Schneier on Security

MARCH 15, 2021

Interesting research: “ Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System “: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet

Engineering 349

Engineering Internet Internet 349

Joseph Steinberg

MARCH 15, 2021

The MAC address “device filtering” feature of your LAN’s router is unlikely to provide you with any significant security benefits – and, if you enable the feature, it may cause you heartaches. Recently, I participated in a (virtual) discussion about the security of home networks – an important topic as hundreds of millions of people around the world continue to work remotely due to the ongoing COVID-19 pandemic.

Wireless 301

Wireless Artificial Intelligence Encryption Passwords 301

Krebs on Security

MARCH 15, 2021

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

Passwords 277

Passwords Accountability Hacking Data breaches 277

Tech Republic Security

MARCH 15, 2021

Subtle cybersecurity concerns are in play when vetting candidates remotely for a position that entails working remotely. Learn what they are and what to do about them.

Cybersecurity 212

Cybersecurity 212

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Shostack

MARCH 15, 2021

For pi day, we celebrated with a set of pies – a British style bacon and liver pie, a chicken pot pie, and a cherry pie. The bacon and liver pie, with roasted carrot and shallot, was intended as a joke and came out well enough that we’ll make it again. The cherry pie, with dried cherry and prosciutto, was also good as a sauce-free design.

130

130

Tech Republic Security

MARCH 15, 2021

A Home.com survey found that while most understood the value and necessity of the investment in new tools and gadgets, there were quite a few who worried the technology would facilitate some kind of hack.

Technology 178

Technology Hacking 178

Tech Republic Security

MARCH 15, 2021

If businesses are going to successfully navigate the road ahead they'll need to focus on these security problems and attack vectors.

199

199

Bleeping Computer

MARCH 15, 2021

Microsoft has released out-of-band non-security updates to fix a know Windows 10 issue causing blue screens when printing to network printers after installing the March 2021 cumulative updates. [.].

144

144

Tech Republic Security

MARCH 15, 2021

What is probably the best open source password manager on the market has added a new feature that will make using the tool even better.

Password Management 176

Password Management Marketing Passwords 176

The Hacker News

MARCH 15, 2021

The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement.

Encryption 144

Encryption 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MARCH 15, 2021

As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky.

Malware 183

Malware 183

We Live Security

MARCH 15, 2021

From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for? The post PayPal fraud: What merchants should know appeared first on WeLiveSecurity.

Scams 145

Scams 145

Tech Republic Security

MARCH 15, 2021

A global study by Intel indicates 73% of respondents gravitate toward companies that proactively find, mitigate and communicate security vulnerabilities.

145

145

The Hacker News

MARCH 15, 2021

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the best DDoS protection software solutions.

DDOS 143

DDOS Software Marketing 143

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

MARCH 15, 2021

To keep your Linux servers and desktops as secure as possible, you should check for and remove legacy communication services. Jack Wallen shows you how.

145

145

Security Boulevard

MARCH 15, 2021

Are you interested in a career in the tech industry? Synopsys’ Niyati Shah outlines five tips to help set women up for success. The post Breaking the glass ceiling: How women in tech succeed in a male-dominated industry appeared first on Software Integrity Blog. The post Breaking the glass ceiling: How women in tech succeed in a male-dominated industry appeared first on Security Boulevard.

Software 139

Software 139

Bleeping Computer

MARCH 15, 2021

Microsoft has released a one-click Exchange On-premises Mitigation Tool (EOMT) tool to allow small business owners to easily mitigate the recently disclosed ProxyLogon vulnerabilities. [.].

Small Business 138

Small Business 138

CyberSecurity Insiders

MARCH 15, 2021

For the first time after being elected as a Prime Minister of UK, Boris Johnson spoke about cyber attacks on a direct note. The 57-year-old stated that Britain needs to boost its capacity to conduct cyber attacks and must also conduct digital invasions on foreign nations. “As the cyber power is evolving on a greater note, we also need to bring changes in the way we are dealing with the attacks said the Honorable Minister who was hinting at the cyber wars that were taking in the digital space at

Cyber Attacks 133

Cyber Attacks Government Cybersecurity 133

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MARCH 15, 2021

Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device. [.].

Phishing 145

Phishing 145

SecureList

MARCH 15, 2021

A year ago — everything changed. In an effort to stem the tide of a rapidly spreading pandemic, the world shut down. Shops were forced to shut their doors, and whole countries were placed on stringent lockdowns. Schools were closed around the world, with more than one billion children affected, and the vast majority of companies had to switch to remote work , sometimes with only a week’s notice.

Phishing 132

Phishing Advertising Spyware Internet 132

SC Magazine

MARCH 15, 2021

IronNet Cybersecurity announced a $1.2 billion agreement Monday with special purpose acquisition company LGL Systems Acquisition Corp. to go public. The combined company will move forward as IronNet Cybersecurity Inc., and be listed on the New York Stock Exchange under the ticker symbol IRNT. Company officials expect the company to go public by the third quarter of 2021.

Artificial Intelligence 128

Artificial Intelligence Insurance Media Cybersecurity 128

Security Boulevard

MARCH 15, 2021

Cloud architecture is the organization of components and capabilities that are necessary in order to leverage the power of cloud resources. Following the recent mass migration to the cloud, organizations are embracing best practices for architecting and securing the cloud. However, it has not been an easy journey and many have made mistakes along the.

Architecture 125

Architecture Cybersecurity 125

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CSO Magazine

MARCH 15, 2021

Although many networking and security vendors use terms that include the phrase zero trust , not everyone is using it to mean the same thing. Adding to the potential for confusion are the terms zero trust access (ZTA) and zero trust network access (ZTNA), which often are used interchangeably. With so many similar terms and acronyms floating around, it’s important to make sure you understand what a vendor is actually talking about when you're discussing solutions.

124

124

Malwarebytes

MARCH 15, 2021

Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via: Uk(dot)royalmail-bill(dot)com. Lots of folks may assume this text message is genuine, along with the URL.

Scams 123

Scams Phishing Banking Mobile 123

Bleeping Computer

MARCH 15, 2021

?A Microsoft 365 outage is preventing users from logging into Microsoft Teams, Exchange Online, Forms, Xbox Live, and Yammer. [.].

145

145

SecurityTrails

MARCH 15, 2021

Find out how the early days of Intigriti looked like, who is behind their famous Twitter account and much more in this interview with Stijn Jans and Inti De Ceukelaire.

Accountability 124

Accountability 124

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

MARCH 15, 2021

Intelligent automation (IA) is transforming the way organizations operate everything from finance to operations and human resources. Basic robotic process automation (RPA), or advanced process developments such as artificial intelligence (AI), can unlock the potential to do things faster, better and at a lower cost. These technologies are fairly easy to deploy and deliver quick.

Government 120

Government Artificial Intelligence Risk Technology 120

The Hacker News

MARCH 15, 2021

Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks.

Software 118

Software 118

Security Boulevard

MARCH 15, 2021

A privacy advocate at Comparitech reported on the discovery of over 50,000 records stored on two publicly accessible AWS S3 […]. The post Another S3 Bucket Leads to Breach of 50k Patient Records appeared first on Sonrai Security. The post Another S3 Bucket Leads to Breach of 50k Patient Records appeared first on Security Boulevard.

Data breaches 120

Data breaches 120

CyberSecurity Insiders

MARCH 15, 2021

This blog was written by an independent guest blogger. To those who pay attention to such things, it seems like a new vulnerability in smart car systems is found every week. In 2020, the numbers beat all previous years. The inescapable conclusion is that smart cars are now among the favorite targets of hackers and APT (Advanced Persistent Threat) actors.

Cybersecurity 114

Cybersecurity Cyber threats 114

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.