Krebs on Security
OCTOBER 4, 2021
Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online.
Schneier on Security
OCTOBER 4, 2021
Facebook — along with Instagram and WhatsApp — went down globally today. Basically, someone deleted their BGP records, which made their DNS fall apart. …at approximately 11:39 a.m. ET today (15:39 UTC), someone at Facebook caused an update to be made to the company’s Border Gateway Protocol (BGP) records. BGP is a mechanism by which Internet service providers of the world share information about which providers are responsible for routing Internet traffic to which specifi
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
OCTOBER 2, 2021
Lots of little bits and pieces this week in a later and shorter than usual update. See the references for all the details, but plenty of cyber, some IoT weather station discussion and a bit of chatter around career and me deciding I want to do a "Hack Your Career More" talk once we all get back to doing events in person. Stay tuned for that last one in particular!
Lohrman on Security
OCTOBER 3, 2021
The Cyber Incident Notification Act of 2021 would require reporting cyber incidents impacting critical infrastructure to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
OCTOBER 6, 2021
Unrelated to other recent problems Facebook has had, this particular batch of data was scraped from profiles, meaning it's publicly available knowledge. That doesn't stop it from being dangerous.
Schneier on Security
OCTOBER 6, 2021
This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
We Live Security
OCTOBER 7, 2021
ESET researchers discover a malware family with tools that show signs they’re used in targeted attacks. The post FontOnLake: Previously unknown malware family targeting Linux appeared first on WeLiveSecurity.
Tech Republic Security
OCTOBER 5, 2021
Throughout the summer of 2021, the number of phishing URLs designed to impersonate Chase jumped by 300%, says security firm Cyren.
Schneier on Security
OCTOBER 4, 2021
Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test.
The Hacker News
OCTOBER 7, 2021
So, you've been thinking about getting a Penetration Test done on your Amazon Web Services (AWS) environment. Great! What should that involve exactly? There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Cisco Security
OCTOBER 6, 2021
Before joining Cisco, I spent a lot of time wading through the resumes of potential cybersecurity candidates to hire for my teams. I was looking for individuals from a variety of backgrounds and experiences but finding candidates with zero to three years of experience was the most difficult to find. Many find it challenging to get a job, but I will let you in on a little secret – it’s even more challenging for a hiring manager to find quality cybersecurity talent.
Tech Republic Security
OCTOBER 5, 2021
Enterprises are worried about exactly the issues that Windows 11 helps with, and the hardware specs mean future security improvements like more app containers.
Security Boulevard
OCTOBER 5, 2021
Hackers broke into the massive telephony interconnection service run by Syniverse—a huge, yet invisible, chunk of infrastructure. The post Syniverse Hack: Billions of Users’ Data Leaks Over Five Years appeared first on Security Boulevard.
We Live Security
OCTOBER 5, 2021
ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012. The post UEFI threats moving to the ESP: Introducing ESPecter bootkit appeared first on WeLiveSecurity.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Cisco Security
OCTOBER 6, 2021
Cybersecurity Awareness Month is an excellent time to reflect on some of the emerging and key trends from the past year. There’s been no shortage of security headlines for us to reflect on, many of which are detailed on our Talos Threat Intelligence blog. These three key issues particularly catch my eye and deserve our attention. The supply chain. Prior to 2021, supply chain attacks were assumed to exclusively be a tool for sophisticated state-sponsored threat actors only.
Tech Republic Security
OCTOBER 6, 2021
Anyone who needs to hide away sections of text in Google Documents should give this handy add-on a try.
Security Affairs
OCTOBER 5, 2021
An unnamed ransomware gang used a custom Python script to target VMware ESXi and encrypt all the virtual machines hosted on the server. Researchers from Sophos were investigating a ransomware attack when discovered that the attackers employed a Python script to encrypt virtual machines hosted on VMware ESXi servers. In the attack investigated by the experts, ransomware operators encrypted the virtual disks in a VMware ESXi server only three hours after the initial intrusion.
eSecurity Planet
OCTOBER 4, 2021
A surprising 91.5 percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. WatchGuard, which sells network security , intelligence and endpoint protection solutions, included that finding in its recently-released Internet Security Report , which is based on data coming in from t
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
We Live Security
OCTOBER 6, 2021
Two-factor authentication is a simple way to greatly enhance the security of your account. The post Google to turn on 2FA by default for 150 million users, 2 million YouTubers appeared first on WeLiveSecurity.
Tech Republic Security
OCTOBER 7, 2021
Jack Wallen offers a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.
Security Affairs
OCTOBER 7, 2021
A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045. .
SecureList
OCTOBER 7, 2021
Introduction. These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. In 2020–2021, with the outbreak of the pandemic and the emergence of several major cybercriminal groups (Maze, REvil, Conti, DarkSide, Avaddon), an entire criminal ecosystem took shape, leading to a mounting worldwide wave of attacks on large organizations with pockets deep enough to pay a ransom in the hundreds of thousands, even millions, of US dollars.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
We Live Security
OCTOBER 6, 2021
Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze. The post To the moon and hack: Fake SafeMoon app drops malware to spy on you appeared first on WeLiveSecurity.
Tech Republic Security
OCTOBER 7, 2021
Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises.
Security Affairs
OCTOBER 2, 2021
The Flubot Android malware is now leveraging fake security updates warning to trick users into installing the malicious code. Threat actors behind the Flubot Android malware are now leveraging fake security updates to trick victims into installing the malicious code. The attackers use fake security warnings of Flubot infections and urging them to install the security updates.
The Hacker News
OCTOBER 8, 2021
An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
OCTOBER 4, 2021
Millions of Neiman Marcus customers have had their personal and financial information exposed in a data breach. In a press release the company confirmed unauthorized access to customer online accounts. According to the press release 4.6 million customers of Neiman Marcus Group stores, specifically Neiman Marcus and Last Call, are being notified about the data breach by email.
Tech Republic Security
OCTOBER 7, 2021
The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.
Security Affairs
OCTOBER 6, 2021
Resecurity researchers dumped Gigabytes of data from Agent Tesla C2Cs, one of the most well-known cyberespionage tools suffers a data leakage. Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets.
Cisco Security
OCTOBER 6, 2021
During the Tokyo 2020 Olympic Games, gymnastics legend Simone Biles surprised everyone when she withdrew from the individual all-around competition to take care of her mental well-being. Biles later returned to the Games, winning two medals overall. I personally found her contribution to the conversations around mental health just as inspiring as her sporting achievements.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
363 
Let's personalize your content