Krebs on Security
MARCH 12, 2020
Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.
Troy Hunt
MARCH 12, 2020
I hate dodgy WiFi, hate it with a passion. I finally lost my mind with it a few years ago now so I went and shelled out good money on the full suite of good Ubiquiti gear. I bought a security gateway to do DHCP, a couple of switches for all my connected things, 5 access points for my wireless things and a Cloud Key to control them all. I went overboard and I don't regret it one bit!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 10, 2020
Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out : All this raises a question, though: just how bad is the CIA's security that it wasn't able to keep Schulte out, even accounting for the fact that he is a hacking and computer specialist?
The Last Watchdog
MARCH 11, 2020
Speed is what digital transformation is all about. Organizations are increasingly outsourcing IT workloads to cloud service providers and looking to leverage IoT systems. Related: The API attack vector expands Speed translates into innovation agility. But it also results in endless ripe attack vectors which threat actors swiftly seek out and exploit.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
MARCH 10, 2020
FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kirill V. Firsov was arrested Mar. 7 after arriving at New York’s John F. Kennedy Airport, according to court documents unsealed Monday.
Troy Hunt
MARCH 13, 2020
Geez, where do you even begin given how the world has turned just in the last week? I spend a good quarter hour at the start of this video talking about what I'll be doing, namely getting on with business and running a bunch of public workshops remotely in conjunction with Scott Helme. I felt genuinely excited talking about this; they'll be less than half the price of in-person events, no travel, no accommodation costs and we've both run a heap of these remotely in the past too so this is a pret
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 11, 2020
A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.
Krebs on Security
MARCH 10, 2020
Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup your system(s), and patch your PCs. All told , this patch batch addresses at least 115 security flaws. Twenty-six of those earned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable
The Last Watchdog
MARCH 12, 2020
It comes as no surprise that top cyber crime rings immediately pounced on the Coronavirus outbreak to spread a potent strain of malware via malicious email and web links. Related: Credential stuffing fuels cyber fraud IBM X-Force researchers shared details about how emails aimed at Japanese-speaking individuals have been widely dispersed purporting to share advice on infection-prevention measures for the disease.
Schneier on Security
MARCH 11, 2020
This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city's mayor.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 11, 2020
82% of women in cybersecurity jobs agree the industry has a gender bias problem. Fixing it would not only improve morale and confidence, but also result in an economic boost to the cybersecurity industry.
Krebs on Security
MARCH 7, 2020
The federal agency in charge of issuing.gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own.gov domain. In November’s piece It’s Way Too Easy to Get a.gov Domain Name , an anonymous source detailed how he obtained one by impersonating an official at a small town in Rho
The Last Watchdog
MARCH 9, 2020
Security information and event management systems — SIEMs — have been around since 2005, but their time may have come at last. Related: Digital Transformation gives SIEMs a second wind After an initial failure to live up to their overhyped potential, SIEMs are perfectly placed to play a much bigger role today. Their capacity to ingest threat feeds is becoming more relevant with the rise of IoT (Internet of Things) systems and the vulnerabilities of old and new OT (operational technol
Schneier on Security
MARCH 9, 2020
Robert Chesney teaches cybersecurity at the University of Texas School of Law. He recently published a fantastic casebook, which is a good source for anyone studying this.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MARCH 11, 2020
The Mirai botnet is known for targeting Internet of Things devices and conducting massive DDoS attacks, as described by cyberthreat researcher Check Point Research.
Security Affairs
MARCH 10, 2020
Today Microsoft accidentally leaked info about a new wormable vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol. Today Microsoft accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol. The issue, tracked as CVE-2020-0796 , is pre- remote code execution vulnerability that resides in the Server Message Block 3.0 (SMBv3) network communication protocol, the IT giant will not address the issue a
The Last Watchdog
MARCH 10, 2020
The cybersecurity needs of small- and mid-sized businesses (SMBs) differ from those of large enterprises, but few solutions cater to them. A 2018 Cisco Cybersecurity Special Report found that 54 % of all cyber attacks cost the target company more than $0.5 million — damages that would crush most SMBs. However, smaller companies rarely have the IT talent, tools, or budget to prevent such attacks.
Dark Reading
MARCH 10, 2020
There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MARCH 11, 2020
This year will be a big investment year for 5G for many manufacturers and network operators. Find out what the experts predict will happen next.
Security Affairs
MARCH 9, 2020
Multiple state-sponsored hacking groups are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers. Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688. The experts did not provide details on the threat actors that are exploiting the vulnerability, according ZDNet that cited a DOD source the attackers belong to prominent APT g
Threatpost
MARCH 13, 2020
Organizations are sending employees and students home to work and learn -- but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.
Dark Reading
MARCH 11, 2020
Should you happen to be in a meeting with an ICS vendor, here are some terms you will need to know so as to not be laughed out of the room.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 9, 2020
Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures.
Security Affairs
MARCH 12, 2020
While WHO declares the coronavirus outbreak a pandemic, crooks are attempting to exploit the situation to monetize their efforts. Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware.
Threatpost
MARCH 13, 2020
The APT group was spotted sending spear-phishing emails that purport to detail information about coronavirus - but they actually infect victims with a custom RAT.
Dark Reading
MARCH 13, 2020
Infosec professionals may feel not only fatigued, but isolated, unwell, and unsafe. And the problem may hurt both them and the businesses they aim to protect.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MARCH 10, 2020
The organizers of the popular security conference, RSA, which drew over 36,000 people to San Francisco in February, confirmed that at least two people who attended have tested positive for COVID-19.
Security Affairs
MARCH 7, 2020
A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years. The flaw is currently defined as unpatchable and could be exploited by attackers to bypass hardware-enabled security technology.
Spinone
MARCH 13, 2020
The threat of coronavirus, or COVID-19, continues to scale. Unfortunately, for hackers coronavirus has meant just another opportunity to spread malware through phishing emails. How do they do it and how can you protect yourself? Let’s find out. Coronavirus Phishing Emails Phishing is among the top 5 ways to get ransomware. To initiate a phishing attack, a scammer sends you an email with a malicious link/attachment.
Dark Reading
MARCH 11, 2020
To get back up and running quickly, and because it's cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
364 
Let's personalize your content