Tech Republic Security
SEPTEMBER 2, 2021
The Labor Day holiday could be prime time for more than just barbecues and closing the pool for the year as the open season on ransomware continues.
CSO Magazine
SEPTEMBER 2, 2021
Cybersecurity has steadily crept up the agenda of governments across the globe. This has led to initiatives designed to address cybersecurity issues that threaten individuals and organizations. “Government-led cybersecurity initiatives are critical to addressing cybersecurity issues such as destructive attacks, massive data breaches, poor security posture, and attacks on critical infrastructure,” Steve Turner, security and risk analyst at Forrester, tells CSO.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 2, 2021
After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.
Bleeping Computer
SEPTEMBER 2, 2021
The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
SEPTEMBER 2, 2021
Microsoft's Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data. A key authentication technology that underpins Microsoft Active Directory is Kerberos.
Bleeping Computer
SEPTEMBER 2, 2021
Almost a month after a disgruntled Conti affiliate leaked the gang's attack playbook, security researchers shared a translated variant that clarifies on any misinterpretation caused by automated translation. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
SEPTEMBER 2, 2021
While the cybersecurity industry has made strides in filling the diversity gap, it remains an issue in several aspects, including a lack of female representation. The Women in CyberSecurity (WiCyS) conference, which brings together women and allies from cybersecurity industries, academia, government, nonprofits and research, is part of an effort to change that.
Bleeping Computer
SEPTEMBER 2, 2021
Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware. [.].
Thales Cloud Protection & Licensing
SEPTEMBER 2, 2021
Executive Order About Cybersecurity Urging Zero Trust Adoption. divya. Thu, 09/02/2021 - 07:09. During the 2021 Thales Crypto Summit , which brings together a group of experts to speak about cryptographic and key management to keep organizations secure, President Biden’s Executive Order (EO) was a key point of discussion. Aimed at “Improving the Nation’s Cybersecurity”, the EO was issued on May 12, 2021, which is the starting point by which many of the requirements and due dates are measured.
The State of Security
SEPTEMBER 2, 2021
The FBI and CISA (the Cybersecurity and Infrastructure Security Agency) have jointly issued an advisory to organisations, warning about an increase in the number of attacks coinciding with weekends and holidays. With the Labor Day weekend rapidly approaching, the agencies have reminded businesses to be especially vigilant, remain diligent about their network defences, and “engage […]… Read More.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
SEPTEMBER 2, 2021
The U.S. Department of Justice (DoJ) announced the creation of a cybersecurity fellowship program that will train prosecutors and attorneys to handle emerging national cybersecurity threats. Fellows in the three-year Cyber Fellowship program will investigate and prosecute state-sponsored cybersecurity threats, transnational criminal groups, infrastructure and ransomware attacks and the use of cryptocurrency and money laundering.
Adam Shostack
SEPTEMBER 2, 2021
Hey you! Out there beyond the wall, breaking bottles in the hall, you haven’t removed this feed from your RSS reader! If you add this feed there’s a training discount on my next open training course, kicking off October 11.
CSO Magazine
SEPTEMBER 2, 2021
What is the CDPSE certification? The Certified Data Privacy Solutions Engineer (CDPSE) certification focuses on the implementation of privacy solutions, from both a technical and governance perspective. It is offered by ISACA, a nonprofit professional association focused on IT governance with a number of certifications in its stable, including CISM.
Adam Shostack
SEPTEMBER 2, 2021
Soon, soon we’ll turn off the lights, migrate these posts, and have everything at our shiny new blog at [link]. And if you’re seeing this in an RSS feed, please update to [link]. And by the way, you’ll know you’re in the right place when you see new content about threat modeling and the JoHari Window, and also secret training discounts.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
SEPTEMBER 2, 2021
Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software (NFVIS) vulnerability with public proof-of-concept (PoC) exploit code. [.].
CSO Magazine
SEPTEMBER 2, 2021
If you didn’t think the agriculture and food sector is of national security significance, then the issuance of the Insider Risk Mitigation Guide by the National Counterintelligence and Security Center (NCSC) in conjunction with the Department of Defense’s Center for Development of Security Excellence (CDSE) should be the equivalent of the bat-signal shining over Gotham.
Heimadal Security
SEPTEMBER 2, 2021
The Parliamentary Standing Committee on Home Affairs has recently proposed the banning of VPN services in India, citing threats to cybersecurity. The Committee concluded that VPN apps are easily available tools for enabling “criminals to remain anonymous online.” What’s more, the committee has also proposed to put a check on the use of Virtual Private […].
Security Boulevard
SEPTEMBER 2, 2021
The Australian government has given itself an enormous surveillance tool. Five Eyes means that rules in Oz can be used here, too. The post Secret Govt. Spy Powers Coming Here—via Australia appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
SEPTEMBER 2, 2021
Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip (SoC) circuits from over a dozen vendors. [.].
InfoWorld on Security
SEPTEMBER 2, 2021
Securing web applications is an inherently complex proposition. Spring Security offers Java developers a powerful framework for addressing this need, but that power comes with a steep learning curve. This article offers a concise survey of the essential components behind securing a REST API with Spring Security. We’ll build a simple app that uses a JSON Web Token (JWT) to store the user’s information. [ Also on InfoWorld: How Kubernetes works ].
Bleeping Computer
SEPTEMBER 2, 2021
Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released. [.].
We Live Security
SEPTEMBER 2, 2021
Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users. The post Twitter introduces new feature to automatically block abusive behavior appeared first on WeLiveSecurity.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
SEPTEMBER 2, 2021
A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks.
CyberSecurity Insiders
SEPTEMBER 2, 2021
Today there is no shortage of compliance requirements. There are so many, in fact, that there are billions of dollars spent every year on tools and audits. These regulations have the right goal in mind: protect companies, their intellectual property and their customers. Unfortunately, by the time these laws make it through the government process the attackers have already changed their tactics.
Digital Guardian
SEPTEMBER 2, 2021
The sum, the second highest GDPR fine to date, stems from a 2018 investigation into the company's data privacy practices.
CyberSecurity Insiders
SEPTEMBER 2, 2021
Researchers from UK based University have developed a device to thwart malware based attacks spreading through USB Drives. It is actually an external device that scans for malicious content and alerts a computer admin about the lurking cyber threat. The university that is under discussion is Liverpool Hope University, where a group of security researchers have developed a device that will soon obtain a patent from the Indian Government.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
SEPTEMBER 2, 2021
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.
CyberSecurity Insiders
SEPTEMBER 2, 2021
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) announced this week that they have observed an “increase in highly impactful ransomware attacks occurring on holidays and weekends.”. The REvil ransomware gang knocked JBS Foods’ operations offline over the U.S. Memorial Day weekend. REvil struck again over the U.S.
Security Affairs
SEPTEMBER 2, 2021
Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. Cisco announced the availability of security patches for a critical authentication bypass flaw ( CVE-2021-34746 ) in Enterprise NFV Infrastructure Software (NFVIS) for which proof-of-concept exploit code is already available.
Malwarebytes
SEPTEMBER 2, 2021
WhatsApp was hit with a €225 million fine for violating the General Data Protection Regulation (GDPR), the European Union’s sweeping data protection law that has been in effect for more than three years. The fine represents the highest ever penalty levied by the Irish Data Protection Commission, which serves as the primary data protection authority for WhatsApp and the messaging app company’s parent Facebook, which has its EU headquarters based in Ireland.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
168 
Let's personalize your content