Tech Republic Security
DECEMBER 28, 2020
Using SMS for multi-factor authentication is helpful, but not always secure or reliable. What if you lose your phone? Tom Merrittlists five additional ways to receive MFA codes, without SMS.
Adam Shostack
DECEMBER 28, 2020
You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines. First, the FDA has authorized two vaccines for emergency use. The review memoranda ( Pfizer , Moderna ) are all sorts of fascinating. As the kids say, TL;DR: both vaccines are safe and no meaningful side effects were seen in testing approximately 44,000 and 30,400 test subjects.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 28, 2020
The American multinational manufacturer and marketer of home appliances Whirlpool was hit by the Nefilim ransomware gang. The American multinational manufacturer and marketer of home appliances Whirlpool suffered a ransomware attack, Nefilim ransomware operators claim to have stolen data from the company and threaten to release the full dump if the company will not pay the ransom.
Tech Republic Security
DECEMBER 28, 2020
The BBB provides recommendations on what to include in your business website's privacy policy.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 28, 2020
The Parliament of Finland confirmed that threat actors had access to email accounts of multiple members of parliament (MPs). . “Parliament of Finland has been subjected to a cyberattack in the fall of 2020. The attack was discovered by parliament technical surveillance. Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs.” Parliament officials said. “The cyberattack is being investigated by the Nati
Anton on Security
DECEMBER 28, 2020
I got into a very insightful debate with somebody who will remain nameless in the beginning of this post, but will perhaps be revealed later. The debate focused on the role of context in threat detection. Specifically, it is about the role of local context (environment knowledge, organization context, site details, etc) in threat detection. Can threat detection work well without such local context?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Threatpost
DECEMBER 28, 2020
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.
Security Affairs
DECEMBER 28, 2020
Researchers discovered that the popular e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. Researchers from cybersecurity firm vpnMentor discovered that the e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. 21 Buttons allows users to shares photos of their outfits with links to the brands they’re wearing, then their followers can purchase their favorite clothes directly from the relevant brands using the app.
WIRED Threat Level
DECEMBER 28, 2020
Phone calls. Web searches. Location tracks. Smart speaker requests. They’ve become crucial tools for law enforcement, while users often are unaware.
Dark Reading
DECEMBER 28, 2020
The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors. So when can they get started?
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Identity IQ
DECEMBER 28, 2020
Cybersecurity experts are still trying to determine the scale of damage wrought by a recent cyberattack using SolarWinds software on the U.S. government and Fortune 500 companies. The attack aimed at the U.S. Treasury and Commerce departments as well as international companies continued for months until it was discovered by FireEye, a cybersecurity company that also fell victim to the hacking campaign.
Approachable Cyber Threats
DECEMBER 28, 2020
As 2020 draws to a close, we're highlighting our Top 10 ACT Posts of 2020 to recap the year in cybersecurity! Stay tuned here to find out what they were. #10. The Top Cybersecurity Blogs We're Reading in 2020. We love what we do, and we read about it constantly. Here’s a collection of our favorite cybersecurity blogs and websites from the industry's foremost thought leaders and reporters. #9.
Dark Reading
DECEMBER 28, 2020
Remote Desktop flaws were a patching priority this year as Microsoft distributed fixes and businesses scrambled to protect remote employees.
Threatpost
DECEMBER 28, 2020
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
DECEMBER 28, 2020
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
Security Affairs
DECEMBER 28, 2020
Experts warn of a multi-platform credit card skimmer that can target online stores running on Shopify, BigCommerce, Zencart, and Woocommerce. Security experts have discovered a multi-platform credit card skimmer that can allow threat actors to harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. Researchers from security firm Sansec discovered that the new software skimmer is able to interact with the checkout process on shops running on top of mu
eSecurity Planet
DECEMBER 28, 2020
The movement to the cloud means access to data anywhere, enhanced data recovery, flexibility for collaboration, and less of a burden on IT staff. But, while cloud providers boast that their storage services — or “buckets” — offer added application security , they have also consistently proven vulnerable. A bucket is a virtual storage unit provided and partly maintained by a cloud services provider.
Dark Reading
DECEMBER 28, 2020
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SecurityTrails
DECEMBER 28, 2020
Find out why you should care about attack surface management and what to look for in a perfect ASM solution.
Security Through Education
DECEMBER 28, 2020
Security can be a difficult topic to talk about. This is especially true for organizations combating insider threats. Can social deduction games break the ice? Recently a game called “Among Us” garnered mass popularity across the internet. It’s especially popular among streamers and on video platforms like Twitch and YouTube. The description from the developers tells us to “Join your crewmates in a multiplayer game of teamwork and betrayal!
SecureWorld News
DECEMBER 28, 2020
There is no question, really, that the year 2020 was the biggest year ever for the cloud. And it is forecast to continue growing in 2021. You can make the argument then, that cloud security is more crucial than its ever been. This is why I reached out to Mark Nunnikhoven, Vice President of Cloud Research at Trend Micro, to discuss this topic. During our podcast interview he revealed what he believes is the #1 threat to cloud security as we look ahead.
Spinone
DECEMBER 28, 2020
Having a secure backup is a great way to protect your data from being lost, overwritten, hacked, or compromised in any other way. Besides, IT compliance regulations and standards often require a backup. As an award-winning backup solutions provider, we’d like to overview various G Suite backup options you can use. In this article, we’ll take a look at various tools to back up your G Suite data.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Digital Shadows
DECEMBER 28, 2020
For threat intelligence to really work for organizations, it must… Be easy to use Be easy to integrate Have dependable. The post Top Three SearchLight Updates in 2020 first appeared on Digital Shadows.
The Security Ledger
DECEMBER 28, 2020
Neopets, the virtual pets website has exposed a wide range of sensitive data online including information that might be used to identify site users, security researchers report. The post Update: Neopets Is Still A Thing And Its Exposing Sensitive Data appeared first on The Security Ledger. Related Stories Amid Security Concerns: to Zoom or not to Zoom?
Acunetix
DECEMBER 28, 2020
The year 2020 won’t go down in history as one of the best, for sure. However, it has actually led to some positive developments. Let us take a look at 2020 in the world of web application security, share our own experiences, and point out. Read more. The post 2020 – The Year in Review appeared first on Acunetix.
The Security Ledger
DECEMBER 28, 2020
Neopets, the virtual pets website has exposed a wide range of sensitive data online including information that might be used to identify site users, security researchers report. The post Neopets Is Still A Thing And Its Exposing Sensitive Data appeared first on The Security Ledger. Related Stories Amid Security Concerns: to Zoom or not to Zoom? Episode 168: Application Security Debt is growing and Securing Web Apps in the Age of IoT Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Sho
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Kali Linux
DECEMBER 28, 2020
Many of you may have known about the show Mr Robot and its unique connection to Kali Linux. But there is a little bit more that we have not talked about due to NDAs. But it appears the mystery is over, the red tape has been removed, and we now wanted to take a moment to share it with everyone. We had a relationship with Mr Robot, which started during the filming of the 2nd season.
Schneier on Security
DECEMBER 28, 2020
Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous. Espionage is internationally allowed in peacetime.
The Last Watchdog
DECEMBER 28, 2020
How did we get to this level of disinformation? How did we, the citizens of the United States of America, become so intensely divided? It’s tempting to place the lion’s share of the blame on feckless political leaders and facile news media outlets. However, that’s just the surface manifestation of what’s going on. Related: Let’s not call it ‘fake news’ an y more.
Expert insights. Personalized for you.
182 
Let's personalize your content