Android Trojan: 10M Victims Lose Millions per Month appeared first on Security Boulevard.

Social Engineering 120

Social Engineering Scams Security Awareness Engineering 120

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

SEPTEMBER 30, 2021

Taiwan-based network-attached storage (NAS) maker QNAP has released security patches for multiple vulnerabilities that could allow attackers to inject and execute malicious code and commands remotely on vulnerable NAS devices. [.].

117

117

Security Boulevard

SEPTEMBER 30, 2021

With phishing scams common and the risk of security breaches made more likely thanks to an expanding threat surface, security teams are debating how to deal with—and in some cases, punish—employees who fail security tests, as well as those who fail cybersecurity quizzes or fall victim to scams such as business email compromise. A new. The post Successfully Influencing Employee Security Behavior appeared first on Security Boulevard.

Scams 119

Scams Phishing Risk Cybersecurity 119

PCI perspectives

SEPTEMBER 30, 2021

Today, the PCI SSC published a minor revision to the PCI Point-to-Point Encryption (P2PE) ®?Standard. We talk with Mike Thompson, Senior Manager of Emerging Standards and the Chair of the PCI Council’s P2PE Working Group, about some of these changes.

Encryption 116

Encryption 116

Digital Guardian

SEPTEMBER 30, 2021

The tool, which is intended for both public and private sector organizations, can help companies better assess their vulnerability to insider threats.

Risk 126

Risk 126

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CSO Magazine

SEPTEMBER 30, 2021

Many organizations transact with hundreds of third-party partners, according to EY’s Global Third-Party Risk Management Survey 2019-2020 , a trend that PwC finds shows no sign of slowing, even as the risks increase. A recent survey by security vendor Anchore found that in the past 12 months, 64% of businesses experienced a supply chain attack, and this year supplier attacks are expected to quadruple , according to the European Union Agency for Cybersecurity.

Cyber Risk 114

Cyber Risk Risk Cybersecurity 114

Cisco Security

SEPTEMBER 30, 2021

Cisco Secure Managed Remote Access is Support Worth a Smile. Chandrodaya Prasad (VP, Network & Application Security Product Management) and AJ Shipley (VP, Product Management, CX Security & Collaboration) discuss the new cloud-delivered managed service offering—Cisco Secure Managed Remote Access (CSMRA)—and the value it delivers enterprise customers.

Marketing 110

Marketing Firewall Cybersecurity Cyber threats 110

CSO Magazine

SEPTEMBER 30, 2021

Just as the threat landscape evolves over time, so does security technology. Having been in the cyber security space for more than 15 years, I have witnessed a number of evolutions first hand. I have seen macro changes such as the rotation of antivirus solutions from the endpoint to the gateway and back again, as well as the bundling of endpoint security products such as antivirus, antispyware, host intrusion prevention, and application control into an endpoint protection platform ( EPP ).

Antivirus 111

Antivirus Risk Encryption Technology 111

CyberSecurity Insiders

SEPTEMBER 30, 2021

Usually we do not encourage such tactics of earning money through cyber frauds. However, in order to warn those interested, we have published this article. The next time if you are thinking to join a ransomware as a service scheme of REvil group to earn some money through extortion or to take vengeance, you better be aware that such schemes will always dupe the partner first and then the victim next.

Ransomware 110

Ransomware Encryption Malware Cryptocurrency 110

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

SEPTEMBER 30, 2021

I was recently asked to provide input for a colleague’s blog on why, in the tech industry, despite advancements in women representation, senior leadership remains dominantly male. My initial response was okay, let me list a couple bullets and send them your way. I made myself a cup of coffee and started thinking about it. After a while, I felt overwhelmed by my own reactions. .

108

108

Bleeping Computer

SEPTEMBER 30, 2021

Microsoft has released the optional KB5005611 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes bugs in Microsoft Outlook and makes it easier to mitigate the PrintNightmare vulnerability. [.].

107

107

Threatpost

SEPTEMBER 30, 2021

Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed.

Hacking 112

Hacking Authentication Mobile 112

Bleeping Computer

SEPTEMBER 30, 2021

The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service (DDoS) attack. [.].

DDOS 106

DDOS 106

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.