Anton on Security
MARCH 1, 2021
Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… This is about the Security Operations Center (SOC). And automation. And of course SOC automation. Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today. Or, as my esteemed colleague said, “Stop Trying To Take Humans Out Of Security Operations.
Adam Levin
MARCH 1, 2021
Gab was breached February 28, with 70 gigabytes of user data leaked by a group of “hacktivists.” A popular audio chatroom app for iOS devices called Clubhouse was breached seven days before that. A few weeks earlier, Clubhouse had run afoul of privacy advocates concerned about its data storage–including the possibility that the company was routing content through China. .
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MARCH 4, 2021
Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.
Schneier on Security
MARCH 1, 2021
Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Troy Hunt
MARCH 1, 2021
I'm pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT , now has full and free access to query their government domains across the entire scope of data in HIBP. This is now the 12th government onboarded to HIBP and I'm very happy to see the Portuguese join their counterparts in other corners of the world.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Schneier on Security
MARCH 2, 2021
This is weird : Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.
Troy Hunt
MARCH 5, 2021
Data breaches all over the place this week! Not just data breaches, but noteworthy data breaches; the VPN ones for being pretty shady, Oxfam because it included my data which was posted to a hacking forum, Ticketcounter because of the interactions I had with them during the disclosure process and Gab because, well, everything about Gab is always weird.
Tech Republic Security
MARCH 4, 2021
Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.
Krebs on Security
MARCH 2, 2021
Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
MARCH 5, 2021
I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method, and its abstract ends with the provocative sentence: “This destroys the RSA cryptosystem.” It does not. At best, it’s an improvement in factoring — and I’m not sure it’s even that.
WIRED Threat Level
MARCH 5, 2021
A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught.
Tech Republic Security
MARCH 2, 2021
A new Red Hat report also finds that app development and digital transformation are important to users and that security perceptions have improved.
Krebs on Security
MARCH 2, 2021
PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR handles everything from payroll processing and human resources to health insurance and tax forms for hundreds of “professional employer organizations” (PEOs) that serve more than two million employees.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Schneier on Security
MARCH 3, 2021
NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander ‘s parachute. More information.
Zero Day
MARCH 5, 2021
Mandiant says attacks are taking place against a wide array of US targets -- local governments included.
Tech Republic Security
MARCH 1, 2021
Remote employees have engaged in certain risky behaviors, such as storing sensitive data, using inappropriate admin access and failing to update software, says Tanium.
Security Boulevard
MARCH 5, 2021
Today, the United States Attorney for the Southern District of New York, William F. Sweeney, announced the unsealing of a seven count indictment charging John David McAfee, founder of McAfee, and Jimmy Gale Watson, an executive advisor to McAfee, with pump-and-dump schemes, as well as initial coin offering (ICO) touting schemes. Watson was arrested on.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
MARCH 4, 2021
Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China.
Graham Cluley
MARCH 4, 2021
A Russian cybercrime forum appears to have suffered a data breach, spilling details of users. Which is a terribly unfortunate thing to happen.
Tech Republic Security
MARCH 5, 2021
A lack of confidence in companies' defenses is prompting 91% of organizations to boost 2021 budgets, according to a new IDG/Insight Enterprises study.
The Hacker News
MARCH 4, 2021
Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Schneier on Security
MARCH 4, 2021
Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level
Security Boulevard
MARCH 3, 2021
While I might not be in the IT trenches, over my years in sales I have had the benefit of working alongside IT leaders across multiple industries. I’ve learned first-hand about the problems IT leaders face in their everyday cybersecurity operations. And what is the biggest takeaway? It’s that at small to medium-sized businesses or really any with a blossoming security program, IT leaders’ cybersecurity problems revolve mainly around a lack of three components: people, process, and technology.
Tech Republic Security
MARCH 4, 2021
Account takeovers and online banking fraud are two types of attacks on the rise against financial institutions and their customers, says Feedzai.
Hot for Security
MARCH 3, 2021
A new zero-day vulnerability has been discovered in the popular web browser Chrome, with Google noting that the flaw is being exploited by malicious actors. Users should install the updated version of the browser containing the patch as soon as possible. In traditional Chrome-team fashion, the techies maintaining the world’s most popular web browser for desktops are “delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux.”.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
MARCH 3, 2021
Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data includes email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPN apps—SuperVPN, GeckoVPN, and ChatVPN.
Tech Republic Security
MARCH 2, 2021
Too many people shrug off SELinux on their data center systems. Jack Wallen says it's time to stop giving into that siren song so your operating systems are weakened.
We Live Security
MARCH 3, 2021
Some perpetrators of online crime and fraud don’t use advanced methods to profit at the expense of unsuspecting victims and to avoid getting caught. The post Not all cybercriminals are sophisticated appeared first on WeLiveSecurity.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
246 
Let's personalize your content