Sat.Dec 25, 2021 - Fri.Dec 31, 2021

Apple AirTags Are Being Used to Track People and Cars

Schneier on Security

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking.

Weekly Update 276

Troy Hunt

2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

ROUNDTABLE: What happened in privacy and cybersecurity in 2021 — and what’s coming in 2022

The Last Watchdog

In 2021, we endured the fallout of a seemingly endless parade of privacy controversies and milestone cyber attacks. Related: The dire need to security-proof APIs. The Solar Winds hack demonstrated supply chain exposures; the attempted poisoning of a Tampa suburb’s water supply highlighted public utilities at risk; and the Colonial Winds ransomware attack signaled cyber extortionist rings continuing to run rampant.

B2B 158

Get a lifetime of protection for your files and sensitive data for only $90

Tech Republic Security

Enjoy the peace of mind that comes from having a lifetime backup plan and VPN subscription — at a price you can afford

VPN 171

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Getting Started With Threat-Informed Security Programs

Dark Reading

Security leaders need to examine their business model, document risks, and develop a strategic plan to address those risks

Cyber Threat to Healthcare and Corona Virus Vaccine supply

CyberSecurity Insiders

Amid fears that the newly mutated & detected Omicron variant of Corona could trigger a lockdown across the world, security experts warn that some group of threat actors probably funded by adversary governments are threatening to disrupt the healthcare services and vaccine supply meant to contain the spread of COVID-19 on a global note.

More Trending

Check for Log4j vulnerabilities with this simple-to-use script

Tech Republic Security

If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately

171
171

7 Steps for Navigating a Zero-Trust Journey

Dark Reading

Don't think of zero trust as a product. Think of it as "how you actually practice security

114
114

HP iLO devices loaded with data wiping malware

CyberSecurity Insiders

Iranian Cybersecurity firm Amnpardaz has released a security report stating that HP iLO devices were loaded with a data wiping malware dubbed iLOBleed.

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

The Hacker News

The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

The 10 worst tech stories of 2021

Tech Republic Security

Have fond memories of 2021? They probably don't include these 10 stories or the products and services surrounding them

171
171

Zero Trust and Access: Protecting the Keys to the Kingdom

Dark Reading

Zero trust moves the control pane closer to the defended asset and attempts to tightly direct access and privileges

114
114

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems.

Cybersecurity Predictions for 2022: Stay Ahead of Threats

Security Boulevard

What do you think will happen next in the domain of cybersecurity? Which new developments or challenges will become the talk of the town in the year ahead? Who will make the most progress in the constant war waged between cybercriminals and organizations worldwide?

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

The dangers of dark data: How to manage it and mitigate the risks

Tech Republic Security

Dark data is a major challenge in enterprises, and it's not going away soon. Fortunately, there are ways to reduce dark data and the risks that come with it

Risk 164

The Log4j Flaw Will Take Years to be Fully Addressed

Dark Reading

Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team

114
114

Details of a failed Clop Ransomware attack on City of Toronto Canada

CyberSecurity Insiders

Cybersecurity Insiders has learnt that Clop ransomware gang operating from Russia accessed the servers of the City of Toronto to grab metadata of over 35k citizens. Their plan could be to later dump the data on the dark web and make money.

Top DevOps Trends That Will Dominate in 2022

Security Boulevard

The post Top DevOps Trends That Will Dominate in 2022 appeared first on PeoplActive. The post Top DevOps Trends That Will Dominate in 2022 appeared first on Security Boulevard. DevOps Security Bloggers Network DEVOPS

113
113

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

'Spider-Man: No Way Home' Pirated Downloads Contain Crypto-Mining Malware

The Hacker News

Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape.

In the Fight Against Cybercrime, Takedowns Are Only Temporary

Dark Reading

Disrupting access to servers and infrastructure continues to interfere with cybercrime activity, but it's far from a perfect strategy

Instagram copyright infringment scams – don’t get sucked in!

Naked Security

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams. Instagram Phishing phishing Scam

Scams 112

Best of 2021 – What We Can Learn From the 2021 Microsoft Data Breach

Security Boulevard

In this blog, we’ll review the details of the most recent breach against the Microsoft Exchange Server. However, this blog’s point is that these forms of cyber attacks will continue and could likely accelerate. Trying to react after the fact is not the way to do business.

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions.

An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks

Dark Reading

Ransomware demands a new approach to incident response

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

The Hacker News

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems.

Looking Back at 2021 and Forward to 2022

CyberSecurity Insiders

As 2021 draws to a close, it provides an opportunity to reflect on the past year, and the success and growth we have achieved together.

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

Security Affairs

The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1

The CISO as Sustaining Force: Helping Infosec Staff Beat Burnout

Dark Reading

To protect their staffers, leaders should focus on identifying and alleviating root causes of burnout

How to install the Pritunl VPN server on AlmaLinux

Tech Republic Security

If you're looking for a VPN server to host in-house, look no further than the AlmaLinux/Pritunl combination. See how easy it is to get this service up and running

VPN 159

Russia slaps $100m fine on Google America

CyberSecurity Insiders

Google, the American web search giant, was technically penalized $100m by Russian government for failing to adhere to its state prevailing laws.

French IT services provider Inetum hit by BlackCat ransomware attack

Security Affairs

The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday.

After Google's Landmark Settlement, How Ad Networks Should Tackle Child Privacy

Dark Reading

To comply with the updated COPPA Rule, online ad platforms need to change how they handle viewers who might be children

113
113

Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers

The Hacker News

Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.