Sat.Jul 10, 2021 - Fri.Jul 16, 2021

What Does It Take to Be a Cybersecurity Professional?

Lohrman on Security

With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career. Here’s my perspective

Where Did REvil Ransomware Go? Will it Be Back?

Security Boulevard

Speculation swirled over why the prolific and dangerous REvil ransomware went offline – blog, payment processing, all suddenly went kaput – it’s important not to lose sight of the bigger issues.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Here are the Top Online Scams You Need to Avoid Today

Heimadal Security

We truly want to believe that the Internet is a safe place where you can’t fall for all types of online scams, but it’s always a good reminder to do a “reality check”. We, humans, can become an easy target for malicious actors who want to steal our most valuable personal data.

Scams 91

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Analysis of the FBI’s Anom Phone

Schneier on Security

Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting. Uncategorized backdoors cell phones encryption FBI law enforcement

Microsoft Patch Tuesday, July 2021 Edition

Krebs on Security

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.

DNS 194

More Trending

Welcoming the Israeli Government to Have I Been Pwned

Troy Hunt

Marking the 25th national CERT to have full and free API level access to in HIBP, I'm very happy to welcome CERT-IL in the Israel National Cyber Directorate (INCD) on board.

China Taking Control of Zero-Day Exploits

Schneier on Security

China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make.

The 15 biggest data breaches of the 21st century

CSO Magazine

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life.

Ransomware threat to SonicWall Customers

CyberSecurity Insiders

SonicWall that offers next generation firewalls and various Cybersecurity solutions has announced that its customers using certain products are at a risk of being cyber attacked with ransomware.

Weekly Update 252

Troy Hunt

Next week first: based on popular demand, at 18:00 on our end Friday 23 (that's 09:00 in London and terrible o'clock everywhere in the US), Charlotte is going to join me to talk about her transition from Mac to PC.

IoT 193

Colorado Passes Consumer Privacy Law

Schneier on Security

First California. Then Virginia. Now Colorado. Here’s a good comparison of the three states’ laws. Uncategorized data collection data protection privacy

Five Common Pitfalls in Application Protection

Security Boulevard

As DevOps are gaining more influence on security related decisions, the information security staff has to do more than block attacks. The post Five Common Pitfalls in Application Protection appeared first on Radware Blog.

CISO 113

A Tsunami of Cyber Crimes ejected by Australian Ransomware Payments

CyberSecurity Insiders

As most of the Australian organizations are silently paying ransomware payments to get back access to their encrypted data, it has started a vicious cycle that has led the world to a position where it is facing a tsunami of cyber crimes.

Weekly Update 251

Troy Hunt

Between school holidays and a house full of tradies repairing things, there wasn't a lot a free time this week.

IoT 191

Iranian State-Sponsored Hacking Attempts

Schneier on Security

Interesting attack : Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information.

Threat Modeling in the Age of Automation

Security Boulevard

Cybersecurity threats are rising fast, leading enterprises that build applications to look more closely at security measures built on precautionary principles, including threat modeling, which has become core to ensuring applications can withstand future attacks.

Sports events and online streaming: prepare your cybersecurity

We Live Security

If you'll be watching Sports Streaming events on your SmartTV, laptop, tablet or cell phone, learn the tips to keep you and your personal data safe. The post Sports events and online streaming: prepare your cybersecurity appeared first on WeLiveSecurity. Cybersecurity

Acquisition news trending in the world of Mobile Security and Cloud

CyberSecurity Insiders

Motorola Solutions had made a formal announcement yesterday that it is going to acquire cloud based mobile security firm Openpath Security for an undisclosed amount.

Mobile 111

REvil is Off-Line

Schneier on Security

This is an interesting development : Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday. […].

Ransomware is the New-age Atomic Bomb

Security Boulevard

Ransomware can start cyber warfare! This is why. What if you can’t drive to your office because the traffic lights are red everywhere? You were to travel somewhere but you can’t take a train because the train control systems are not working.

Ransomware attackers are growing bolder and using new extortion methods

Tech Republic Security

IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture's 2021 Cyber Threat Intelligence report

Joe Biden government cyber attacks REvil aka Sodinokibi Ransomware Servers

CyberSecurity Insiders

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at Norbert Wiener in the 21st Century , a virtual conference hosted by The IEEE Society on Social Implications of Technology (SSIT), July 23-25, 2021. I’m speaking at DEFCON 29 , August 5-8, 2021.

Top 5 Physical Security Considerations

Security Boulevard

With the rise of IoT technology across every aspect of business, security convergence is quickly becoming the new norm. In a world where just about everything is connected to the internet and to other devices, old strategies are becoming obsolete.

Vulnerability in Schneider Electric PLCs allows for undetectable remote takeover

Tech Republic Security

Dubbed Modipwn, the vulnerability affects a wide variety of Modicon programmable logic controllers used in manufacturing, utilities, automation and other roles

How can predictive analysis unlock the potential of 5G?

CyberSecurity Insiders

The discussion around the key benefits of 5G is nothing new. Whether it’s the hyper-fast download speeds , low latency or its ability to unlock the full potential of smart technology, we have all come to understand what we can expect from the next generation of mobile connectivity.

Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware

The Hacker News

Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally.

Phishing, Ransomware Driving Wave of Data Breaches

Security Boulevard

Data compromises have increased every month this year except May. If that trend continues, or even if there is only an average of 141 new compromises per month for the next six months, the total will still exceed the previous high of 1,632 breaches set in 2017.

Tokyo 2020 Olympics must be extra secure to avoid cyberattacks and ransomware

Tech Republic Security

Any big event is likely to attract bad actors. Keeping the games safe from attack is a huge undertaking for event planners

Implementing Controls Without Breaking Everything (Including the Bank)

CyberSecurity Insiders

A very common complaint among information security professionals is lack of a budget to implement the best security tools. It may be true that recent newsworthy security events have increased many budgets, yet it never seems like enough. In many ways, this is true.

Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild

The Hacker News

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.

How to Build a Cybersecurity Culture

Security Boulevard

Are you tired of seeing your papier-mâché network defenses torn to shreds? Do you wish you could fake your way through yet another audit, but fear being exposed by a data leak? Are hoodlums in Adidas clothing using your IT infrastructure as their own personal cloud? Well, tough.

REvil gang suddenly goes silent leaving victims unable to recover systems

CSO Magazine

The dark web sites operated by the notorious REvil ransomware group suddenly went offline on Tuesday, prompting speculation that the US or Russian governments stepped in. Meanwhile, victims and the security companies working for them to recover data have been put in a more difficult situation.

CSO 103

Threat Model Thursday: NIST’s Code Verification Standard

Adam Shostack

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. To summarize: new requirements are coming to a project near you, and getting ready now is a good idea. The standard. The standard is a Recommended Minimum Standard for Vendor or Developer Verification of Code.

Irish hospital sued by cancer patient after ransomware attack

Graham Cluley

A cancer patient is taking legal proceedings against Mercy University Hospital in Cork, Ireland. Not because of negligent treatment, but because some of his personal medical files were published on the dark web after the hospital suffered a ransomware attack earlier this year.