Krebs on Security
JANUARY 29, 2021
The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year.
Schneier on Security
JANUARY 29, 2021
This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 29, 2021
The highly sophisticated SolarWinds attack was designed to circumvent threat detection—and it did, for much too long. Two cybersecurity experts share some valuable lessons learned from the attack.
Schneier on Security
JANUARY 29, 2021
Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits are chained together for zero-click attacks.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 29, 2021
This comprehensive guide covers different types of denial of service attacks, DDoS protection strategies, as well as why it matters for business.
SC Magazine
JANUARY 29, 2021
Researchers at GRIMM have discovered multiple vulnerabilities – two of which could lead to remote code execution (RCE) – within the NITRO open source library that the Department of Defense and federal intelligence community use to exchange, store and transmit digital images collected by satellites. Two of the flaws “looked like they could lead to remote code execution,” said Adam Nichols, principal of the Software Security practice at GRIMM, who explained to SC Media that photos in the library a
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
JANUARY 29, 2021
Incident response (IR) is a key part of any large organization’s security posture. Ensuring your teams know how to react to different situations and scenarios enables companies to respond quicker and more effectively to cyberattacks.
Tech Republic Security
JANUARY 29, 2021
Find out why it might be time to shift your cybersecurity prevention strategies to resiliency and what not to do in the process.
Hot for Security
JANUARY 29, 2021
USCellular, a Chicago-based mobile network operator, has revealed a data breach incident affecting an undisclosed number of customers. The company believes the incident occurred on January 4, 2021, after threat actors managed to trick employees into accessing and downloading malicious software on some retail-store computers. Two days later, the breach was discovered, prompting the company to reset employee passwords and remove the compromised systems from its computer network. “On January
Tech Republic Security
JANUARY 29, 2021
It's not easy to justify cybersecurity spends based on financial gains. Read tips on how to improve the odds.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JANUARY 29, 2021
Bizarrely, it’s Google that revealed the big change that came in iOS 14 last year. The post BlastDoor: iOS 14’s Shield Over Zero-Click Attacks appeared first on Security Boulevard.
CSO Magazine
JANUARY 29, 2021
The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer ( CSO ) or chief information security officer ( CISO ) for the first time to support a deeper commitment to information security. Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends.
The Hacker News
JANUARY 29, 2021
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app.
Tech Republic Security
JANUARY 29, 2021
Companies are most vulnerable when employees work from home or use a combination of company and personal devices.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
JANUARY 29, 2021
Threat actors took over the domain name perl.com and pointed it to an IP address associated with malware campaigns. Attackers have taken over the official domain name of The Perl Foundation perl.com and pointed it to an IP address associated with malware campaigns. Users are recommended to avoid visiting the domain. The domain Perl.com was created in 1994 and was the official website for the Perl programming language, it is registered with the registrar key-systems(.)net. “The perl.com dom
Tech Republic Security
JANUARY 29, 2021
Attackers are tricking employees into logging into phishing sites.
GlobalSign
JANUARY 29, 2021
Responding to the COVID crisis has put the cybersecurity world to the test. Unfortunately, there is a significant shortage of trained cybersecurity professionals, and this fact is not lost on the hackers.
Zero Day
JANUARY 29, 2021
After the discovery of NAT Slipstreaming 2.0 attack this week, Google says it will block Chrome traffic on ports 69, 137, 161, 1719, 1720, 1723, 6566, and 10080.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JANUARY 29, 2021
A recent story in Popular Mechanics discusses the new President and his desire to use a Peloton exercise bike in the White House. As a smart, connected device with internet connectivity, this most innocent of devices is now under review for use by the most powerful person in the world. Why? Because it’s an example of the new endpoint - connected in a critical environment, and unsecured.
CSO Magazine
JANUARY 29, 2021
Despite the security industry's efforts to disrupt the TrickBot botnet , its operators are trying to revive it with new infection campaigns. The latest one, observed by researchers this month, targeted legal and insurance companies. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters !
The Hacker News
JANUARY 29, 2021
A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information.
Security Affairs
JANUARY 29, 2021
Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. Researchers from Microsoft monitored a cyber espionage campaign aimed at vulnerability researchers and attributed the attacks to North Korea-linked Zinc APT group. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
PCI perspectives
JANUARY 29, 2021
After seeing the 1983 film WarGames as a child, Sheryl Benedict became fascinated by computer technology. In this edition of our blog, Sheryl explains how the thought of protecting organizations from the bad guys inspired her to achieve great things in cybersecurity.
Naked Security
JANUARY 29, 2021
A long-running domain supporting the popular programming language Perl has suddenly vanished. We don't yet know how or why.
Security Boulevard
JANUARY 29, 2021
Encryption has clearly taken centre stage as businesses protect what is most important to them, and the health, reputation, and. The post Encryption is taking centre stage – and Entrust’s nShield HSMs are in the spotlight appeared first on Entrust Blog. The post Encryption is taking centre stage – and Entrust’s nShield HSMs are in the spotlight appeared first on Security Boulevard.
Threatpost
JANUARY 29, 2021
Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
JANUARY 29, 2021
A new California law prohibits efforts to trick consumers into handing over data or money. A bill in Washington state copies the language.
Tech Republic Security
JANUARY 29, 2021
Some companies are using monitoring software to keep tabs on employees working from home. Some organizations are crying foul.
Malwarebytes
JANUARY 29, 2021
This blog post was authored by Hasherezade and Jérôme Segura. Emotet has been the most wanted malware for several years. The large botnet is responsible for sending millions of spam emails laced with malicious attachments. The once banking Trojan turned into loader was responsible for costly compromises due to its relationship with ransomware gangs.
SC Magazine
JANUARY 29, 2021
Exposed enterprise IoT devices can be an indicator of security issues to come, with firms sporting exposed devices having a 62% higher density of other security problems, new research shows. For example, companies with exposed IoT are more than 50% more likely to have email security issues, according to a new report and blog post from the Cyentia Institute and RiskRecon.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
291 
Let's personalize your content