Mon.Oct 11, 2021

The European Parliament Voted to Ban Remote Biometric Surveillance

Schneier on Security

It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.

GUEST ESSAY: How SPDX helps reconcile interdependencies of open, proprietary software

The Last Watchdog

Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Experts Say Cyber Attacks Are Getting Worse

Security Boulevard

A new article on WNEP is reporting on experts who claim that cyber attacks are getting worse. Not surprising at the top of the list is ransomware attacks., which have made headlines, crippling healthcare computer systems, 9-1-1 centers, stopping work on gas pipelines, and more.

6 ways the pandemic has triggered long-term security changes

CSO Magazine

Some of the changes to IT environments prompted by the COVID-19 pandemic—primarily work-from-home (WFH) and cloud adoption—are here to stay and will require long-term revisions to enterprise cybersecurity strategies.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Recent Cyber Attacks Illustrate Why Your Organization Needs a Cybersecurity Strategy

Security Boulevard

The growth of the internet has been a mixed blessing. Technological advancement has spread across the globe and improved daily living. However, network connected devices and software applications provide more opportunities for hackers to steal confidential data.

NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

Security Affairs

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack.

DNS 105

More Trending

How to combat the most prevalent ransomware threats

Tech Republic Security

Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says

Overly Complex IT Infrastructures Pose Security Risk

Dark Reading

Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds

Risk 103

7 VPN alternatives for securing remote network access

CSO Magazine

Once the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines.

VPN 99

Why we need an industry-focused approach to cybersecurity

Security Boulevard

There are lots of basic, cybersecurity hygiene rules. Strong authentication, proper cybersecurity training, and patching software are good guidelines that everyone should follow. When you dig into the nuances of effective security, though, it quickly becomes apparent that one size doesn’t fit all.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Apple released emergency update to fix zero-day actively exploited

Security Affairs

Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild.

Stop compromising on web application security

Security Boulevard

Modern web applications are often in continuous development in highly automated workflows, so keeping them secure requires equally automated AppSec solutions. When you add to this a highly dynamic threat environment, manual security processes cannot hope to keep up.

98

How to Permanently Delete Your Facebook Account

WIRED Threat Level

If you've finally hit your breaking point, here's how to say goodbye to Mark Zuckerberg's empire. Security Security / Security Advice

Handling Threat Intelligence Across Billions of Data Points

Dark Reading

Graph databases can play a role in threat intelligence and unraveling sprawling data

95

Cybersecurity awareness month: Fight the phish!

Naked Security

Phishing crooks get to try over and over again. But you only need to make one mistake. Phishing #BeCyberSmart #Cybermonth phishing

Blockchain Chainalysis acquires Cybersecurity firm Excygent

CyberSecurity Insiders

Chainalysis, a company that offers blockchain analysis software to government agencies for tracking down digital frauds, has announced that it has acquired Forensic firm Excygent to strengthen its stand in investigating high profile incidents related to cyber-crime such as ransomware attacks.

Staying Ahead of Ransomware With the Cloud

Security Boulevard

According to a report from Check Point Software, there were 93% more ransomware attacks in the first half of 2021 than during the same period last year.

Apple quietly patches yet another iPhone 0-day – check you have 15.0.2

Naked Security

They did it again. Apple iOS Vulnerability CVE-2021-30883 ios iPad iPadOS iPhone

87

Ransomware cost US companies almost $21 billion in downtime in 2020

We Live Security

The victims lost an average of nine days to downtime and two-and-a-half months to investigations, an analysis of disclosed attacks shows. The post Ransomware cost US companies almost $21 billion in downtime in 2020 appeared first on WeLiveSecurity. Ransomware

With CMMC Certification, Slow and Steady Wins the Race

Security Boulevard

This blog post was originally created by A-LIGN. Read the original blog here. The post With CMMC Certification, Slow and Steady Wins the Race appeared first on Security Boulevard.

Risk 85

Applying Behavioral Psychology to Strengthen Your Incident Response Team

Dark Reading

A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs

85

BrandPost: Slow EDR Rollout Requires a NG-IDS Compensating Control

CSO Magazine

When Anton Chuvakin, then a Gartner Analyst, first coined the term endpoint detection and response (EDR) in 2013, most enterprises raced to replace antivirus (AV) with EDR.

The 5 Phases of Zero-Trust Adoption

Dark Reading

Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data

82

BrandPost: Detect Malware in Encrypted Traffic for Improved Security Visibility

CSO Magazine

According to the Ponemon Institute's 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their entire environment—up from around 40% in 2015, and 25% in 2010.

Congress Tackles Data Privacy Compliance for FinTech

Security Boulevard

When Democrats and Republicans in Congress agree on an issue, you know the problem must be serious. In this case, the problem is third-party FinTech data sharing.

NSA warns of wildcard certificate risks, provides mitigations

Bleeping Computer

The U.S. National Security Agency (NSA) is warning of the dangers stemming from the use of broadly-scoped certificates to authenticate multiple servers in an organization. These include a recently disclosed ALPACA technique that could be used for various traffic redirect attacks. [.]. Security

BrandPost: Why Decryption Is Necessary for Security

CSO Magazine

Encryption improves security. Encryption offers many benefits to improve security, securing the transmission of data for both external and internal network traffic. In general, encryption is gaining wider adoption. According to the Google Transparency Report , 95% of internet traffic is HTTPS.

Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks

Bleeping Computer

Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads. [.]. Security Apple

114
114

BrandPost: The Elements of Cyberdefense

CSO Magazine

million people over eleven counties in North Texas depend on Tarrant Regional Water District (TRWD) for their water supply and flood control measures.

Risk 79

LibreOffice, OpenOffice bug allows hackers to spoof signed docs

Bleeping Computer

LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. [.]. Security Software

7 Smart Ways a Security Team Can Win Stakeholder Trust

Dark Reading

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward

78

Nuclear engineer's espionage plans unraveled by undercover FBI agent

Bleeping Computer

A Navy nuclear engineer and his wife were arrested under espionage-related charges alleging violations of the Atomic Energy Act after selling restricted nuclear-powered warship design data to a person they believed was a foreign power agent. [.]. Security

Iran-linked DEV-0343 APT target US and Israeli defense technology firms

Security Affairs

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks.

Ukrainian police arrest DDoS operator controlling 100,000 bots

Bleeping Computer

Ukrainian police have arrested a hacker who controlled a 100,000 device botnet used to perform DDoS attacks on behalf of paid customers. [.]. Security

DDOS 109

Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing

Security Affairs

LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed documents.