Joseph Steinberg

DECEMBER 14, 2020

The U.S. government instructed all of its civilian agencies to immediately shut off various popular network and system management products being exploited as part of an ongoing cyberattack. Russian government hackers are believed to have poisoned with malware updates of the SolarWinds Orion products used in many government agencies and in over 80% of the Fortune 500, introducing vulnerabilities that the hackers then exploited to conduct espionage and to pilfer extremely sensitive materials.

Government 245

Government Cybersecurity Software Engineering 245

Schneier on Security

DECEMBER 14, 2020

This is a weird story of a building owner commissioning an artist to paint a mural on the side of his building — except that he wasn’t actually the building’s owner. The fake landlord met Hawkins in person the day after Thanksgiving, supplying the paint and half the promised fee. They met again a couple of days later for lunch, when the job was mostly done.

Authentication 238

Authentication 238

Tech Republic Security

DECEMBER 14, 2020

The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.

IoT 218

IoT Cybersecurity Government 218

Schneier on Security

DECEMBER 14, 2020

This is a current list of where and when I am scheduled to speak: I’m speaking (online) at Western Washington University on January 20, 2021. Details to come. I’ll be speaking at an Informa event on February 28, 2021. Details to come. The list is maintained on this page.

194

194

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 14, 2020

Stretching back for months, the breaches were pulled off by exploiting a vulnerability in network monitoring software from SolarWinds, according to security firm FireEye.

Government 172

Government Software 172

Security Affairs

DECEMBER 14, 2020

Last week, ZDnet reported in an exclusive that the tech unicorn UiPath admitted having accidentally exposed the personal details of some users. UiPath is a leading Robotic Process Automation vendor providing a complete software platform to help organizations efficiently automate business processes. The startup started reporting the security incident to its customers that had their data accidentally exposed online, only users who registered on its platform before or on March 17, 2020, were impac

Data breaches 140

Data breaches Backups Software Passwords 140

Security Affairs

DECEMBER 14, 2020

Apple addressed this week serious code execution vulnerabilities that affect its iOS and iPadOS mobile operating systems. Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating systems. The IT giant released iOS 14.3 and iPadOS 14.3 version to address eleven security vulnerabilities, including code execution flaws.

Mobile 138

Mobile Hacking Information Security Malware 138

Tech Republic Security

DECEMBER 14, 2020

A survey of gamers worldwide found that gamers deal with bullying and theft of in-game valuables in addition to identity theft.

Identity Theft 166

Identity Theft Risk 166

Dark Reading

DECEMBER 14, 2020

An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.

Technology 142

Technology 142

Security Affairs

DECEMBER 14, 2020

18,000 SolarWinds customers may have been impacted by the attack against its supply chain, the company said in a SEC filing. SolarWinds revealed that 18,000 customers might have been impacted by the cyber attack against its supply chain. The alarming data emerged in a filing with the Securities and Exchange Commission (SEC) on Monday. “On December 13, 2020, SolarWinds delivered a communication to approximately 33,000 Orion product customers that were active maintenance customers during and

Telecommunications 133

Telecommunications Hacking Government Cyber Attacks 133

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Javvad Malik

DECEMBER 14, 2020

From a creative perspective, 2020 hasn’t been a bad year for me. I ended up writing, 80 blog posts (most of which were published elsewhere ) created 54 videos, 48 podcasts, and 48 presentations and webinars. I guess lockdown gave me more time to mull on things and be more productive. Despite the fact that I am far more productive than the average person, and have been called the Hercules of information security (not my words), I think it’s good for everyone to take some downtime.

Information Security 100

Information Security 100

Security Affairs

DECEMBER 14, 2020

Hackers broke into the networks of federal agencies and FireEye by compromising SolarWinds’ Orion Network Management Products. The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. .

Software 130

Software Hacking Telecommunications Government 130

Threatpost

DECEMBER 14, 2020

Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.

Accountability 120

Accountability Phishing Hacking 120

Security Affairs

DECEMBER 14, 2020

Sophos and ReversingLabs released SoReL-20M, a database containing 20 million Windows Portable Executable files, including 10M malware samples. Sophos and ReversingLabs announced the release of SoReL-20M , a database containing 20 million Windows Portable Executable files, including 10 million malware samples. The SoReL-20M database includes a set of curated and labeled samples and security-relevant metadata that could be used as a training dataset for a machine learning engine used in anti-malw

Malware 120

Malware Threat Detection Engineering Hacking 120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

DECEMBER 14, 2020

Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.

Government 145

Government Technology Malware Software 145

CompTIA on Cybersecurity

DECEMBER 14, 2020

This article will introduce you to how embedded systems and security are connected and why embedded developers should have cybersecurity skills.

Cybersecurity 117

Cybersecurity 117

SecureWorld News

DECEMBER 14, 2020

It is the digital version of the Trojan horse. The software updates for your IT management tools arrive automatically and contain legitimate changes—but hidden inside the update is malware that gives hackers secret access to your network. In modern times, this is called a supply chain cyberattack. And according to the U.S. Government and prominent security researchers, this type of attack is playing out right now on a global scale.

Software 104

Software Government Malware Cyber Attacks 104

Threatpost

DECEMBER 14, 2020

The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.

Malware 119

Malware Hacking 119

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

DECEMBER 14, 2020

What are some common ploys targeting PayPal users? Here’s what you should watch out for when using the popular payment service. The post How scammers target PayPal users and how you can stay safe appeared first on WeLiveSecurity.

98

98

Threatpost

DECEMBER 14, 2020

This is the third breach in the past few weeks for the world’s most popular streaming service.

Data breaches 141

Data breaches Passwords 141

Digital Shadows

DECEMBER 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) recently released an Emergency Directive reporting on a long-running supply-chain attack actively exploiting. The post SolarWinds Compromise: What security teams need to know first appeared on Digital Shadows.

Cybersecurity 98

Cybersecurity Cyber threats Cybercrime 98

WIRED Threat Level

DECEMBER 14, 2020

A supply chain attack against IT company SolarWinds has exposed as many as 18,000 companies to Cozy Bear's attacks.

Hacking 124

Hacking 124

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SecureWorld News

DECEMBER 14, 2020

Out-of-office replies have become a staple for many of us. Whether we're traveling for business or pleasure, it's common practice to create an automatic out-of-office reply for incoming emails. But are we sacrificing security in the name of business continuity? When crafting an out-of-office reply, it's critical to remember that some emails that arrive in your inbox will come from people you don't know—and, in some cases, cybercriminals who wish to do you harm.

Mobile 98

Mobile Healthcare Security Awareness Phishing 98

Trend Micro

DECEMBER 14, 2020

Various sources have recently disclosed a sophisticated attack that hit organizations via the supply chain via a compromised network monitoring program. This post discusses what the Sunburst backdoor is and what you can do now to mitigate this threat.

Cyber threats 86

Cyber threats 86

WIRED Threat Level

DECEMBER 14, 2020

It remains unclear how effective the warnings will be, but the attempt alone is a promising development.

100

100

Threatpost

DECEMBER 14, 2020

The insider threat will go to jail for two years after compromising Cisco's cloud infrastructure.

Accountability 102

Accountability 102

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Acunetix

DECEMBER 14, 2020

Would you say that your company is secure if your employees are using laptops with no anti-malware installed at all? Most businesses would say that is an irresponsible approach. Then why would many businesses have websites and web applications with no protection at all? An. Read more. The post 5 Reasons Why Web Security Is as Important as Endpoint Security appeared first on Acunetix.

Malware 74

Malware 74

Webroot

DECEMBER 14, 2020

The cybersecurity industry and end-of-year predictions go together like Fall and football or champagne and the New Year. But on the heels of an unprecedented year, where a viral outbreak changed the landscape of the global workforce practically overnight, portending what’s in store for the year ahead is even trickier than usual. One thing the cybersecurity experts at Webroot agree on is that work from home is here to stay for 2021, or at least it won’t recede to pre-pandemic levels in even the m

Cybersecurity 74

Cybersecurity Engineering Phishing Social Engineering 74

Threatpost

DECEMBER 14, 2020

The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort.

Government 98

Government Malware Hacking 98

SecureList

DECEMBER 14, 2020

Corporate endpoint security technologies for mid-sized companies struggle to surprise us with anything brand new. They provide reliable protection against malware and, when combined with relevant policies, regular updates, and employee cyberhygiene, they can shield a business from a majority of cyber-risks. For some, it may seem like you do not need more security than this… But is that really the case?

Technology 71

Technology Malware Antivirus Software 71

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.