Schneier on Security
DECEMBER 31, 2021
This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apple’s mobile operating system. Those devices then report where an AirTag has last been seen.
Troy Hunt
DECEMBER 30, 2021
2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme. But hey, there was some positive stuff too, not least the bits about some of the wonderful organisations I've worked with this year, bought products from or otherwise just been a big part of my digital life in 2021.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 28, 2021
If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.
Bleeping Computer
DECEMBER 29, 2021
T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" that they fell victim to SIM swap attacks. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
DECEMBER 30, 2021
As we usher in the New Year, let’s take a look at some statistics that will help you stay up-to-date on recent cybersecurity trends. The post 22 cybersecurity statistics to know for 2022 appeared first on WeLiveSecurity.
Security Boulevard
DECEMBER 28, 2021
The post Top DevOps Trends That Will Dominate in 2022 appeared first on PeoplActive. The post Top DevOps Trends That Will Dominate in 2022 appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 30, 2021
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions. [.].
CSO Magazine
DECEMBER 28, 2021
Many employees at businesses worldwide have been forced to work from home because of COVID-19 related social distancing mandates. The security of employee home networks, and of the devices connected to them, are becoming increasingly important considerations for organizations that need to continue to support a large remote workforce for the foreseeable future.
Security Boulevard
DECEMBER 31, 2021
What do you think will happen next in the domain of cybersecurity? Which new developments or challenges will become the talk of the town in the year ahead? Who will make the most progress in the constant war waged between cybercriminals and organizations worldwide? When it comes to cybersecurity, it always pays to stay prepared. […]. The post Cybersecurity Predictions for 2022: Stay Ahead of Threats appeared first on Kratikal Blogs.
Tech Republic Security
DECEMBER 27, 2021
Dark data is a major challenge in enterprises, and it's not going away soon. Fortunately, there are ways to reduce dark data and the risks that come with it.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 28, 2021
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. [.].
The Hacker News
DECEMBER 30, 2021
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems.
Security Boulevard
DECEMBER 31, 2021
In this blog, we’ll review the details of the most recent breach against the Microsoft Exchange Server. However, this blog’s point is that these forms of cyber attacks will continue and could likely accelerate. Trying to react after the fact is not the way to do business. If your toolsets or MSSP services don’t enable you to automatically detect and stop these types of sophisticated intrusion attacks, such as the recent Solarwinds attack, or whatever the next attack is—you have the wrong approac
Tech Republic Security
DECEMBER 27, 2021
Many employers are now offering digital security benefits to help protect their employees. Learn about such arrangements and see how you can get started implementing them.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
DECEMBER 28, 2021
Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved. [.].
CyberSecurity Insiders
DECEMBER 30, 2021
Iranian Cybersecurity firm Amnpardaz has released a security report stating that HP iLO devices were loaded with a data wiping malware dubbed iLOBleed. Technically speaking, it is actually a malicious software rootkit that is loaded onto the firmware operating on the remote server management processors dubbed Integrated Lights-out(iLO). HP iLO are used on blade servers and Proliant servers to assist the admin in doing remote operations such as maintenance, software upgrade, security update and r
Security Boulevard
DECEMBER 30, 2021
The application security and the open source software communities rose to the challenge of the Java Log4j vulnerability, patching software, sharing information and providing mitigations and tools. We aren’t out of the woods yet, but their actions so far have been inspiring. What Happened? The new Log4j vulnerability, dubbed Log4Shell, has put the world on.
Tech Republic Security
DECEMBER 30, 2021
If you're looking for a VPN server to host in-house, look no further than the AlmaLinux/Pritunl combination. See how easy it is to get this service up and running.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
DECEMBER 28, 2021
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. [.].
CyberSecurity Insiders
DECEMBER 29, 2021
Amid fears that the newly mutated & detected Omicron variant of Corona could trigger a lockdown across the world, security experts warn that some group of threat actors probably funded by adversary governments are threatening to disrupt the healthcare services and vaccine supply meant to contain the spread of COVID-19 on a global note. According to a study made by researchers from Barracuda Networks, hospitals and healthcare organizations are at a greater risk of being cyber attacked in 2022
InfoWorld on Security
DECEMBER 28, 2021
Ten years ago, many CIOs had a negative opinion about cloud computing; few CIOs landed on the positive side. Cloud subject matter experts like me got walked out of the building on a regular basis. These days it’s a career killer to not leverage cloud computing. Most CIOs now have at least 20% of their applications and data moved to the cloud with 10% to 15% scheduled to move in the next year or so. [ InfoWorld’s 2021 Technology of the Year Award winners: The best software development, cloud com
Tech Republic Security
DECEMBER 31, 2021
Enjoy the peace of mind that comes from having a lifetime backup plan and VPN subscription — at a price you can afford.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
DECEMBER 31, 2021
Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched. [.].
CyberSecurity Insiders
DECEMBER 27, 2021
Google, the American web search giant, was technically penalized $100m by Russian government for failing to adhere to its state prevailing laws. Sources state that the Putin led government decided to impose a hefty fine on Google, as it failed to remove the content that was deemed to be inappropriate to Russian web service seekers. Thus, the announced penalty is the largest fine ever slapped by a Russian court in the history and will represent over 6.7% revenue earned by the internet juggernaut
Security Boulevard
DECEMBER 27, 2021
Let’s take a Cyber Drink to 2021 Cybersecurity professionals have been put in the spotlight this year. We applaud your hard work and service to protect society as the threats only get more sophisticated and the consequences become more frightening. Gone are the days when cybersecurity could operate in a silo. It’s now a business. Read article > The post A Toast to the Cybersecurity Incidents of 2021 appeared first on Axio.
The Hacker News
DECEMBER 30, 2021
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
DECEMBER 29, 2021
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish the customer data should ONUS refuse to comply. [.].
Security Affairs
DECEMBER 31, 2021
Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex capacity features and allow to implant a malicious code in a hidden area of SSDs called over-provisioning.
CyberSecurity Insiders
DECEMBER 29, 2021
Cybersecurity researchers from CrowdStrike have discovered that China funded hacking group Aquatic Panda was busy indulging in spying and espionage activities related to industrial intelligence and military secrets. Researchers from the security firm argue that said threat group was actively taking part in intelligence collection since May 2020, when almost the entire world was busy jostling with COVID-19 pandemic propelled lockdown and aftermath consequences.
Dark Reading
DECEMBER 28, 2021
Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
300 
Let's personalize your content