Krebs on Security
NOVEMBER 3, 2020
Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K. Milleson , 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A.
Javvad Malik
NOVEMBER 3, 2020
We’re all honest and good people… well, at least most of us are. From a young age, we’re taught to always tell the truth and to never lie. However, our inherent honesty can be our own worst enemy when it comes to cybersecurity. We use our real names on sites, we upload our photos and share our holiday plans. Now, I’m not advocating that we create a fictitious life online and don’t share anything.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
NOVEMBER 3, 2020
My post “Why is Threat Detection Hard?” proved to be one of the most popular in recent history of my new blog. In this post, I wanted to explore a seemingly obvious, while surprisingly fascinating aspect of detection: uncertainty. Uncertainty? Are you sure, Anton? :-) Well, maybe ! Let’s start our journey with exploring the classic fallacy, “if you can detect [the threat], why can’t you prevent it?
Tech Republic Security
NOVEMBER 3, 2020
Ensure apps can only access the photos and albums that you designate by using the new limited photos picker in iOS 14.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
NOVEMBER 3, 2020
A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.
Tech Republic Security
NOVEMBER 3, 2020
Mac users can do more than just compress files using WinZip Mac 8 Pro. The program also assists with creating backups and encrypting sensitive files, among other features.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
NOVEMBER 3, 2020
The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained a code for establishing backdoors on the computers of the programmers.
Threatpost
NOVEMBER 3, 2020
Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.
Security Affairs
NOVEMBER 3, 2020
Adobe has addressed 14 vulnerabilities in its Acrobat products, including critical flaws that can be exploited by attackers for arbitrary code execution. Adobe has addressed 14 vulnerabilities in its Acrobat products, including critical flaws that can be exploited by attackers for arbitrary code execution. The vulnerabilities impact the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017. “Adobe has released
McAfee
NOVEMBER 3, 2020
There are new and expanding opportunities for women’s participation in cybersecurity globally as women are present in greater numbers in leadership. In recent years, the international community has recognized the important contributions of women to cybersecurity, however, equal representation of women is nowhere near a reality, especially at senior levels.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
NOVEMBER 3, 2020
Google released Chrome 86.0.4240.183 for Windows, Mac, and Linux to fix 10 security vulnerabilities, including an RCE zero-day exploited in the wild. Google has released Chrome 86.0.4240.183 for Windows, Mac, and Linux that address ten security vulnerabilities including a remote code execution (RCE) zero-day (CVE-2020-16009) exploited by threat actors in the wild.
Threatpost
NOVEMBER 3, 2020
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds.
Security Affairs
NOVEMBER 3, 2020
Russian cybercriminal Aleksandr Brovko has been sentenced to eight years in jail for his role in a botnet scheme that caused at least $100 million in financial damage. . The Russian cybercriminal Aleksandr Brovko (36) has been sentenced to eight years in jail for his role in a sophisticated botnet scheme that caused at least $100 million in financial damage. .
Threatpost
NOVEMBER 3, 2020
The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
NOVEMBER 3, 2020
A sophisticated threat actor, tracked as UNC1945, has been observed exploiting vulnerabilities in the Oracle Solaris operating systems for over two years. Researchers from FireEye reported that a sophisticated threat actor, tracked as UNC1945, has been observed targeting Oracle Solaris operating systems for over two years. The codename “UNC” used to track the group is used by FireEye for uncategorized groups.
Dark Reading
NOVEMBER 3, 2020
Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.
WIRED Threat Level
NOVEMBER 3, 2020
Plenty of hours remain. But so far, the worst-case scenarios about ransomware and other meltdowns have seemingly not come to pass.
Dark Reading
NOVEMBER 3, 2020
This year has been the ultimate test of business resilience, and if anything is now clear, it's this: It's time for security pros to rewrite their playbooks in preparation a more dangerous wave of attacks.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
NOVEMBER 3, 2020
Aussie firm Isentia said "remediation and foregone revenue" could total $8.5 million AUS or more.
Dark Reading
NOVEMBER 3, 2020
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.
Security Through Education
NOVEMBER 3, 2020
It’s pitch black. A car speeds through the desert with no headlights, desperately trying to outpace the armed guards in the vehicles behind. A sharp left turn takes the car barreling in a new direction, out of grasp of the guards. “STOP!” yells the passenger. The driver slams on the breaks just in time to avoid plummeting down the cliff only inches ahead.
Dark Reading
NOVEMBER 3, 2020
Critical infrastructure remains a high-value target, but 90% of nation-states also attack other industry sectors.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Threatpost
NOVEMBER 3, 2020
The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit.
Dark Reading
NOVEMBER 3, 2020
In "curious" trend, more threat actors diversified their tool sets in third quarter than usual.
Security Weekly
NOVEMBER 3, 2020
The post Sysmon Endpoint Monitoring: Do You Really Need an EDR? appeared first on Security Weekly.
Dark Reading
NOVEMBER 3, 2020
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CompTIA on Cybersecurity
NOVEMBER 3, 2020
During Cybersecurity Awareness Month, CompTIA podcasts tackled a range of related topics—from navigating how tech firms are meeting new security challenges to the world of cybercrimes and more. Find out what we overheard in October.
Dark Reading
NOVEMBER 3, 2020
The address space for Verisign Public DNS will be incorporated into Neustar's UltraDNS Public service following the acquisition.
SecureWorld News
NOVEMBER 3, 2020
A Russian national recently received eight years in prison for his role in operating a complicated scheme to steal and send sensitive personal and financial information that resulted in an estimated loss of over $100 million. He worked with other cybercriminals to monetize data which had been stolen through "botnets," which are networks of infected computers.
Dark Reading
NOVEMBER 3, 2020
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
294 
Let's personalize your content