Schneier on Security
AUGUST 6, 2021
Fascinating research: “ Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information.
Daniel Miessler
AUGUST 5, 2021
I’ve always been fascinated by security that was “just good enough” I think lots of security actually qualifies (see The News), but I think fencing (and maybe bike locks) take first prize. As a kid I used to love breaking into stuff. Nighttime construction sites. Abandoned buildings. Whatever. And the older I got the more I started paying attention to how silly most fences are.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 31, 2021
The plan this week was to do a super simple update whilst having some time out. In the back yard, sun shining, iPad, Air Pods, all good. Mostly all good - the sound quality on those Air Pods is absolute rubbish. I don't if that's a general truism or there's just something amiss with mine, but the constant fading out is extremely frustrating and I apologise for the sound quality not being up to expectations.
Tech Republic Security
AUGUST 3, 2021
As more companies are considering the shift to a fully or hybrid remote workforce, accelerating plans to acquire digital and cloud services to address increasing cybersecurity risks is necessary.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
AUGUST 3, 2021
Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted. […].
Bleeping Computer
AUGUST 4, 2021
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 4, 2021
Companies are pulling out all of the stops to attract top talent in a tight labor market. These tips could help companies attract and retain cybersecurity pros in the months ahead.
Schneier on Security
AUGUST 2, 2021
Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […]. The satellite can detect and characterise any rogue emissions, enabling it to respond dynamically to accidental interference or intentional jamming.
Bleeping Computer
JULY 31, 2021
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver. [.].
CyberSecurity Insiders
AUGUST 6, 2021
By Natalie Hays, Mailgun by Pathwire. Phishing is pretty awful, whether you fall for a phishing attempt or have phishers pose as you. But how does phishing really happen and, even more importantly, how do you protect yourself? The first 48 hours – phishing edition. Phishing starts with well… the phishing. Someone sends out the attempt, sometimes posing as us, sometimes as a long-lost relative who just got a massive sum of money from an inheritance.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
AUGUST 5, 2021
New analysis includes salary data, cost of living and how easy it is to find a job and identifies cities with the best pay and the most open positions.
Schneier on Security
AUGUST 5, 2021
The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California.
Bleeping Computer
AUGUST 2, 2021
Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. [.].
Google Security
AUGUST 3, 2021
Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway, you're not sprayed in the face with oil and gasoline, and you quickly get where you want to go. However, in the face of failure, the car may end up on fire, flying off a cliff.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
AUGUST 3, 2021
Protecting systems from bad actors is essential, but all the firewalls in the world are useless against the modern hacker who targets human weaknesses instead of digital ones.
Schneier on Security
AUGUST 6, 2021
It’s sold out , but the pictures are cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Malwarebytes
AUGUST 3, 2021
While you read these words, the chances are that somebody, somewhere, is trying to break in to your computer by guessing your password. If your computer is connected to the Internet it can be found, quickly, and if it can be found, somebody will try to break in. And it isn’t like the movies. The criminal hacker trying to guess your password isn’t sat in a darkened room wondering which of your pets’ names to type on their keyboard.
Security Boulevard
AUGUST 3, 2021
Data laundering, like money laundering, is the act of acquiring data through an illegal means—whether that’s the dark web or a hacked/stolen database—and then taking that data and running it through a legitimate business or process in order to make the data seem authentic. As both customer bases and companies adapt to modern technologies and. The post Data Laundering Poses Privacy, Security Risks appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
AUGUST 2, 2021
Leading a team is kind of like when a burglar alarm goes off and "you're the police," says the head of cybersecurity at ExpressVPN.
Bleeping Computer
AUGUST 5, 2021
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks. [.].
Heimadal Security
AUGUST 6, 2021
Conti Ransomware operation is known as a ransomware-as-a-service (RaaS). As thoroughly explained by Vladimir, Ransomware-as-a-Service is an illicit ‘parent-affiliate(s)’ business infrastructure, in which operators give tools to affiliates with the goal of carrying out ransomware attacks. A security researcher recently shared a forum post that was created by an angry Conti affiliate.
Security Boulevard
AUGUST 2, 2021
As vulnerabilities are discovered, advisories are issued, remedies and mitigations are shared and then the onus is on the end user and/or company to do what’s necessary to close the window into their infrastructure. That is what happens in a perfect world, where CISOs and CIOs have fully collaborative relationships with operations and when the.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
AUGUST 4, 2021
Companies in the U.S. were targeted more than those in any other country, according to Accenture's Cyber Incident Response Update.
CyberSecurity Insiders
AUGUST 2, 2021
Florida Department of Economic Opportunity (DEO) has hit the news headlines for becoming a victim of a cyber attack that led to data breach of over 57,900 claimant accounts seeking unemployment benefits. Highly placed sources say that the security breach was related to Reemployment Assistance Claims and Benefits Information System aka CONNECT, where hackers reportedly accessed information related to CONNECT Public Claims portal between April 27-July 16,2021.
We Live Security
AUGUST 6, 2021
The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information. The post IIStealer: A server‑side threat to e‑commerce transactions appeared first on WeLiveSecurity.
Bleeping Computer
AUGUST 4, 2021
Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
AUGUST 2, 2021
Key topics analysts anticipate for these security conferences include supply chain attacks, Microsoft Exchange vulnerabilities and the iPhone/Pegasus spyware incident.
Security Boulevard
AUGUST 3, 2021
Some Italian healthcare websites and their backroom systems have been wiped off the internet by malware. The post Italian Vaccine Sites Shut Down by Ransomware Thugs appeared first on Security Boulevard.
CSO Magazine
AUGUST 3, 2021
The attack on US-based software provider Kaseya by notorious Russia-linked ransomware group REvil in July 2021 is estimated to have affected up to 2,000 global organizations. REvil targeted a vulnerability ( CVE-2021-30116 ) in a Kaseya remote computer management tool to launch the attack, with the fallout lasting for weeks as more and more information on the incident came to light.
Bleeping Computer
AUGUST 1, 2021
Last week, a new open-source Registry Editor was released that puts Windows Regedit software to shame by supporting a host of advanced features, making editing the Registry easier than ever. [.].
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
363 
Let's personalize your content