Tue.Jul 20, 2021

NSO Group Hacked

Schneier on Security

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists.

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

Peter Levashov, appearing via Zoom at his sentencing hearing today.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Reporting Matters – even for a Smishing Message

StaySafeOnline

The post Reporting Matters – even for a Smishing Message appeared first on Stay Safe Online

113
113

The Move Toward Continuous Testing

Security Boulevard

DevSecOps is the expansion of DevOps that includes security professionals as well. The idea is for everyone to be looking at the code together, rather than in silos. This will produce the most robust and resilient software with the least amount of time and cost.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Cybersecurity Professionals to Newcomers: Focus on Vendor-Neutral Certifications

CyberSecurity Insiders

Cybersecurity professionals are far more likely to hold vendor-specific certificates than certifications from a vendor-neutral association or standards-based organization, according to the (ISC)² Cybersecurity Career Pursuers Study.

The Cyber Security Buffs: January 2021 Edition

Security Boulevard

Cyber Security Buffs conducted a webinar on 28th January 2021 to celebrate the occasion of Data Privacy Day. This webinar speculated the upcoming challenges and trends associated with data privacy.

More Trending

Some URL shortener services distribute Android malware, including banking or SMS trojans

We Live Security

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity. Mobile Security Uncategorized

Why digital issuance is the perfect recipe for modern financial services

CyberSecurity Insiders

While instant card issuance has become a common service for many banks, digital issuance, where banks can issue card credentials directly to a customer’s mobile wallet, looms as the next development to revolutionise the way consumers interact with their financial services provider. .

Deepfakes: The Next Big Threat

Security Boulevard

A number of mobile apps give anyone with a smartphone and a few minutes of time on their hands the ability to create and distribute a deepfake video. All it takes is a picture of, say, yourself that you’d swap with an actor in a movie or a television show. The apps do the hard.

Your iPhone and the Pegasus spyware hack: What you need to know

Tech Republic Security

iPhones have been compromised by the NSO Group's Pegasus spyware. Should you be worried? That depends on who you ask

Ransomware attack on law firm leads to data breach

CyberSecurity Insiders

Campbell Conroy & O’Neil’s law firm has issued a public statement early today that it was a victim of a ransomware attack on February 27th,2021 and the incident could have led to a potential data breach that is under serious investigation.

Companies are losing the war against phishing as attacks increase in number and sophistication

Tech Republic Security

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors

Mobile 143

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

The Hacker News

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.

Back-to-Basics: Reduce Where Payment Data Can Be Found

PCI perspectives

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable.

New Windows and Linux Flaws Give Attackers Highest System Privileges

The Hacker News

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.

Apple’s Insecure iPhone Lets NSO Hack Journalists (Again)

Security Boulevard

Yet another zero-day bug in iOS has allowed notorious spyware vendor NSO Group to break into the iPhones of journalists and activists. The post Apple’s Insecure iPhone Lets NSO Hack Journalists (Again) appeared first on Security Boulevard.

A New Approach to Finding Cybersecurity Talent: A Conversation with Alan Paller

eSecurity Planet

A group of technology luminaries have launched an effort to find and train a new generation of cybersecurity talent, an effort that will gain steam tomorrow with The Cyber Talent CIO Forum.

Cloud (in)security: Avoiding common cloud misconfigurations

Security Boulevard

In 2020, digital transformation across all sectors accelerated at lightning speed out of sheer necessity. As a result of this collective cloud scramble, security likely took a back seat to the urgent need to pivot to a fully remote workforce during the height of the pandemic. .

Vaccine passports have to be consistent so that all countries can recognize them, expert says

Tech Republic Security

This might create problems for those from poorer countries. Their countries may not have the resources to create vaccine passports that are readable everywhere

137
137

Telegram offers fix to its non encrypted chat vulnerability

CyberSecurity Insiders

Telegram made it official that it has offered a security fix to non-encrypted chats that were previously vulnerable to cyber attacks through manipulated bots.

Diversifying Cybersecurity Talent Through Aptitude Testing

Security Weekly

With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm.

Be The Strongest Link In Your Organization’s Supply Chain

CyberSecurity Insiders

A Singular Aspect of Risk Management. As a security and privacy practitioner, you understand the importance of risk management. Perhaps you are a member of the risk management committee in your organization, or you may serve in an advisory role for that committee.

Cybereason Enhances XDR Offering with empow Acquisition

Security Boulevard

Today’s targeted attacks increasingly take aim at multiple devices and users simultaneously while employing a range of tactics, techniques and procedures (TTPs).

US and Global Allies Accuse China of Massive Microsoft Exchange Attack

The Hacker News

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS).

Spam Kingpin Peter Levashov Gets Time Served

Security Boulevard

A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally.

Superior Security Enhancement With Biometric Fingerprint Scanner

SecureBlitz

Here, we will talk about security enhancement with a biometric fingerprint scanner. Look around you and you will notice that fingerprint recognition is one of the most widely utilized biometrics recognition systems.

Defending Against Pervasive Spyware

Security Boulevard

The revelation that Israeli company NSO Group’s spy software Pegasus was targeting the smartphones of activists, journalists and business executives sent a shockwave through the international press.

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

The Hacker News

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005.

Zero-Trust is an Adjective Without a Noun

Security Boulevard

People love to talk about zero-trust right now, for a number of reasons. It has the word “zero” in there, which has some history in the information security world (e.g., zero-day vulnerabilities). It’s also a simple and eye-catching phrase, so it fits well into product marketing exercises.

Google Cloud CISO Phil Venables on the future of cloud security

CSO Magazine

In March 2021 Google Cloud announced a new offering called Risk Protection Program, which is designed to help its cloud customers reduce security risk and connect with Google’s insurer partners, Allianz Global Corporate & Specialty and Munich Re.

Popular Myths about VPNs

Security Boulevard

In this sponsored episode from our friends at ClearVPN, Artem Risukhin Content Marketing Manager at ClearVPN, joins co-host Tom Eston to discuss the most popular myths about VPNs.

8 biases that will kill your security program

CSO Magazine

The decisions that security leaders make can often be influenced by a variety of cognitive biases, some of which are subtle and others that are easy to spot.

How to build a security-first culture with remote teams

Security Boulevard

If recent world events have driven an increase in the number of remote workers in your organization, you are now confronted by even more security challenges for already stretched security teams and busy IT departments.

CISO 87

Top 5 things to know about supply chain attacks

Tech Republic Security

Worried about supply chain attacks? Tom Merritt can help you understand your risk

Risk 121

Who Can See Your Address Online? | Avast

Security Boulevard

Finding out someone’s address used to be kind of hard — or at least took some effort. I’m old enough to remember a time when you had to grab that brick called the “yellow pages” to search for someone’s address.

87

Ransomware fallout is devastating and could often be avoided, study finds

Tech Republic Security

Ransomware victims face tightened budgets, lost productivity and other problems. In most cases, new post-attack security measures could have prevented the ransomware attack if implemented beforehand