Tue.Sep 21, 2021

Alaska’s Department of Health and Social Services Hack

Schneier on Security

Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination.

Is hacking back effective, or does it just scratch an evolutionary itch?

Tech Republic Security

Retribution by hacking back might make you feel better, but experts urge caution and explain why it's a bad idea


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The new math of cybersecurity value

CSO Magazine

Jenai Marinkovic doesn’t put much stock into figures that show how many attacks she and her security team have stopped. Those numbers, she says, really don’t provide any insights. Saying we blocked a million doesn’t tell us anything.

CSO 114

A zero-day flaw allows to run arbitrary commands on macOS systems

Security Affairs

Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on Macs.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

How privacy and security challenges may cause people to abandon your website

Tech Republic Security

More than half of consumers surveyed by Ping Identity said they ditched an online service when logging in proved too frustrating


Biden sanctions Suex cryptocurrency exchange to stifle ransomware payments

CSO Magazine

The Biden administration has introduced new sanctions against cryptocurrency exchange Suex to stifle revenue for ransomware groups. Suex, which has been accused by US officials of doing business with ransomware actors in the past, has had its access to US markets cut off as a result.

More Trending

Managing change in AI: Don't forget about your staff's needs and abilities

Tech Republic Security

When change affects people in your organization, remember that you have a wealth of talent that needn't go to waste. Consider re-skilling to meet the company's needs as well as the employees


Cyber Attack on CMA CGM and Blackmatter ransomware demand $5.9 million

CyberSecurity Insiders

CMA CGM, a France-based shipping and transportation company, has officially admitted that it was hit by a cyber attack that led to the leak of sensitive information such as first and last names, employee name, designation of employee, email address and phone number.

The iOS 15 Privacy Settings You Should Change Right Now

WIRED Threat Level

Apple’s latest software update has a bunch of new security features. Here's how to put them to use. Security Security / Security Advice

Is Extended Detection and Response (XDR) the Ultimate Foundation of Cybersecurity Infrastructure?

CyberSecurity Insiders

Security information and event management (SIEMs) collect data from security logs and in doing so are supposed to identify blind spots, reduce noise and alert fatigue, and simplify detection and response to complex cyberattacks. However, SIEM s have not lived up to these promises.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Breached Alaska Gov Systems Still Down—After 5 MONTHS

Security Boulevard

It’s been more than 20 weeks since a “sophisticated cyberattack” was detected at Alaska’s DHSS—and systems are still down. The post Breached Alaska Gov Systems Still Down—After 5 MONTHS appeared first on Security Boulevard.

Risk 103

What is 5G security? Explaining the security benefits and vulnerabilities of 5G architecture

CyberSecurity Insiders

This article was written by an independent guest author. 5G is already transforming and enhancing mobile connectivity. With its high speeds and low latency, almost all businesses and industries are now in the position to digitize applications and services they couldn’t dream of not long ago.

Google, Microsoft and Oracle amassed the most cybersecurity vulnerabilities in the first half of 2021

Tech Republic Security

A recent AtlasVPN report rounds up an inglorious cybersecurity top 10 of sorts, highlighting the companies that have amassed the most vulnerabilities in the first half of this year

European police dismantle cybercrime ring with ties to Italian Mafia

We Live Security

The group used phishing, BEC and other types of attacks to swindle victims out of millions. The post European police dismantle cybercrime ring with ties to Italian Mafia appeared first on WeLiveSecurity. Cybercrime

The Case for Decryption in Cybersecurity

eSecurity Planet

Effective encryption has long been critical for protecting sensitive enterprise data, but as hackers increasingly leverage encrypted channels to access and traverse enterprise networks, secure traffic decryption is also key to assessing potential threats.

Hidden costs incurred after being targeted by ransomware attacks

CyberSecurity Insiders

As soon as we hear or read about a ransomware attack on a company, we are in a state of mind that the business needs to pay only the ransom in order to avoid a loss to its data continuity on a permanent loss.

Execs Need Less Talk, More Action on Software Security

Security Boulevard

As the software industry struggles to recover from a supply chain security crisis, a study from Venafi indicates industry executives are saying the right things but doing very little to back up the rhetoric with decisive action to ensure vendor security.

Preparing for IT/OT convergence: Best practices

CyberSecurity Insiders

This blog was written by a colleague from Tenable. What is OT vs. IT? Modern-day industrial and critical infrastructure organizations rely heavily on the operational technology (OT) environment to produce their goods and services.

CTO 2.0: Maiffret Rejoins BeyondTrust

Dark Reading

Hacker-turned-entrepreneur Marc Maiffret reflects on his past few years "embedded" with enterprise security teams and how it has shaped his security view


Human-Driven Attacks Rose 77% During First Half of 2021

Security Boulevard

In human-driven attacks, fraudsters employ click farms to orchestrate attacks that need more nuanced human interaction.


10 Threat Trends in DNS Security

Dark Reading

Cisco Security examines Cisco Umbrella data for trends in malicious DNS activity during 2020

DNS 92

Ransomware Defense: The File Data Factor

Security Boulevard

Ransomware is no longer just targeting low-hanging fruit, nor can good backups alone protect you. IT organizations need to create a multilayered defense that goes beyond cybersecurity to incorporate modern data management strategies, particularly for unstructured file data.

Why Cryptomining Malware Is a Harbinger of Future Attacks

Dark Reading

Crypto thieves rely on users not noticing installation of their tiny payload on thousands of machines, or the CPU cycles being siphoned off to perpetuate the schemes

iOS 15 includes Face ID fix for security bypass using fake heads

Naked Security

Fake heads! Cue dystopian scifi music.). Apple iOS OS X Vulnerability Exploit FORCEDENTRY ios iOS 15 Patch


New Cooperative's Ransomware Attack Underscores Threat to Food & Agriculture

Dark Reading

The Iowa grain cooperative took its systems offline in response to a security incident earlier this week

CRISC certification: Your ticket to the C-suite?

CSO Magazine

What is CRISC? Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. It's offered by ISACA, a nonprofit professional association focused on IT governance with a number of certifications in its stable, including CISM.

CSO 84

Thrive today with not just being smart but being cyber smart

CyberSecurity Insiders

Photo by Cytonn Photography on Unsplash. Cybersecurity is everyone’s responsibility: Don’t just be smart, be cyber smart. In our digital age, cybersecurity is everyone’s responsibility. Every device you use, the app you download, the bit of information you share, or the message you open comes with a certain amount of risk. Hardening the human firewall. Many of the most worrying cyber security vulnerabilities involve human negligence or ignorance.

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Security Affairs

Russia-linked cyber espionage group Turla made the headlines again, the APT has employed a new backdoor in a recent wave of attacks.

106 arrests as police dismantle Mafia-linked online crime gang

Graham Cluley

106 people have been arrested, mostly in Spain and some in Italy, following a multi-national investigation into online fraud. Read more in my article on the Hot for Security blog. Business email compromise Law & order Phishing business email compromise phishing

Through edtech, society’s cybersecurity ability is heading up a notch

CyberSecurity Insiders

Photo by Marvin Meyer on Unsplash. This blog was written by an independent guest blogger. Edtech is helping to provide children and adults all over the world with new and updated skills and knowledge. One important area it’s helping with is cybersecurity. A recent report by Forbes gave the opinion that edtech would provide the perfect backdrop for cybersecurity learning , and it's easy to see why.

New Mac malware masquerades as iTerm2, Remote Desktop and other apps


Last week, security researcher Patrick Wardle released details of a new piece of malware masquerading as the legitimate app iTerm2. The malware was discovered earlier the same day by security researcher Zhi ( @CodeColorist on Twitter), and detailed on a Chinese-language blog.

TeamTNT with new campaign aka “Chimaera”

CyberSecurity Insiders

Executive summary. AT&T Alien Labs™ has discovered a new campaign by threat group TeamTNT that is targeting multiple operating systems and applications. The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more.

New macOS zero-day bug lets attackers run commands remotely

Bleeping Computer

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. [.]. Apple Security


U.S. companies excel at limiting shadow IT, according to a new report

Tech Republic Security

Many respondents are planning to continue remote operations for the next couple of years, but what strategies are they implementing to protect themselves in the age of remote work at scale


VMware warns of critical bug in default vCenter Server installs

Bleeping Computer

VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments. [.]. Security