Schneier on Security
JULY 20, 2021
NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there. Amnesty International has a report.
Krebs on Security
JULY 20, 2021
Peter Levashov, appearing via Zoom at his sentencing hearing today. A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov , a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 20, 2021
A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.
Bleeping Computer
JULY 20, 2021
Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 20, 2021
This might create problems for those from poorer countries. Their countries may not have the resources to create vaccine passports that are readable everywhere.
Bleeping Computer
JULY 20, 2021
Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
JULY 20, 2021
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity.
Tech Republic Security
JULY 20, 2021
iPhones have been compromised by the NSO Group's Pegasus spyware. Should you be worried? That depends on who you ask.
CyberSecurity Insiders
JULY 20, 2021
While instant card issuance has become a common service for many banks, digital issuance, where banks can issue card credentials directly to a customer’s mobile wallet, looms as the next development to revolutionise the way consumers interact with their financial services provider. . However, while this innovation seems to only apply to the issuing of digital cards, digital issuance, in combination with a bank’s mobile app, has the potential to unlock a whole variety of different services for
Tech Republic Security
JULY 20, 2021
Ransomware knows no borders. An attorney with cybersecurity expertise suggests the only way to stop ransomware is for nations to create a global solution.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JULY 20, 2021
DevSecOps is the expansion of DevOps that includes security professionals as well. The idea is for everyone to be looking at the code together, rather than in silos. This will produce the most robust and resilient software with the least amount of time and cost. The post The Move Toward Continuous Testing appeared first on Security Boulevard.
CyberSecurity Insiders
JULY 20, 2021
Campbell Conroy & O’Neil’s law firm has issued a public statement early today that it was a victim of a ransomware attack on February 27th,2021 and the incident could have led to a potential data breach that is under serious investigation. The law firm that has some of the renowned companies as clients has determined that the ransomware spreading hackers could have accessed or stolen sensitive info that includes driving license numbers, social security numbers, names, date of births, f
Trend Micro
JULY 20, 2021
We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks.
CSO Magazine
JULY 20, 2021
The decisions that security leaders make can often be influenced by a variety of cognitive biases, some of which are subtle and others that are easy to spot. Avoiding these biases is critical to ensuring that cyber risks are interpreted and acted upon in an appropriate manner especially when major disruptions happen—such as the recent shift to a more distributed work environment because of the COVID-19 pandemic.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
JULY 20, 2021
Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type conversion vulnerability that resides in the filesystem layer used to manage user data in all major distros released since 2
CyberSecurity Insiders
JULY 20, 2021
Cybersecurity professionals are far more likely to hold vendor-specific certificates than certifications from a vendor-neutral association or standards-based organization, according to the (ISC)² Cybersecurity Career Pursuers Study. But when asked which qualifications they would recommend to cybersecurity newcomers, professionals tend to prioritize vendor-neutral credentials.
Security Boulevard
JULY 20, 2021
Cyber Security Buffs conducted a webinar on 28th January 2021 to celebrate the occasion of Data Privacy Day. This webinar speculated the upcoming challenges and trends associated with data privacy. It focused on the policies and practices organizations should enforce to prevent data breaches and strengthen their data privacy framework. In this interactive session, esteemed […].
CSO Magazine
JULY 20, 2021
In March 2021 Google Cloud announced a new offering called Risk Protection Program, which is designed to help its cloud customers reduce security risk and connect with Google’s insurer partners, Allianz Global Corporate & Specialty and Munich Re. The insurers created a specialized cyber insurance policy exclusively for Google Cloud customers, called Cloud Protection +.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CyberSecurity Insiders
JULY 20, 2021
Google Security Summit witnessed the release of a new set of features that should protect the data and applications being stored and accessed from the cloud. The newly developed and integrated features into Google Cloud include innovative intrusion detection system, multiple integrations, autonomic security operations stack, and extension of its native Risk Protection Program.
Bleeping Computer
JULY 20, 2021
The Federal Bureau of Investigation (FBI) warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered. [.].
CSO Magazine
JULY 20, 2021
Following a push by the White House to address the ransomware crisis emanating from Russia and the imposition of sanctions on Russia for its spree of malicious cyber actions, the Biden administration has launched a multi-part strategy to shame another digital security adversary, China, into halting its digital malfeasance.
Security Boulevard
JULY 20, 2021
A number of mobile apps give anyone with a smartphone and a few minutes of time on their hands the ability to create and distribute a deepfake video. All it takes is a picture of, say, yourself that you’d swap with an actor in a movie or a television show. The apps do the hard. The post Deepfakes: The Next Big Threat appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CSO Magazine
JULY 20, 2021
In this video, you will learn from leading cybersecurity subject matter experts at the official Women’s Executive Leadership Panel hosted by HP on June 8, 2021 at the Cyber Security Summit. This exclusive discussion included top female leaders speaking about the latest threats companies face, as well as a focus on advancing women’s careers in executive leadership roles.
Tech Republic Security
JULY 20, 2021
Worried about supply chain attacks? Tom Merritt can help you understand your risk.
Thales Cloud Protection & Licensing
JULY 20, 2021
Business as Usual During a Terrible, Horrible, No Good, Very Bad Year. madhav. Tue, 07/20/2021 - 09:40. 2020 was a challenging year for the world. With the unprecedented need for workforces to work remotely, companies around the world were put to the ultimate test to keep the pace of business as usual, with limited disruption—many finding that balance difficult at best.
PCI perspectives
JULY 20, 2021
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
JULY 20, 2021
DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting. [.].
Threatpost
JULY 20, 2021
Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM.
Bleeping Computer
JULY 20, 2021
An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates' systems. [.].
CSO Magazine
JULY 20, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) issued on July 20, 2021, an alert ( AA-22-2021A ) addressing the successful Chinese intrusion of the United States oil and natural gas pipeline companies from 2011 to 2013. In its alert, CISA shares the frequency with which the attacks occurred, number of confirmed compromises, number of near misses, and the number of attacks whose depth of intrusion was undetermined. [ Learn what you need to know about defending critical infrastructure
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
363 
Let's personalize your content