Schneier on Security
SEPTEMBER 24, 2021
The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards. At the top of the food chain are the government-sponsored hackers.
Tech Republic Security
SEPTEMBER 24, 2021
Cybersecurity professionals rely on VPNs to secure remote endpoints with an organization's home network. One expert suggests there is a better, simpler and safer approach to accomplish the same thing.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
SEPTEMBER 24, 2021
Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. [.].
Tech Republic Security
SEPTEMBER 24, 2021
Chris Wysopal shared a history lesson about the evolution of application security and advice on how to make all apps more secure.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
SEPTEMBER 24, 2021
Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild. [.].
Security Boulevard
SEPTEMBER 24, 2021
September marks the third annual National Insider Threat Awareness Month, launched by various federal agencies to highlight the growing danger insider threats pose to national security. Though the initiative has successfully increased awareness of the risks associated with insider threats, many organizations remain susceptible to attacks. In fact, 60% of organizations have more than 20.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 24, 2021
Here's how TruU's Passwordless Protection could make hybrid work easier and beef up security in the enterprise.
PCI perspectives
SEPTEMBER 24, 2021
Today, the Council has published “ PCI SSC Remote Assessment Guidelines and Procedures ”. These Guidelines define the principles and procedures for the appropriate use of remote assessments for PCI SSC standards when an onsite assessment is not possible. Here we interview Emma Sutcliffe, SVP Standards Officer on how the industry can use these guidelines to support secure remote assessment practices.
Threatpost
SEPTEMBER 24, 2021
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
Bleeping Computer
SEPTEMBER 24, 2021
Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Heimadal Security
SEPTEMBER 24, 2021
2020 and 2021 have been some truly revolutionary years and now that 2022 is only a few months away, you might wonder what’s going to happen next. In terms of cybersecurity trends, I can surely think of several probabilities, based on the cyber market tendencies we’ve seen so far. In one of my previous articles, […]. The post Top 7 Cybersecurity Trends for 2022 appeared first on Heimdal Security Blog.
Malwarebytes
SEPTEMBER 24, 2021
This morning Malwarebytes Labs received a scam masquerading as a security alert from Uber. The alert was pretty convincing and used the kind of language we’re used to seeing in genuine security emails and SMS messages. It read: Your Uber account was recently logged into from iPhone in London. If this wasn't you, reset your password here: [URL redacted].
Security Boulevard
SEPTEMBER 24, 2021
Last week I was talking with a friend. “Azure has a fun new vulnerability.” “Oh yeah? What is it?” “They silently install this OMI thing on all their Linux VMs. It’s a remote management framework. It talks over HTTPS. If you remove the authentication header from a request, you get root on the VM.” “What?! The post Oh, my God, Please Patch OMIGOD! appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 24, 2021
A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
SEPTEMBER 24, 2021
The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. [.].
The Hacker News
SEPTEMBER 24, 2021
Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads.
Threatpost
SEPTEMBER 24, 2021
The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.
The Hacker News
SEPTEMBER 24, 2021
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Herjavec Group
SEPTEMBER 24, 2021
BlackMatter?Ransomware is a breakout ransomware group that became operational shortly after the shutdown of the REvil Ransomware and DarkSide Ransomware operations in late Summer 2021. Like DarkSide, this group has been very vocal and expressive with the press about their operation. Furthermore, they have openly claimed that BlackMatter is the product of reproducing the “best parts” of previous ransomware operations [1].
We Live Security
SEPTEMBER 24, 2021
ESET unmasks FamousSparrow APT group – Stopping cloud data leaks – European cybercrime ring busted. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Threatpost
SEPTEMBER 24, 2021
One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
InfoWorld on Security
SEPTEMBER 24, 2021
These days cloud application developers are also security engineers. Who did not see this coming, given that application-level security is no longer an option? Also, we are pushing developers to build applications at scale, meaning they are becoming ops engineers and database engineers as well as security engineers, which is scary. The fact that most developers are not security experts is not lost on me.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
SEPTEMBER 24, 2021
A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system.
Cisco Security
SEPTEMBER 24, 2021
Earlier this year in a blog post , I shared a bit about our Auth-DoH idea. In case it’s not top of mind, let me help refresh your memory. Auth-DoH is essentially a safer way to publicly advertise private services. It’s a forward-looking idea to improve DNS security. Another forward-looking idea is Discovery of Designated Resolvers (DDR). DDR allows for upgrading from insecure DNS to secure DNS.
eSecurity Planet
SEPTEMBER 24, 2021
Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? While InsightIDR functions as a security information and event management (SIEM) solution, its functionality goes far beyond traditional SIEM products and extends to the budding XDR space.
Bleeping Computer
SEPTEMBER 24, 2021
This week's biggest news is the USA sanctioning a crypto exchange used by ransomware gangs to convert cryptocurrency into fiat currency. By targeting rogue exchanges, the US government is hoping to disrupt ransomware's payment system. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
SEPTEMBER 24, 2021
A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion Clubhouse and Facebook user records. Original Post @CyberNews [link]. A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion user records. The database was allegedly compiled by combining 3.8 billion phone numbers from a previously scraped Clubhouse ‘secret database’ with users’ Facebook profiles.
InfoWorld on Security
SEPTEMBER 24, 2021
These days cloud application developers are also security engineers. Who did not see this coming, given that application-level security is no longer an option? Also, we are pushing developers to build applications at scale, meaning they are becoming ops engineers and database engineers as well as security engineers, which is scary. The fact that most developers are not security experts is not lost on me.
Bleeping Computer
SEPTEMBER 24, 2021
Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration. [.].
The Hacker News
SEPTEMBER 24, 2021
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
262 
Let's personalize your content