Schneier on Security
JULY 29, 2021
A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched. The teen was not allowed to reboard. I can’t find any information about whether he was charged with any of those vague “terrorist threat” crimes.
Tech Republic Security
JULY 29, 2021
DEF CON 29 sold out of virtual passes, so tuning in on Twitch and Discord are the best options for attending online this year.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JULY 29, 2021
The US National Security Agency (NSA) today published guidance on how to properly secure wireless devices against potential attacks targeting them when traveling or working remotely. [.].
Tech Republic Security
JULY 29, 2021
A report from Barracuda Networks also identifies attack risks associated with various roles throughout a company ranging from CEOs and IT departments to employees in sales.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CSO Magazine
JULY 29, 2021
Cyberattacks are so sophisticated these days that even with the best education and training, employees inadvertently click links or download documents that look all too real. Furthermore, systems are often configured to allow downloads or macros that contain malicious files because employees use these applications and documents to do their everyday work, from wherever they may be working.
Tech Republic Security
JULY 29, 2021
After a year of WFH, companies are offering a mixed bag of flexible work arrangements. In the hybrid work era, the traditional office is getting a makeover to assist workers on-site and elsewhere.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JULY 29, 2021
Right now supply-chain vendors are a prime target for cybercriminals. One expert offers ways to remove the bullseye from supply vendors.
SecurityTrails
JULY 29, 2021
A while back, SecurityTrails announced that they would be running a contest dubbed "Recon Master". The aim of the game is to find hostnames that resolve to an IPv4 address that are not already found by SecurityTrails.
Security Affairs
JULY 29, 2021
A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.
CSO Magazine
JULY 29, 2021
It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, online shopping, or app and software usage.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
JULY 29, 2021
This blog post was authored by Hossein Jazi. On July 21, 2021, we identified a suspicious document named “????????.docx” (“Manifest.docx”) that downloads and executes two templates: one is macro-enabled and the other is an html object that contains an Internet Explorer exploit. While both techniques rely on template injection to drop a full-featured Remote Access Trojan, the IE exploit (CVE-2021-26411) previously used by the Lazarus APT is an unusual discovery.
Quick Heal Antivirus
JULY 29, 2021
There’s a rise in ransomware attacks, and they’re becoming deadlier and more dangerous than ever! A report by. The post Mitigating Ransomware Attacks: How to keep you and your family safe appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Bleeping Computer
JULY 29, 2021
A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS). [.].
Malwarebytes
JULY 29, 2021
In a revision of KnowledgeBase article KB5005413 , Microsoft has provided more elaborate mitigation instructions for the PetitPotam attacks that were disclosed a week ago. PetitPotam is the name for an attack method using a bug that was found by a security researcher who also published a proof-of-concept (PoC) exploit code. The attack could force remote Windows systems to reveal password hashes that could then be easily cracked.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
JULY 29, 2021
The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. The Haron malware was first described by the South Korean security firm S2W Lab, three day after a first sample of the ransomware was uploaded to VirusTotal (July 19).
CSO Magazine
JULY 29, 2021
Cloud workloads, deployed into highly dynamic environments, typically use and coexist with a wide range of cloud providers and third-party platforms and services. The workloads themselves can be built for cloud platforms, consist of serverless applications, or be designed for on-premises data centers and later migrated to the cloud. Workloads might run unchanged for weeks or months, or only exist for a few seconds.
Cisco Security
JULY 29, 2021
Every organization regardless of size, budget or area of focus should have some form of a security operation center (SOC). When I use the term “Security Operations Center”, many people imagine a dedicated team with expensive tools and a room full of monitors. That image can be a SOC, but it is not always the case. A SOC can just be one person or multiple groups of people spread across the globe.
CSO Magazine
JULY 29, 2021
As more organizations reopen their offices to employees, many are still offering remote work as an option, with a new ‘work from anywhere’ model becoming the reality for the foreseeable future. The nature of flexibility in this work model leaves organizations with a new dilemma: how can they secure employees, regardless of location, and still protect their data and critical infrastructures while also achieving high performance?
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Thales Cloud Protection & Licensing
JULY 29, 2021
Talking Trust With Venafi. madhav. Thu, 07/29/2021 - 08:43. One of the hottest security topics in recent memory is that of “Zero Trust”. While some may argue that it has reached cliché status, that would only be true if everyone established zero trust as a standard operating procedure. One area that exhibits a clear gap in zero trust is with key protection.
CyberSecurity Insiders
JULY 29, 2021
According to a report from Sky News, a UK based Aerospace company was targeted by a phishing attack, where a top official from the company was befriended by an Iranian hacker in disguise of a beautiful Aerobics Instructor named Marcella Flores. The highlight of this saga was that the hacker siphoned some classified documents related to the company that included fighter jet designs and some information related to the control and management of the fighter jet.
Bleeping Computer
JULY 29, 2021
Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails luring recipients to malicious links. [.].
eSecurity Planet
JULY 29, 2021
Social engineering is a common technique that cybercriminals use to lure their victims into a false sense of security. Usually, social engineering involves impersonation, deception, and psychological manipulation that ultimately creates an environment where a victim feels either comfortable or pressured to share sensitive information or perform a specific action.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CSO Magazine
JULY 29, 2021
Many organizations are challenged with the evolving threat landscape, which continues to become much more sophisticated and harder to manage with isolated point products and disparate services. With the proliferation of new devices and billions of edges, customers are wanting technology solutions that are tied to integrated security services, helping to reduce the complexity of solution and services sprawl.
Webroot
JULY 29, 2021
Webroot put forward another strong performance in its latest round of independent third-party testing, besting all competitors and taking home the highest overall score. In taking the highest score in the category for 2021, Webroot beat out competitors including BitDefender , McAfee® and ESET® endpoint security solutions. In the report, the company conducted objective testing of nine endpoint security products, including Webroot® Business Endpoint Security.
We Live Security
JULY 29, 2021
Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can - willingly or unwitingly - pose. The post Tackling the insider threat to the new hybrid workplace appeared first on WeLiveSecurity.
Graham Cluley
JULY 29, 2021
Pygmy hippopotamus bugs, DEF CON's data slip-up, and phishing fraudsters have their collars felt. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Paul Ducklin.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JULY 29, 2021
Business email compromise (BEC) refers to all types of email attacks that do not have payloads. Although there are numerous types, there are essentially two main mechanisms through which attackers penetrate organizations utilizing BEC techniques, spoofing and account take-over attacks.
Identity IQ
JULY 29, 2021
Just about any type of payment you make can be done without paper checks these days. You can pay your bills through online portals, shop with credit cards or mobile payment apps and send money to your friends and family with Venmo or Zelle. But many people and businesses still rely on paper checks in the mail to do business, at least some of the time.
Security Boulevard
JULY 29, 2021
Concern over secure access to data has led to significant adoption of cloud identity management solutions, specifically identity-as-a-service (IDaaS), to ensure that people accessing applications are who they say they are–that is, to authenticate their identity. However, IDaaS solves only half the problem. Privacy regulations require that we ensure only the right people have access.
Threatpost
JULY 29, 2021
There are patches or remediations for all of them, but they're still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do?
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
310 
Let's personalize your content