Schneier on Security
AUGUST 18, 2020
Interesting paper: " How weaponizing disinformation can bring down a city's power grid ": Abstract : Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale. This is particularly alarming from a security perspective, as humans have proven to be one of the weakest links when protecting critical infrastructure in general, and the power grid in particular.
Tech Republic Security
AUGUST 18, 2020
The company says in SEC filing it is preparing for potential claims from guests, employees, and shareholders based on the data accessed.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 18, 2020
Interesting story of a vaccine for the Emotet malware: Through trial and error and thanks to subsequent Emotet updates that refined how the new persistence mechanism worked, Quinn was able to put together a tiny PowerShell script that exploited the registry key mechanism to crash Emotet itself. The script, cleverly named EmoCrash, effectively scanned a user's computer and generated a correct -- but malformed -- Emotet registry key.
Tech Republic Security
AUGUST 18, 2020
Learn to create profiles within PowerShell to customize your settings based on your working environment for optimal performance and efficiency.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
AUGUST 18, 2020
Security vendor Prevailion says it observed signs of malicious activity on the cruise operator's network between at least February and June.
Tech Republic Security
AUGUST 18, 2020
Stolen credentials are a thorn in any internet-facing organization's side. Auth0 claims it can reduce the effectiveness of attacks using them by 85% with its new bot detection tool.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Jane Frankland
AUGUST 18, 2020
Cybersecurity is big business. It impacts industry and individuals alike and doesn’t discriminate. Last year, Verizon reported that 71% of breaches were financially motivated, 25% came from espionage, and 21% were caused by human error. Unsurprisingly, according to Gartner, spending continues to rise and is forecast to reach $133.7 billion by 2022. Furthermore, from 2019–2023E, approximately USD 5.2 trillion in global value will be at risk from cyberattacks.
Adam Shostack
AUGUST 18, 2020
So Chris Romeo has a blog post, “ Threat modeling: better caught than taught.” In it, he advocates for threat modeling being a skill passed on informally. And, like many things in threat modeling, that’s attractive, sounds fun, and is utterly wrong. Let’s threat model this: What are we working on? Scaling threat modeling across all developers.
Dark Reading
AUGUST 18, 2020
The government is responding to threats targeting the GCKey service and CRA accounts, which are used to access federal services.
Security Affairs
AUGUST 18, 2020
A remote code execution (RCE) vulnerability affecting the Concrete5 CMS exposed numerous servers to full takeover, experts warn. A recently addressed remote code execution (RCE) flaw in the Concrete5 CMS exposed numerous websites to attacks. Concrete5 is an open-source content management system (CMS) designed for ease of use, for users with a minimum of technical skills.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
AUGUST 18, 2020
Enterprises can significantly alleviate current and long-standing third-party risk by using tactical and strategic efforts to assess and manage them.
Security Affairs
AUGUST 18, 2020
A critical vulnerability in Jenkins server software could result in memory corruption and cause confidential information disclosure. A critical vulnerability in Jenkins server software, tracked as CVE-2019-17638 , could result in memory corruption and cause confidential information disclosure. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community.
WIRED Threat Level
AUGUST 18, 2020
“Phone spear phishing” attacks have been on the rise since a bitcoin scam took over the social media platform in July.
Security Affairs
AUGUST 18, 2020
Security researchers have discovered a new crypto-minining botnet, dubbed TeamTNT, that is able to steal AWS credentials from infected servers. Security firm Cado Security reported that the TeamTNT botnet is the first one that is able to scan and steal AWS credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April and that targets Docker installs.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
AUGUST 18, 2020
Juniper identifies phishing campaign targeting business customers with malware using password protection, among other techniques, to avoid detection.
Security Affairs
AUGUST 18, 2020
Ukrainian authorities arrested the members of a cybercrime gang who ran 20 cryptocurrency exchanges involved in money laundering. Police in Ukraine announced the arrest of the members of a cybercrime gang composed of three individuals who ran 20 cryptocurrency exchanges used in money laundering activities. According to the Ukrainian officials, the cryptocurrency exchanges allowed crooks to launder more than $42 million in funds for other criminals.
Notice Bored
AUGUST 18, 2020
Some time back I bumped into a handy management guide on information risk - a double-sided leaflet from the I nformation A ssurance A dvisory C ouncil. In 2015, it inspired a security awareness briefing explaining that colourful process diagram, which has now morphed into a further 5-page briefing on I nformation R isk M anagement, soon to join the SecAware ISMS templates.
Security Affairs
AUGUST 18, 2020
The world’s largest cruise line operator Carnival Corporation has disclosed that one of their brands suffered a ransomware attack over the past weekend. Cruise line operator Carnival Corporation has disclosed that one of their brands was hit with a ransomware attack over the past weekend. Carnival Corporation & plc is a British-American cruise operator, currently the world’s largest travel leisure company, with a combined fleet of over 100 vessels across 10 cruise line brands.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
AUGUST 18, 2020
A recently uncovered, active campaign called "Duri" makes use of HTML smuggling to deliver malware.
SecureWorld News
AUGUST 18, 2020
Talk about kicking someone, or some organization, when it's down. The Carnival Corporation, which has canceled cruises for months now as a result of COVID-19, says one of its cruise brands was hit with a ransomware cyberattack. Carnival owns Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises (Australia), Costa Cruises, AIDA Cruises, P&O Cruises (UK), and Cunard.
Threatpost
AUGUST 18, 2020
The malware harvests AWS credentials and installs Monero cryptominers.
InfoWorld on Security
AUGUST 18, 2020
It’s 3:00 on a Tuesday, and your AIops tool messages that the corporate network is reaching a saturation point. It seems that one of the virtual cloud servers is spinning off a massive number of packets, hijacked by a rogue piece of software placed by a hacker the night before. You wish that the security operations tool would have picked up on this, but it was the general-purpose management and monitoring tool that saw the network traffic spiking out of threshold and sounded the alarm that drew
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
AUGUST 18, 2020
Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.
ForAllSecure
AUGUST 18, 2020
Remember trigonometry, where you were given the length of two sides of a triangle and had to compute the third side? We remembered vaguely SOH CAH TOA, but not much more. One thing we would have bet $50 on: That there wouldn’t be a buffer overflow in basic trigonometric functions. We would have lost that bet.
Dark Reading
AUGUST 18, 2020
It's time to position quality and security as equals under the metric of software integrity.
Threatpost
AUGUST 18, 2020
Vulnerability management continues to challenge businesses, as they face tens of thousands of bugs with every scan.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
AUGUST 18, 2020
Researchers who detected the attack explain what businesses should know about the HTML smuggling technique.
ForAllSecure
AUGUST 18, 2020
Remember trigonometry, where you were given the length of two sides of a triangle and had to compute the third side? We remembered vaguely SOH CAH TOA, but not much more. One thing we would have bet $50 on: That there wouldn’t be a buffer overflow in basic trigonometric functions. We would have lost that bet. Earlier this year we uncovered bugs in the GNU libc functions cosl, sinl, sincosl, and tanl due to assumptions in an underlying common function, leading to CVE-2020-10029.
Veracode Security
AUGUST 18, 2020
Developer security training is more critical than ever, but data shows us that the industry isn???t taking it quite as seriously as it should. A recent ESG survey report , Modern Application Development Security , highlights the glaring gaps in effective developer security training. In the report, we learned that only 20 percent of surveyed organizations offer security training to new developers who join their company, and 35 percent say that less than half of their developers even participate i
ForAllSecure
AUGUST 18, 2020
Remember trigonometry, where you were given the length of two sides of a triangle and had to compute the third side? We remembered vaguely SOH CAH TOA, but not much more. One thing we would have bet $50 on: That there wouldn’t be a buffer overflow in basic trigonometric functions. We would have lost that bet. Earlier this year we uncovered bugs in the glibc functions cosl, sinl, sincosl, and tanl due to assumptions in an underlying common function, leading to CVE-2020-10029.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
355 
Let's personalize your content