Schneier on Security
AUGUST 13, 2020
Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" deliberate attempts to direct moral judgement against their target.
Tech Republic Security
AUGUST 13, 2020
Organizations must quickly adopt the zero trust mindset of "never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Shostack
AUGUST 13, 2020
I’ll be speaking at the MDIC’s Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. Join us shortly!
Tech Republic Security
AUGUST 13, 2020
Companies are too reliant on dated software, the most essential-to-crises staff aren't required attendance at cybersecurity training, and the pandemic exacerbated problems, according to a new report.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
AUGUST 13, 2020
Threat Intel firm Group-IB has released an analytical report on the previously unknown APT group RedCurl, which focuses on corporate espionage. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has released an analytical report on the previously unknown APT group RedCurl , which focuses on corporate espionage. In less than three years, RedCurl attacked dozens of targets all over the world — from Russia to Canada.
Tech Republic Security
AUGUST 13, 2020
Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 13, 2020
The flaws could also have helped attackers obtain usernames, phone numbers, voice history, and installed skills, says Check Point Research.
Security Affairs
AUGUST 13, 2020
The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group. The name comes from drovo [?????
Tech Republic Security
AUGUST 13, 2020
Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method.
Security Affairs
AUGUST 13, 2020
Microsoft did not properly address an elevation of privilege flaw ( CVE-2020-1509 ) in the Windows Local Security Authority Subsystem Service (LSASS). Google Project Zero researcher who discovered the elevation of privilege flaw ( CVE-2020-1509 ) in the Windows Local Security Authority Subsystem Service (LSASS) warn that Microsoft did not properly address it. “An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated atta
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
AUGUST 13, 2020
Healthcare data breaches have fallen this year but could surge over the next few months as hospital records remain a top target, says CI Security.
Threatpost
AUGUST 13, 2020
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices.
WIRED Threat Level
AUGUST 13, 2020
The Justice Department says that an agent of the terrorist organization operated FaceMaskCenter.com, in part of a series of cryptocurrency-related complaints.
Threatpost
AUGUST 13, 2020
A never before seen malware has been used for espionage purposes via Linux systems, warn the NSA and FBI in a joint advisory.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
AUGUST 13, 2020
People in Europe and Canada have gone back to the hours they were working before the coronavirus shutdown.
Threatpost
AUGUST 13, 2020
Fortinet's recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 - and what that means for cybercrime.
Dark Reading
AUGUST 13, 2020
Some titles are hot, while others are not, amid rapidly shifting business priorities.
Threatpost
AUGUST 13, 2020
The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
AUGUST 13, 2020
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.
Threatpost
AUGUST 13, 2020
Rare attack on cellular protocol exploits an encryption-implementation flaw at base stations to record voice calls.
WIRED Threat Level
AUGUST 13, 2020
Amazon has patched the flaw, but its discovery underscores the importance of locking down your voice assistant interactions.
Threatpost
AUGUST 13, 2020
The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and even account takeover.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
AUGUST 13, 2020
Phishing emails and fake website promise help with the Small Business Administration's program that aids those affected by COVID-19.
SecureWorld News
AUGUST 13, 2020
If anyone has benefited from the COVID-19 pandemic, it's Zoom. The virtual meeting platform became a household name within months and a critical resource for students, employees, and anyone looking to connect with loved ones. But according to a new lawsuit between Zoom and Consumer Watchdog, the company hasn't been completely honest about its service.
Dark Reading
AUGUST 13, 2020
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
SecureWorld News
AUGUST 13, 2020
Are we starting to sound like a broken record? Because we're starting to feel like one. New COVID-19 scams are running rampant throughout the digital sphere. From contact tracing smishing schemes to fake vaccines , SecureWorld has covered many of them. Sometimes, it feels like false information about this disease spreads even faster than the virus itself.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
AUGUST 13, 2020
APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations.
Threatpost
AUGUST 13, 2020
The APT is becoming more sophisticated over time.
Dark Reading
AUGUST 13, 2020
Breach disclosures are down, and reported ransomware attacks have also plummeted. Good news -- or a calm before the storm?
Adam Levin
AUGUST 13, 2020
The SANS Institute, a company that provides cybersecurity training and certification, announced that a data breach compromised the personally identifiable data of roughly 28,000 records. The breach has been traced back to a phishing attack that targeted an employee of the company. Describing itself as “the most trusted and by far the largest source for information security training in the world,” SANS stated in their announcement of the breach on August 6 that they “identified a suspicious forwa
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
293 
Let's personalize your content