Thu.Oct 14, 2021

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page

187
187
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

AI Driving Foreign Influence, Disinformation and Espionage

Security Boulevard

In early October 2021, director of the NSA and U.S. Cyber Command General Paul Nakasone spoke at the 2021 Mandiant Cyber Defense Summit. In his speech, Nakasone detailed numerous ongoing influence operations and outlined how the entities he commands are tackling nation-state threats.

Recovering Real Faces from Face-Generation ML System

Schneier on Security

New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers.

186
186

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

These Six Security Capabilities Will Keep Applications, Hybrid Environments Secure

CyberSecurity Insiders

By Shira Sagiv, VP of Product at Radware. As employees increasingly worked remotely during the pandemic, businesses quickened their pace toward the cloud. Already, the need for application agility was driving cloud adoption.

REvil ransomware explained: A widespread extortion operation

CSO Magazine

REvil is a ransomware-as-a-service (RaaS) operation that has extorted large amounts of money from organizations worldwide over the past year. Its name stands for Ransomware Evil and was inspired by the Resident Evil movie series.

CSO 112

More Trending

Employee offboarding: Why companies must close a crucial gap in their security strategy

We Live Security

There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe?

FBI warns of ransomware gang – What you need to know about the OnePercent group

CyberSecurity Insiders

This blog was written by an independent guest blogger. The FBI recently published a warning stating that ransomware gang OnePercent Group has been attacking companies in the US since November 2020.

Broadcom Software's Symantec Threat Hunter Team discovers first-of-its-kind ransomware

Tech Republic Security

The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it's dangerous

Blackswan vulnerability puts billions of Windows Systems to risk

CyberSecurity Insiders

A discovery of seven zero day vulnerabilities in Microsoft Windows Operating System has reportedly put billions of PC users to risk. And reports are in that the bug/s have existed in the wild since 2007, the time when the Satya Nadella led company released the Vista version of its Windows OS.

Risk 103

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Digging Deep Into the Top Security Certifications

Dark Reading

When it comes to technical certifications, which ones pay off so you can get that infosec job or more money for the one you're already doing

What Would You Say to the CEO about Hiring for the Cloud?

CyberSecurity Insiders

We asked CISSPs and CSSPs around the world, “If you could say anything to your CEO about hiring for the cloud, what would it be?”. Respondents said one of the biggest challenges facing cloud specialists and senior executives in the C-suite is the difference in what each side holds as priority.

How shape-shifting threat actors complicate attack attribution

CSO Magazine

The already difficult task of attributing a cybersecurity attack to a particular threat actor is made harder by the shape-shifting nature of threat groups. Despite the best efforts of researchers, some attackers may never be identified.

How a vishing attack spoofed Microsoft to try to gain remote access

Tech Republic Security

A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer

Olympus suffers another Ransomware Attack within a month

CyberSecurity Insiders

Sounds strange! But Japan-based Camera manufacturer Olympus has released a press statement that its IT staff have observed a potential cyber attack on its IT systems on October 10th,2021 and have taken measures to contain it.

The Human Element Is the Weakest Link

Dark Reading

While the recent Facebook outage was a major inconvenience, the impact of leaked business operations documents is a much bigger issue than being down for a few hours

91

For the first time, an Israeli hospital was hit by a major ransomware attack

Security Affairs

The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel’s National Cyber Directorate as a “major” attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted the system of the hospital.

Media 86

How Security Teams Can Reinforce End-User Awareness

Dark Reading

Training programs provide the information, but security teams can reinforce these for better end-user education

Apple Says iPhone Users are Stupid

Security Boulevard

Apple wants lawmakers to know that sideloading apps is dangerous, and that its droolingly dim customers can’t be trusted. The post Apple Says iPhone Users are Stupid appeared first on Security Boulevard.

Practicing The Basics Makes You Safer and More Secure

StaySafeOnline

The post Practicing The Basics Makes You Safer and More Secure appeared first on Stay Safe Online

81

The XDR Solution to the Ransomware Problem

Cisco Retail

During a ransomware attack, it is critical to detect and respond early and quickly. By decreasing your mean time to detection in identifying the attacker’s behavior, your security team can quickly investigate and respond timely to prevent a ransomware incident.

Since 2020, at least 130 different ransomware families have been active

Security Affairs

The popular Google’s VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples that have been uploaded from 140 countries worldwide.

Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

The Hacker News

Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.

New Yanluowang ransomware used in highly targeted attacks on large orgs

Security Affairs

Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises.

DDOS 76

Enterprise Data Storage Environments Riddled With Vulnerabilities

Dark Reading

Many organizations are not properly protecting their storage and backup systems from compromise, new study finds

How to configure SSH to use a non-standard port with SELinux set to enforcing

Tech Republic Security

Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. But when SELinux is involved, you have to take a few extra steps. Jack Wallen shows you how

107
107

WhatsApp made available end-to-end encrypted chat backups

Security Affairs

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats.

Microsoft releases Linux version of the Windows Sysmon tool

Bleeping Computer

Microsoft has released a Linux version of the very popular Sysmon system monitoring utility for Windows, allowing Linux administrators to monitor devices for malicious activity. [.]. Microsoft Linux Security Software

8 Beginner Tips To Elevate Your Gaming Skills [From A Game Addict]

SecureBlitz

This post will show you beginner tips to elevate your gaming skills… Many video games are very challenging and demanding. That’s why you must hone your skills to match the requirements.

Analysis of 80 million ransomware samples reveals a world under attack

The State of Security

VirusTotal's first Ransomware Activity Report reveals that it received ransomware submissions from 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020. Read more in my article on the Tripwire State of Security blog.

Microsoft Azure Attack Illustrates Ongoing DDoS Threats

eSecurity Planet

Officials with Microsoft’s Azure public cloud said the company in late August was able to stave off a record distributed denial-of-service (DDoS) attack against a European customer that originated in the Asia-Pacific region. The attack, which hit 2.4

DDOS 73

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021.

Watch out for tenants living off your land

Security Boulevard

The cyberworld has witnessed and defended against several forms of attacks. Some of the most common ones known to disrupt a network include credential stealing, malware installations, worms and viruses, and insider threats. In order to execute these attacks successfully, ….

Adblocker promises to blocks ads, injects them instead

Malwarebytes

Researchers at Imperva uncovered a new ad injection campaign based on an adblocker named AllBlock. The AllBlock extension was available at the time of writing for Chrome and Opera in the respective web stores.

Adware 102

Microsoft confirms new Windows 11 printer installation issues

Bleeping Computer

Microsoft has confirmed new Windows 11 known issues which cause printers installation fails on systems commonly found in enterprise environments. [.]. Microsoft

101
101