Sat.Jun 26, 2021 - Fri.Jul 02, 2021

What is the dark web? How to access it and what you'll find

CSO Magazine

Dark web definition. The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is.

3 Steps to Strengthen Your Ransomware Defenses

The Hacker News

The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cyber investments are growing, but not enough

Tech Republic Security

64% of respondents to PwC's latest CEO survey expect a jump in reportable ransomware and software supply chain incidents this year, and only 55% are prepared to respond

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

Some of Western Digital’s MyCloud-based data storage devices. Image: WD.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

More Russian Hacking

Schneier on Security

Two reports this week.

Welcoming the Slovak Republic Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP.

More Trending

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

Financial services giant Intuit this week informed 1.4

Risks of Evidentiary Software

Schneier on Security

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example).

Threat Model Thursday: 5G Infrastructure

Adam Shostack

The US Government’s lead cybersecurity agencies (CISA, NSA, and ODNI) have released an interesting report, Potential Threat Vectors To 5G Infrastructure.

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront. Related: Equipping Security Operations Centers (SOCs) for the long haul. Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time.

Risk 123

We Infiltrated a Counterfeit Check Ring! Now What?

Krebs on Security

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each.

Scams 177

NFC Flaws in POS Devices and ATMs

Schneier on Security

It’s a series of vulnerabilities : Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide.

Applied Threat Modeling at Blackhat 2021!

Adam Shostack

At Blackhat USA, I’ll be teaching Applied Threat Modeling. This hands-on, interactive class will focus on learning to threat model by executing each of the steps.

130
130

A New Kind of Ransomware Tsunami Hits Hundreds of Companies

WIRED Threat Level

An apparent supply chain attack exploited Kaseya's IT management software to encrypt a "monumental" number of victims all at once. Security Security / Security News

LinkedIn Leaks 93% of Users’ Data—Refuses Blame for Breach

Security Boulevard

LinkedIn is fighting a crescendo of criticism over a huge data breach. But when is a breach not a “breach”? The post LinkedIn Leaks 93% of Users’ Data—Refuses Blame for Breach appeared first on Security Boulevard.

Insurance and Ransomware

Schneier on Security

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping.

One billion dollars lost by over-60s through online fraud in 2020, says FBI

Hot for Security

According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. Read more in my article on the Hot for Security blog.

Cyber Threat to UK Populace from latest WhatsApp Scam

CyberSecurity Insiders

UK’s Law enforcement department has issued a fresh set to of warning to all UK populace who are using popular messaging service WhatsApp. The alert is related to a widespread scam that is targeting users on the said video and image sharing service.

One Medical: Sorry-not-Sorry for Leaking your Personal Info

Security Boulevard

Primary care med-tech firm One Medical sent email to countless customers, with hundreds of other customer email addresses visible in the To: field. The post One Medical: Sorry-not-Sorry for Leaking your Personal Info appeared first on Security Boulevard.

Common Facebook scams and how to avoid them

We Live Security

Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed. The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity. Scams

Scams 111

Cybersecurity pros come from all backgrounds, expert says

Tech Republic Security

The field is desperate for staff, and pros can succeed even if they're not technology experts

New disputes to arise from ransomware payments ban

CyberSecurity Insiders

As the law enforcement agencies are urging ransomware victims not to make any ransom payment to hackers, as it not only encourages crime but also doesn’t guarantee a decryption key for sure in exchange for the payment.

4 Warning Signs of an Insecure App

Security Boulevard

The “golden age of digital transformation” is upon us, and companies around the globe are scurrying to meet consumers on the digital frontier. For developers, it is a virtual gold rush, as businesses overhaul their infrastructure to meet consumers where they are—their mobile phones.

NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers

The Hacker News

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S.

You don't have to be a tech expert to become a cybersecurity pro

Tech Republic Security

Attention to detail, creativity and perseverance are key traits for a good white hat hacker. These positions are in high demand

Asset management in the age of digital transformation

CyberSecurity Insiders

Over the past year or so, organizations have rapidly accelerated their digital transformation by employing technologies like cloud and containers to support the shift to IoT and address the expanding remote workforce.

Can Managed Security Keep Businesses Safer?

Security Boulevard

In the last two decades, the cybersecurity industry has grown from a niche sector into a dominant force in the business world. Today, Gartner predicts that cybersecurity spending will reach $150 billion this year, almost double what was predicted in 2015.

CISO 111

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

The Hacker News

Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website.

104
104

More than 3.5 million people needed worldwide to work in cybersecurity

Tech Republic Security

Expert says attacks are getting bigger and more aggressive than before. Instead of being like a burglary, they're more like a home invasion

Mercedes Benz Data Breach details

CyberSecurity Insiders

An independent security researcher reported on June 11th,2021 that a data breach on a cloud platform has leaked over 1.6 million records belonging to customers of Mercedes Benz USA.

REvil’s Linux Version Targets VMware ESXi Virtual Machines

Security Boulevard

Organizations running ESXi environments that thought they had somehow escaped the attention of REvil ransomware operators are in for a rude awakening – the ransomware-as-a-service’s repertoire now includes a Linux version aimed squarely at VMware ESXi virtual machines, according to researchers at MalwareHunterTeam.

Colorado Privacy Act – Blog Series (Part III)

TrustArc

This is part III in a four-part series on the Colorado Privacy Act.

Botnet attacks on APIs: Why most companies are unprepared

CSO Magazine

As companies move applications to the cloud and expose functionality via application programming interfaces (APIs), criminals have been moving quickly to take advantage of this newly exposed attack surface.

How to use a physical security key on Twitter and where to get it from

CyberSecurity Insiders

In April this year, social networking giant Twitter made it official that it will allow its physical security keys as a 2FA for its users using its web or app version.

How Offensive AI Can Disarm Cybersecurity

Security Boulevard

As more organizations adopt AI and ML as cybersecurity controls and to detect and deter attacks, cybercriminals are devising ways to use AI as the basis of attacks.

PrintNightmare zero day exploit for Windows is in the wild – what you need to know

Graham Cluley

Proof-of-concept code has been accidentally released for a zero-day vulnerability in Windows Print Spooler, in the mistaken belief that Microsoft had patched it. Malware Microsoft Vulnerability printer PrintNightmare vulnerability Zero Day