Schneier on Security
AUGUST 18, 2021
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision : two images that hash to the same value.
Krebs on Security
AUGUST 19, 2021
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 19, 2021
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
Lohrman on Security
AUGUST 15, 2021
Email tips abound, but lasting email etiquette is severely lacking at home and work in 2021.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
AUGUST 19, 2021
It’s a big one : As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social security numbers , driver’s license information, and IMEI numbers , unique identifiers tied to each mobile device.
Krebs on Security
AUGUST 16, 2021
Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
AUGUST 20, 2021
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
Schneier on Security
AUGUST 20, 2021
In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.
Bleeping Computer
AUGUST 20, 2021
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [.].
Tech Republic Security
AUGUST 20, 2021
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
AUGUST 20, 2021
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
Schneier on Security
AUGUST 18, 2021
I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents.
We Live Security
AUGUST 19, 2021
Ransomware payments may have greater implications than you thought ā and not just for the company that gave in to the attackersā demands. The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity.
Tech Republic Security
AUGUST 16, 2021
Most organizations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
AUGUST 19, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [.].
Security Boulevard
AUGUST 17, 2021
Corporate executives have a responsibility to ensure long-term positive outcomes for the companies they lead. One way to accomplish this is by minimizing corporate risk and protecting assets through proactive and innovative approaches to cybersecurity. Time and again, however, we have witnessed companies become unnecessary cyberattack victims. Often, these incidents are sadly due to their.
Graham Cluley
AUGUST 19, 2021
Got a grudge against an Instagram user? Like to wipe your ex-partner's sickening selfies off social media? Well, scammers may just have the perfect service for you - at quite an affordable price. Read more in my article on the Tripwire State of Security blog.
Tech Republic Security
AUGUST 20, 2021
In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, āDo you know whatās in your software?
Bleeping Computer
AUGUST 19, 2021
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. [.].
CSO Magazine
AUGUST 19, 2021
I am proud to say that the annual Life and Times of Cybersecurity Professionals report from ESG and ISSA is now available for free download. As part of the research for this report, we always ask cybersecurity professionals several questions about the global cybersecurity skills shortage. Is it real? Are things improving or getting worse? Is your organization impacted and, if so, how?
The Hacker News
AUGUST 16, 2021
A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection.
Tech Republic Security
AUGUST 16, 2021
In recent months, a string of high-profile cyberattacks have targeted critical U.S. infrastructure. As students return to the classroom, could criminals look to focus their efforts on schools?
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
AUGUST 19, 2021
Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employerāno verification needed. And worse, the employer cannot easily take these down. [.].
CyberSecurity Insiders
AUGUST 19, 2021
Britain is all set to launch a new law where the common public will be subjected to AI driven CCTV surveillance that will help nab criminals. But privacy advocates worry that the new law that is proposed to be implemented by this year’s end in councils related to England and Wales might trigger additional concerns. Soon those living in & around Britain might face a dystopian future as the government is planning to turn public spaces into open air prisons.
Malwarebytes
AUGUST 18, 2021
Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. And the brands phishers like most are the ones you’re expecting to hear from, or wouldn’t be surprised to hear from, like Amazon or DHL. Now you can add DocuSign to that list. DocuSign is a service that allows people to sign documents in the Cloud.
Tech Republic Security
AUGUST 17, 2021
The top certification on the annual Skillsoft list has a salary of more than $171,000. Find out what certifications you should be working toward.
Speaker: Erika R. Bales, Esq.
When we talk about ācompliance and security," most companies want to ensure that steps are being taken to protect what they value most ā people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and itās more important than ever that safeguards are in place. Letās step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
AUGUST 17, 2021
An Illionois pharmacist arrested today faces 120 years in prison for allegedly selling dozens of authentic COVID-19 vaccination record cards issued by the Center for Disease Control and Prevention (CDC). [.].
CyberSecurity Insiders
AUGUST 14, 2021
Recently, many users choose Mac computers because they are fast, reliable, and cool. Some people still think that Apple computers have some “magic” inside to be protected from any viruses, and their speed will always be on the highest level. Well, in some ways, Macs are more reliable and high-performance compared to other devices but they still need attention from you to keep them on a good level of performance as well as improve their security when you are working online.
Trend Micro
AUGUST 15, 2021
The ransomware group LockBit resurfaced in July with LockBit 2.0, with reports indicating an increased number of targeted companies and the incorporation of double extortion features. Our detections followed attack attempts in Chile, Italy, Taiwan, and the UK from July to August.
Tech Republic Security
AUGUST 19, 2021
ThroughTek's Kalay is used to manage security cameras, baby monitors, DVRs and more. A newly discovered flaw lets attackers watch, listen and steal recordings from hardware sold by dozens of vendors.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
363 
Let's personalize your content