Krebs on Security
NOVEMBER 17, 2020
An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.
Adam Levin
NOVEMBER 17, 2020
The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster. With this in mind, all eyes should be on Black Friday. According to Adobe Analytics’ recent holiday forecast , online sales are projected to surge 33% year over year to a record $189 billion as “Cyber-week turns to Cyber-months” amid the ongoing COVID-19 pandemic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Shostack
NOVEMBER 17, 2020
There’s a threat modeling manifesto being released today by a diverse set of experts and advocates for threat modeling. We consciously modeled it after the agile manifesto and it’s focused on values and principles. Also, there’s a podcast that gives you a chance to listen, behind-the-scenes at The Threat Modeling Manifesto – Part 1.
Tech Republic Security
NOVEMBER 17, 2020
If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
NOVEMBER 17, 2020
In May 2019, Microsoft disclosed the BlueKeep vulnerability, more than a year later over 245,000 Windows systems still remain unpatched. Over a year ago Microsoft Patch Tuesday updates for May 2019 addressed nearly 80 vulnerabilities, including the BlueKeep flaw. The issue is a remote code execution flaw in Remote Desktop Services (RDS) that can be exploited by an unauthenticated attacker by connecting to the targeted system via the RDP and sending specially crafted requests.
Tech Republic Security
NOVEMBER 17, 2020
A key member of the now-defunct Essential company has returned, and privacy is his goal. Jack Wallen digs in to try and make sense of what's to come with OSOM.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Threatpost
NOVEMBER 17, 2020
Attackers can exploit the feature and send people’s data directly to remote servers, posing a privacy and security risk, researchers said.
Security Affairs
NOVEMBER 17, 2020
Researchers spotted a new China-linked APT, tracked as FunnyDream that already infected more than 200 systems across Southeast Asia. Security experts at BitDefender have uncovered a new China-linked cyber espionage group, tracked as FunnyDream that has already infected more than 200 systems across Southeast Asia over the past two years. According to Kaspersky Lab , FunnyDream has been active at least since 2018 and targeted high-profile entities in Malaysia, Taiwan and the Philippines.
Dark Reading
NOVEMBER 17, 2020
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
Threatpost
NOVEMBER 17, 2020
Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
NOVEMBER 17, 2020
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.
Threatpost
NOVEMBER 17, 2020
After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.
Security Affairs
NOVEMBER 17, 2020
The popular video conferencing application Zoom implemented the new “At-Risk Meeting Notifier” feature to warn of Zoombombing threat. Zoom announced the launch a new feature dubbed “At-Risk Meeting Notifier” to warn conference organizers of potential Zoombombing attacks. The feature scans the web for links to Zoom meetings that have been posted online and warn organizers of the risk of Zoombombing attack. “The At Risk Meeting Notifier scans public posts on social me
Threatpost
NOVEMBER 17, 2020
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
NOVEMBER 17, 2020
Boffins devised a new attack, dubbed VoltPillager , that can break the confidentiality and integrity of Intel SGX enclaves by controlling the CPU core voltage. A group of six researchers from the University of Birmingham has devised a new attack technique, dubbed VoltPillager , that can break the confidentiality and integrity of Intel Software Guard Extensions (SGX) enclaves by controlling the CPU core voltage.
Threatpost
NOVEMBER 17, 2020
The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.
Security Affairs
NOVEMBER 17, 2020
Cisco released multiple advisories related to security issues in Cisco Security Manager (CSM) that affect the recently released 4.22 version. Cisco published multiple security advisories related to critical vulnerabilities affecting the Cisco Security Manager (CSM), including the recently released version 4.22. Cisco Security Manager provides a comprehensive management solution for CISCO devices, including intrusion prevention systems and firewall.
Threatpost
NOVEMBER 17, 2020
Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
NOVEMBER 17, 2020
The Pluton security processor will give the software giant an even more prominent role in locking down Windows hardware.
Threatpost
NOVEMBER 17, 2020
This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population.
Dark Reading
NOVEMBER 17, 2020
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security.
Thales Cloud Protection & Licensing
NOVEMBER 17, 2020
Secure, Efficient Cloud Data Protection. sparsh. Wed, 11/18/2020 - 05:57. I’m limiting this discussion to public clouds, in particular Infrastructure as a Service and Platform as a Service (IaaS and PaaS), because these are the cloud consumption models where you have choices in data protection. With Software as a Service, you are wholly dependent on the provider for data protection in their cloud/service.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
NOVEMBER 17, 2020
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
WIRED Threat Level
NOVEMBER 17, 2020
The blockbuster game of deception has security holes that let cheaters run wild.
Dark Reading
NOVEMBER 17, 2020
Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.
Security Affairs
NOVEMBER 17, 2020
Hackers are scanning the Internet for WordPress websites with Epsilon Framework themes installed to launch Function Injection attacks. Experts at the Wordfence Threat Intelligence team uncovered a large-scale wave of attacks targeting reported Function Injection vulnerabilities in themes using the Epsilon Framework. Below a list of themes and related versions that are vulnerable to the above attacks: Shapely <=1.2.7 NewsMag <=2.4.1 Activello <=1.4.0 Illdy <=2.1.4 Allegiant <=
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
NOVEMBER 17, 2020
While the number of enterprises that hold cyber insurance might not have increased significantly over the past year, the number of enterprises that have successfully filed a breach insurance claim has.
SecureWorld News
NOVEMBER 17, 2020
Do any of those crazy Ticketmaster fees help fund cybersecurity at the company? That's unclear. However, we do know i t failed at cybersecurity in several ways and it must now pay a seven-figure fine. The Information Commissioner’s Office (ICO) in the UK announced its findings along with a fine equivalent to $1.6 million. The Ticketmaster UK Data Breach Investigation.
Dark Reading
NOVEMBER 17, 2020
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
Kali Linux
NOVEMBER 17, 2020
We find ourselves in the 4th quarter of 2020, and we are ecstatic to announce the release of Kali Linux 2020.4 , which is ready for immediate download or updating. What’s different with this release since 2020.3 in August 2020 is: ZSH is the new default shell - We said it was happening last time, Now it has. ZSH. Is. Now. Default. Bash shell makeover - It may not function like ZSH, but now Bash looks like ZSH.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
329 
Let's personalize your content