Joseph Steinberg
APRIL 6, 2021
While ransomware may seem like a straightforward concept, people who are otherwise highly-knowledgeable seem to cite erroneous information about ransomware on a regular basis. As such, I would like to point out 8 essential points about ransomware. 1. Paying a demanded ransom may not get you your files back, and may not prevent a leak of your information.
Tech Republic Security
APRIL 6, 2021
IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
APRIL 5, 2021
Argus, a Cybersecurity solutions provider for connected cars aka automated vehicles has announced that it is collaborating with Tech Giant Microsoft to assist automotive manufacturers in mitigating risks associated with connected cars. Microsoft is going to achieve it by integrating Argus Cyber Security suite with Azure IoT to provide an end-to-end solution that helps monitor, detect and mitigate cyber threats targeting in-vehicle information.
Schneier on Security
APRIL 9, 2021
Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits , with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the Internet’s websites use PHP, it’s scary. Developers have moved PHP to GitHub, which has better authentication.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
APRIL 9, 2021
"What a s**t week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media interviews. And I ran a workshop over 4 half days. And had 2 lots of guests visiting.
Krebs on Security
APRIL 6, 2021
Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
APRIL 7, 2021
According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.” Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend Signal’s privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations
Troy Hunt
APRIL 8, 2021
Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center who now has access to monitor all their government domains via API domain search, free of charge. The Ukraine is now the 13th government to be onboarded to HIBP's service joining counterparts across Europe, North America and Australia.
Krebs on Security
APRIL 5, 2021
Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. This letter is from the Clop ransomware gang, putting pressure on a recent victim named on Clop’s dark web shaming site. “Good day!
Tech Republic Security
APRIL 8, 2021
Zero trust is a good cybersecurity platform, but experts suggest care to get it right and not disenfranchise users.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
APRIL 5, 2021
The new 802.11bf standard will turn Wi-Fi devices into object sensors: In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals. “When 802.11bf will be finalized and introduced as an IEEE standard in September 2024, Wi-Fi will cease to be a communication-only standard and will legitimately become a full-fledged sensing paradigm,” explains Fra
Bleeping Computer
APRIL 3, 2021
Microsoft has revealed that Thursday's worldwide outage was caused by a code defect that allowed the Azure DNS service to become overwhelmed and not respond to DNS queries. [.].
We Live Security
APRIL 8, 2021
ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa. The post (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor appeared first on WeLiveSecurity.
Tech Republic Security
APRIL 5, 2021
Marketing psychology has influenced each of us; experts suggest it could help reduce the angst of cybersecurity training.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Schneier on Security
APRIL 6, 2021
A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. What’s clever about this scam is that the victim is an Uber driver and the scammer is the passenger, so the driver is naturally busy and can’t see what the scammer is doing.
Bleeping Computer
APRIL 9, 2021
The FBI arrested a Texas man on Thursday for allegedly planning to "kill of about 70% of the internet" in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. [.].
Google Security
APRIL 6, 2021
Posted by Jeff Vander Stoep and Stephen Hines, Android Team Correctness of code in the Android platform is a top priority for the security, stability, and quality of each Android release. Memory safety bugs in C and C++ continue to be the most-difficult-to-address source of incorrectness. We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android release
Tech Republic Security
APRIL 7, 2021
A majority of security pros said they're most concerned about malicious payloads sent to employees via file attachments, according to a survey from GreatHorn.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Schneier on Security
APRIL 8, 2021
Google’s Project Zero discovered , and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors.
Bleeping Computer
APRIL 4, 2021
Data breach notification service Have I Been Pwned can now be used to check if your personal information was exposed in yesterday's Facebook data leak that contains the phone numbers and information for over 500 million users. [.].
Security Boulevard
APRIL 9, 2021
There's no time to waste in a cybersecurity disaster. How do you plan to respond to an incident, and what do you do next? Find out now! The post Don’t Put Off Cybersecurity Incident Response Planning appeared first on Security Boulevard.
Tech Republic Security
APRIL 8, 2021
New HP-sponsored report finds significant increase in nation-states targeting enterprises to steal high-value IP.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
SecureList
APRIL 9, 2021
Recently, we’ve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source. We notified the developers about the infection on April 8.
Bleeping Computer
APRIL 3, 2021
A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. [.].
Security Boulevard
APRIL 5, 2021
In a cyber world filled with SIEMs, security appliances and anti-malware products, one would think that the specter of cybersecurity would be well under control. However, attacks are still on the rise, zero-day vulnerabilities are increasing and cybercriminals are always finding new ways to attack. “When dealing with previously unseen attacks, it is important to.
Tech Republic Security
APRIL 6, 2021
Automating cloud security is a process still in its infancy for many organizations, says Unit 42.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Trend Micro
APRIL 8, 2021
This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant that now uses five files in its infection routine instead of the usual three.
Bleeping Computer
APRIL 7, 2021
A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. [.].
Hot for Security
APRIL 9, 2021
Police specialists in Belgium managed to crack an encrypted messaging service, revealing detailed information about cocaine shipments into Antwerp, Belgium. Belgian police issued a statement this week saying they seized several shipments of cocaine with a street value of 1.4 billion euros ($1.65 billion) after cracking the encryption algorithm of Sky ECC, a supplier of modified phones designed for ultra-private communications.
Tech Republic Security
APRIL 5, 2021
AppSec expert says cybersecurity should be a part of the development process from the beginning.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
283 
Let's personalize your content