Security Boulevard
APRIL 15, 2021
There hasn’t been much good news in cybersecurity lately. In the first three months of 2021, organizations have been exposed by zero-days in Microsoft Exchange and Accellion’s secure file transfer appliance, and there have been revelations of three more malware strains related to the SolarWinds Orion product. This brings the total number of malware related.
ZoneAlarm
APRIL 12, 2021
It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. But knowing which emails are real and which are phishing emails is crucial and can save you money and problems … The post Is it Real or not?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CSO Magazine
APRIL 15, 2021
Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d be close. “Qwerty” is another contender for the dubious distinction, but the champion is the most basic, obvious password imaginable: “123456.” Yes, tons of people still use “123456” as a password, according to NordPass's 200 most common passwords of the year for 2020, which is based on analysis of passwords exposed by data breaches.
Schneier on Security
APRIL 14, 2021
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
APRIL 12, 2021
Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. KrebsOnSecurity first heard about the breach from Gemini Advisory , a New York City based threat intelligence firm that keeps a close eye on the cybercrime forums.
Tech Republic Security
APRIL 12, 2021
The cybersecurity poverty line is a term that can help companies understand security gaps and build better awareness. Learn more about it and how it applies to your organization.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
APRIL 15, 2021
The office of the Director of National Intelligence released its “ Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity.
Krebs on Security
APRIL 13, 2021
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.
Tech Republic Security
APRIL 14, 2021
From remote work and social media to ergonomics and encryption, TechRepublic has dozens of ready-made, downloadable IT policy templates.
Security Boulevard
APRIL 15, 2021
Words have meaning. When I was writing policies, it was imperative that ‘shall’, ‘will’, ‘may’ and ‘must’ be used correctly. The significance of a statement is dependent upon the word selected. With this in mind, it may be time to consider promoting ‘cyber safety’ instead of ‘cybersecurity.’ This is something I contemplate because I, personally, The post Wordsmithing: Cybersecurity or Cyber Safety?
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
APRIL 13, 2021
News : President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD). I know them both, and think they’re both good choices. More news.
Hot for Security
APRIL 13, 2021
Company hit with ransomware was unable to deliver food to supermarkets Firm’s director says he suspects hackers exploited Microsoft Exchange Server flaw. Shoppers at Dutch supermarkets may have noticed that some cheeses were in short supply last week, and it was cybercriminals who are to blame. Branches of Albert Heijn, the largest supermarket chain in the Netherlands, suffered from food shortages after a ransomware attack hit food transportation and logistics firm Bakker Logistiek over th
Tech Republic Security
APRIL 15, 2021
The banks are being exploited in attacks targeting people filing taxes, getting stimulus checks and ordering home deliveries, says Check Point.
Security Boulevard
APRIL 13, 2021
Familiarising With The Term Cyber Security You must have heard of the word cyber security, making headlines in the news, internet, social media, The post 5 Major Reasons for “Why is Cyber Security Important?” appeared first on Kratikal Blog. The post 5 Major Reasons for “Why is Cyber Security Important?” appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Schneier on Security
APRIL 16, 2021
Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. (If you are one of the 134K people who read me from Twitter, “hi.”).
SecureList
APRIL 13, 2021
While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.
Tech Republic Security
APRIL 12, 2021
DuckDuckGo has launched a new browser extension for Chrome that will prevent FLoC, a new tracking technique used by Google to support web advertising without identifying users.
Security Boulevard
APRIL 11, 2021
There is nothing better than learning from the experts when it comes to Cybersecurity. Gaining insights from the industry’s top influencers can prove to be crucial in optimizing your Application Security strategy. Without further adieu, we are glad to share […]. The post Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021 appeared first on Reflectiz.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Schneier on Security
APRIL 16, 2021
Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday , there are four in Microsoft Exchange that were disclosed by the NSA.
Webroot
APRIL 15, 2021
At Webroot, we could go on and on about user experience (UX) design. The study of the way we interact with the tools we use has spawned entire industries, university programs and professions. A Google Scholar search of the term returns over 300 thousand results. Feng Shui, Leonardo Davinci and Walt Disney are all described as important precedents for modern UX.
Tech Republic Security
APRIL 16, 2021
The reports reveal an increase in requests from U.S. law enforcement agencies, and that the company received the most requests for content removal from China during this period.
Malwarebytes
APRIL 15, 2021
Two weeks after Google launched a trial to replace run-of-the-mill online user tracking with new-fangled online user tracking, several companies and organizations have pushed back, criticizing the new technology—called FLoC —which is designed to respect people’s privacy more, as a detriment to user privacy. The good news is that, if you want to escape Google’s silent experiment into how it thinks you should be tracked across websites , you now have several options.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
APRIL 13, 2021
COVID-19 has impacted everything over the past year, and mobile app security is no exception. The Synopsys Cybersecurity Research Center (CyRC) took an in-depth look at application security, and discovered just how vulnerable apps that use open source code really are. According to the report, 98% of apps use open source code, and 63% of. The post Majority of Mobile App Vulnerabilities From Open Source Code appeared first on Security Boulevard.
Graham Cluley
APRIL 13, 2021
Many Facebook users think they only have to worry about the data that they personally share about themselves on Facebook, by posting messages on the site, connecting with their friends, and liking posts. But the truth is that Facebook knows much more about you than that, by collecting data from your activities off-site as well.
Tech Republic Security
APRIL 16, 2021
Endpoint protection for remote workers is still a huge concern, but one report finds that there may be light at the end of the tunnel as businesses signal they're spending more on user training.
CSO Magazine
APRIL 12, 2021
Machine learning adoption exploded over the past decade, driven in part by the rise of cloud computing, which has made high performance computing and storage more accessible to all businesses. As vendors integrate machine learning into products across industries, and users rely on the output of its algorithms in their decision making, security experts warn of adversarial attacks designed to abuse the technology.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Boulevard
APRIL 13, 2021
Over the weekend, Sonatype spotted a rather unique malware sample published to the npm registry, within a day of its release on npm. The post Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt appeared first on Security Boulevard.
The Hacker News
APRIL 13, 2021
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim.
Tech Republic Security
APRIL 16, 2021
Cyber insurance is gaining favor in the business world. An expert offers tips on how to get what's needed for the best price.
We Live Security
APRIL 15, 2021
Other common and easily hackable password choices include the names of relatives and sports teams, a UK study reveals. The post One in six people use pet’s name as password appeared first on WeLiveSecurity.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
145 
Let's personalize your content