Schneier on Security
JUNE 22, 2021
At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” That’s basically its private version of onion routing , which is what Tor does. Privacy Relay is built into both the forthcoming iOS and MacOS versions, but it will only work if you’re an iCloud Plus subscriber and you have it enabled from within your iCloud settings.
Tech Republic Security
JUNE 22, 2021
The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Hot for Security
JUNE 22, 2021
A bizarre bug has been discovered in iOS that can cause an iPhone to crash when it attempts to join a Wi-Fi network with a particular name. What’s the offending name? Well, I don’t want to put it in the text of this article in case some readers are curious enough to try it out for themselves. So, here it is as an image: Security researcher Carl Schou stumbled across the problem, and tweeted a vido of his iPhone getting in a mighty muddle when trying to connect to a Wi-Fi hotspot with
Tech Republic Security
JUNE 22, 2021
Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JUNE 22, 2021
Today, Brave launched their non-tracking privacy-centric search engine to bring another alternative to finding the information you want on the web without giving up your data. [.].
Security Affairs
JUNE 22, 2021
DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Researchers from Avast are warning of the rapid growth of the DirtyMoe botnet ( PurpleFox , Perkiler , and NuggetPhantom ), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JUNE 22, 2021
New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. [.].
CyberSecurity Insiders
JUNE 22, 2021
Nuclear research data from a South Korean organization is suspected to have been stolen by a hacker’s gang from North Korea. And reports are in that the information steal might be attributed to a cyber crooks group hailing from Pyeongyang dubbed as APT Group Kimsuky. . Cybersecurity Insiders has learned that the nuclear facility that was infiltrated is Korea Atomic Energy Research Institute (KAERI) and the attacked group named Kimsuky is said to be targeting the IT infrastructure of the said or
Security Boulevard
JUNE 22, 2021
Ransomware payments are deductible, say tax experts: That’s the shocking finding from a recent investigation. The post Ransomware and the Tax Code’s Perverse Incentive appeared first on Security Boulevard.
The Hacker News
JUNE 22, 2021
Cybersecurity researchers have disclosed a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JUNE 22, 2021
The Colonial Pipeline attack was yet another reminder that critical infrastructure is in desperate need of stronger security. The attack is one of the most recent victims of cyberattacks on critical infrastructure; the phenomenon is not new, nor is it confined to the U.S. Critical infrastructure is essential to the security of any given nation, The post Critical Infrastructure is Missing Something Critical appeared first on Security Boulevard.
Security Affairs
JUNE 22, 2021
Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. A group of researchers from Adana Science and Technology University (Turkey) and the National University of Science and Technology (Islamabad, Pakistan) has developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones.
SecurityTrails
JUNE 22, 2021
In this candid interview with Ben Sadeghipour aka NahamSec, we discuss the topic of mental health in cybersecurity, his future pursuits, favorite moments from NahamCon and much more.
PCI perspectives
JUNE 22, 2021
Sherri Collis spent most of her career as the lone female in the conference room, occupying roles more regularly filled by men. She was overlooked for training opportunities. She was passed up for promotions. But these experiences only fueled her drive to achieve success. In this edition of our blog, Sherri explains that, contrary to popular belief, women do not need to have 100% of the qualifications to do the job and still be successful.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Hot for Security
JUNE 22, 2021
The ongoing vaccination campaigns and easing of travel restrictions have encouraged millions of people to prepare for a relaxing vacation after months of lockdown and social distancing. Don’t cut your vacation short by neglecting to secure your devices and personal data, and save yourself the headache of losing access to your accounts or finances. Before departure.
Security Affairs
JUNE 22, 2021
Belgium city of Liege has suffered today a ransomware attack that has disrupted the IT network of the municipality and its online services. Liege, one of the biggest cities in Belgium, was hit by a ransomware attack that has disrupted the IT network of the municipality and its online services. “The City of Liège is currently the victim of a large-scale targeted computer attack, obviously of a criminal nature.” reads the status page published by the city. “The City of Liège, sur
Bleeping Computer
JUNE 22, 2021
This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers' workstations into cryptomining machines. [.].
CSO Magazine
JUNE 22, 2021
More cloud computing solutions, remote and work-from-home systems and internet-connected devices increase risk from an expanded attack surface. The best way to reduce the number of vulnerabilities is to establish a proper enterprise attack surface management program. [ Learn the 7 keys to better risk assessment. | Get the latest from CSO by signing up for our newsletters. ].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JUNE 22, 2021
When it comes to evaluating technology in the home, there seems to be no shortage of new devices and shiny gadgets, mainly part of the Internet of Things (IoT), to discuss. Unfortunately, there seems to be no shortage of security issues to consider regarding these same devices, either. It’s not uncommon to hear of “virtual […]… Read More. The post Voice-Activated Device Privacy: What You Need to Know appeared first on The State of Security.
Bleeping Computer
JUNE 22, 2021
Peloton has now introduced a $39.99 monthly subscription fee for its high-end treadmill product line called Tread+. This has left many customers surprised and angered considering Tread+ retails for $3,000 already. The company has cited "safety and well-being" as a reason for introducing the membership fee. [.].
Security Boulevard
JUNE 22, 2021
Many organizations are turning to artificial intelligence (AI) and machine learning (ML) to boost their cybersecurity systems, but you mostly hear about how AI is used to monitor networks and perform the time-consuming tasks that are overwhelming for humans. But as more of the workforce relies on mobile devices for completing tasks, there is a. The post Adding AI/ML to Mobile Security appeared first on Security Boulevard.
The State of Security
JUNE 22, 2021
Back in September 2020, I configured a SonicWall network security appliance to act as a VPN gateway between physical devices in my home lab and cloud resources on my Azure account. As I usually do with new devices on my network, I did some cursory security analysis of the product and it didn’t take long […]… Read More. The post Analyzing SonicWall’s Unsuccessful Fix for CVE-2020-5135 appeared first on The State of Security.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
JUNE 22, 2021
Over the last few years, leaked data from some of the most devastating cyberattacks has found its way onto the Dark Web, a trend that seems to be increasing with the notable rise in double extortion ransomware attacks. Ransomware attack tools are routinely used to carry out these attacks. Every day [.]. The post Anonymous Ransomware Attack Tools appeared first on Security Boulevard.
Tech Republic Security
JUNE 22, 2021
It's not "if" but "when" you'll be attacked, cybersecurity expert says. Checking on your data and backups is something businesses should do regularly.
Security Boulevard
JUNE 22, 2021
Splunk, after its recent announcement of intent to acquire TruSTAR to gain access to a cybersecurity analytics tool, today launched a security operations center (SOC) delivered as a cloud service. Jane Wong, vice president of product management for security at Splunk, said the Splunk Security Cloud combines analytics enabled by machine learning algorithms, threat intelligence.
Security Affairs
JUNE 22, 2021
DarkRadiation is a new strain of ransomware implemented in Bash that targets Linux and Docker cloud containers and leverages Telegram for C2. Trend Micro researchers spotted a new strain of ransomware, dubbed DarkRadiation, which is writted in Bash script and target Linux distributions (Red Hat/CentOS and Debian) and Docker cloud containers. The ransomware uses OpenSSL’s AES algorithm with CBC mode to encrypt files and leverages Telegram’s API for C2 communications.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JUNE 22, 2021
U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. Tracked from CVE?2021?34372 through CVE?2021?
Security Boulevard
JUNE 22, 2021
McDonald’s becomes the latest fast-food chain to suffer a data breach Not so long ago, Domino’s India suffered a cyber attack where personal data related to 18 crore orders were exposed online. This time another food chain company has suffered a cyber attack, the giant McDonald’s. According to The Wall Street Journal, the giant fast-food […]. The post Data Breach: Bye Domino’s, Hello There McDonald’s!
Bleeping Computer
JUNE 22, 2021
Microsoft has released the optional KB5003690 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. [.].
Security Boulevard
JUNE 22, 2021
The past 18 months – from the rapid adoption of remote working, innovative new technologies being trialed and tested the world over, to pandemic-fueled emotions – have been the perfect conditions for cybercrime to thrive. Cybercriminals have shown no sign of slowing down in 2021 and, as we approach the halfway point and the gradual […]. The post The threat landscape in 2021 (so far) appeared first on Blueliv.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
276 
Let's personalize your content