Lohrman on Security
DECEMBER 23, 2021
What will the New Year bring in cyber space? Here’s your annual roundup of the top security industry forecasts, trends and cybersecurity prediction reports for calendar year 2022.
Daniel Miessler
DECEMBER 18, 2021
If you’re reading this you’re underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy named d0nut who figured something out like 3 days ago that very few people know. Once you have 2.15 applied—or the CLI implementation to disable lookups—you actually need a non-default log4j2.properties configuration to still be vulnerable!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
DECEMBER 21, 2021
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ), your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?—?
Schneier on Security
DECEMBER 20, 2021
Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab: We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saud
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Lohrman on Security
DECEMBER 19, 2021
2021 will be remembered as the most disruptive year so far when it came to cyber attacks, with ransomware impacting businesses and governments — including critical infrastructure — as never before.
Troy Hunt
DECEMBER 24, 2021
I'd say this is probably the most epic scene I've ever done one of these videos from and equally, the main topic of the day around Pwned Passwords and the work done with the FBI and NCA is the most epic thing I've done for a very long time. On reflection, I feel like this is the first major step towards HIBP growing up and becoming self-sufficient; that Pwned Passwords piece is now owned by the community, supported by the community, contributed to by 2 of the world's foremost
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
DECEMBER 22, 2021
The US has returned $154 million in bitcoins stolen by a Sony employee. However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii’s wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI’s bitcoin wallet.
Tech Republic Security
DECEMBER 22, 2021
Log4Shell is a dangerous security concern — and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars.
Bleeping Computer
DECEMBER 24, 2021
An Android banking trojan targeting Itaú Unibanco, a large financial services provider in Brazil with 55 million customers globally, is using a fake Google Play store to spread to devices. [.].
Dark Reading
DECEMBER 20, 2021
Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
DECEMBER 21, 2021
Even with the growing awareness about cybersecurity, many myths about it are prevalent. These misconceptions can be a barrier to effective security. The first step to ensure the security of your business is to separate the false information, myths, and rumors from the truth. Here, we're busting some common cybersecurity myths. Read on to find out which of the following you thought were true.
Tech Republic Security
DECEMBER 24, 2021
Training for a lucrative tech career is easier and less expensive than you might think. Check out these online courses on programming, cybersecurity, project management and more.
Bleeping Computer
DECEMBER 22, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. [.].
CyberSecurity Insiders
DECEMBER 20, 2021
By Jon Lucas, Co-director, Hyve Managed Hosting. What was once regarded as a perk of the job has now become an outright necessity. Once an optional luxury in select businesses and industries, remote working is now one of the central pillars of the so-called ‘new normal’, at least where desk-based working is concerned. Even businesses that are keen to get workers back into the office as soon as possible are at least keeping the door open with regards to remote working, such has been the uncertain
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
DECEMBER 22, 2021
Did you give or receive a toy or new parental control or security app for the holidays? While well intentioned, you may have inadvertently created a security breach for the recipient or opened your family up to unwanted surveillance. The Internet of security breaches The Internet of Things (IoT) is not just for your smart. The post The gift that keeps on giving: 7 tips to avoid cyber security threats appeared first on Allot's Network Security & IoT Blog for CSPs & Enterprises.
Tech Republic Security
DECEMBER 23, 2021
Kasada research finds that all-in-one bots are fooling cyberdefenses and automating the checkout process to snap up in-demand goods.
Bleeping Computer
DECEMBER 20, 2021
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. [.].
CyberSecurity Insiders
DECEMBER 20, 2021
Supply chain challenges have always been present, but they’re growing increasingly common and severe. COVID-related shortages have compounded typical disruptions like holiday season demand, creating unprecedented logistics obstacles. Some experts warn that these challenges may last up to two years , and even then, disruptions could still be likely as supply chains grow more complex.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
DECEMBER 24, 2021
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.
Tech Republic Security
DECEMBER 20, 2021
Online consumers can do everything right and still become cyber victims. Learn about synthetic identity fraud and why "buyer beware" is not enough.
Bleeping Computer
DECEMBER 19, 2021
A new malware named 'DarkWatchman' has emerged in the cybercrime underground, and it's a lightweight and highly-capable JavaScript RAT (Remote Access Trojan) paired with a C# keylogger. [.].
Malwarebytes
DECEMBER 21, 2021
On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the world’s foremost law enforcement agencies, the FBI and the NCA (the UK equivalent of the FBI, the National Crime Agency). This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
DECEMBER 23, 2021
Cybercrime is here, it is dynamic and it is not going anywhere. The Anti-Phishing Working Group (APWG) hosted its 16th annual Electronic Crime Research symposium, APWG eCrime 2021 in early December. The three-day event saw 12 peer-reviewed papers on cybercrime and ecrime presented and discussed from both academia and the cybersecurity sectors. The three tracks.
Tech Republic Security
DECEMBER 23, 2021
Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker.
Bleeping Computer
DECEMBER 18, 2021
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes CVE-2021-45105, a DoS vulnerability. [.].
Security Affairs
DECEMBER 18, 2021
Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the third fix issued in a week. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CSO Magazine
DECEMBER 22, 2021
The Apache Log4j vulnerability has made global headlines since it was discovered in early December. The flaw has impacted vast numbers of organizations around the world as security teams have scrambled to mitigate the associated risks. Here is a timeline of the key events surrounding the Log4j vulnerability as they have unfolded. Thursday, December 9: Apache Log4j zero-day exploit discovered.
Tech Republic Security
DECEMBER 21, 2021
Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.
Bleeping Computer
DECEMBER 23, 2021
Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. [.].
CyberSecurity Insiders
DECEMBER 20, 2021
Clop Ransomware Group, a Russian based hacking gang, has published some data belonging to British Police on the dark web and stated that the act was a retaliation for not paying the demanded ransom. Sources say that the CLOP gang infiltrated the servers of IT firm Dacoll and siphoned data belonging to Police National Computer (PNC). The criminal gang demanded a ransom in millions to delete the data from their servers.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
363 
Let's personalize your content