Sat.Sep 25, 2021 - Fri.Oct 01, 2021

Check What Information Your Browser Leaks

Schneier on Security

These two sites tell you what sorts of information you’re leaking from your browser. Uncategorized browsers leaks

242
242

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Krebs on Security

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Case Study: Cyber and Physical Security Convergence

Lohrman on Security

Marc Sokol shares a powerful case study on the benefits of cybersecurity convergence with physical security, an example of measuring risk reduction and other benefits to global enterprises

Risk 194

Weekly Update 262

Troy Hunt

5 years of weekly updates, wow. It's not like anything of much significance has happened in that time, right?! I've done these videos every single week without fail, through high and lows and no matter where I was in the world.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

A Death Due to Ransomware

Schneier on Security

The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing.

The Rise of One-Time Password Interception Bots

Krebs on Security

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

More Trending

Why organizations are slow to patch even high-profile vulnerabilities

Tech Republic Security

Not all organizations have a team or even staffers who can focus solely on vulnerability management, says Trustwave

163
163

Tracking Stolen Cryptocurrencies

Schneier on Security

Good article about the current state of cryptocurrency forensics. Uncategorized blockchain cryptocurrency forensics theft tracking

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

The U.S.

What is advanced persistent threat? Explaining APT security

CyberSecurity Insiders

This article was written by an independent guest author. As the threat landscape evolves faster than we can keep up with, organizations must be aware of the type of threats they may face.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

GUEST ESSAY: A breakdown of Google’s revisions to streamline its ‘reCAPTCHA’ bot filter

The Last Watchdog

Most of us internet users are obviously familiar with CAPTCHAs: a challenge or test that is designed to filter out bots (automated programs) and only allow legitimate human users in. Related: How bots fuel ‘business logic’ hacking. The basic principle behind CAPTCHA is fairly simple: the test must be as difficult as possible (if not impossible) to solve by these bots, but at the same time it must be easy enough for human users not to hurt user experience.

Hardening Your VPN

Schneier on Security

The NSA and CISA have released a document on how to harden your VPN. Uncategorized advanced persistent threats NSA VPN

VPN 208

Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots

CSO Magazine

Two-factor authentication (2FA) has been widely adopted by online services over the past several years and turning it on is probably the best thing users can do for their online account security.

Introduction to SAST

CyberSecurity Insiders

This blog was written by an independent guest blogger. DevSecOps means countering threats at all stages of creating a software product. The DevSecOps process is impossible without securing the source code. In this article, I would like to talk about Static Application Security Testing (SAST).

Risk Management Programs for the Post-COVID Environment

Security Boulevard

After a year spent managing increased business risks—including security, IT resiliency and cybersecurity concerns—business leaders need to adjust their mindset when it pertains to risk management and avoid the more traditional approach to crisis management and business continuity planning.

Risk 109

It's Time to Rethink Identity and Authentication

Dark Reading

The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication

4 lessons from recent Microsoft Azure cloud vulnerabilities

CSO Magazine

We are often told that the cloud is more secure than on-premises solutions. But is it really? Both are subject to similar risks and vulnerabilities, and the cloud can sometimes be more complicated than on-premises because of our unfamiliarity with deployment and patching.

CSO 109

Exploring the Relationship between Company Culture and Insider Threats

CyberSecurity Insiders

By: Steve Salinas, director of solutions marketing, Exabeam. Security teams are trained to take decisive action when an attacker is detected. Using specialized tools, technologies and processes, their biggest responsibility is to mitigate the impact of a breach.

US Gov’t Again Threatens to Prosecute Those Who Pay Ransom

Security Boulevard

On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) once again threatened sanctions against companies for paying ransom in the event that their data or systems were hijacked by hackers.

Risk 107

Compromising a government network is so simple, an out-of-the-box, dark web RAT can do it

Tech Republic Security

Commercially-available malware, with minimal modification, is behind attacks against the Indian government, says Cisco's Talos security research group

MITRE ATT&CK, VERIS frameworks integrate for better incident insights

CSO Magazine

Incident responders work much like police detectives or journalists, in search of the who, what, when, why and how of incidents before they can take steps to address problems.

CSO 108

QUAD group led by US pressed against China for Cyber Attacks

CyberSecurity Insiders

All these days we have seen western companies and governments blaming China for launching sophisticated cyber attacks that crippled the critical infrastructure such as supply from oil companies and meat distribution.

You're Going to Be the Victim of a Ransomware Attack

Dark Reading

That's not admitting defeat. It's preparing for success

Expert discloses new iPhone lock screen vulnerability in iOS 15

Security Affairs

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8)

Mobile 105

Consumers are done with passwords, ready for more innovative authentication

CSO Magazine

CISOs looking to beef up their customer-facing authentication procedures to thwart cyberattacks need to walk a fine line. You want the method to provide tight security without being too complicated, confusing, or onerous for end users.

All Cyber Attacks in US should be reported within 72 hours

CyberSecurity Insiders

United States Senate has passed on a new resolution if/when approved will make it mandatory for owners of critical infrastructures to report cyber attacks within a time frame of 72 hours.

Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation

Dark Reading

FinFisher (aka FinSpy) surveillance software now goes to extreme lengths to duck analysis and discovery, researchers found in a months-long investigation

Optimizing Cybersecurity Apps in the Remote Working Era

Security Boulevard

Wondering how to improve cybersecurity apps in the new reality of remote work? Discover several strategies to integrate with the goal to prevent cyber threats!

BrandPost: Opportunities for Women in Cybersecurity

CSO Magazine

Even though jobs in cybersecurity pay well, far fewer women go into the field than men. According to the 2020 (ISC)² Cybersecurity Workforce Study , gender disparities persist around the globe.

iPhone Vulnerability allows hackers to fraudulently make contactless payments

CyberSecurity Insiders

Cybersecurity researchers have found vulnerability on iPhone’s Apple Pay and Visa payments feature that allows hackers to make fraudulent contactless payments without the knowledge of the owner.

Telegram is becoming the paradise of cyber criminals

Security Affairs

Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools.

DDOS 102

How to Mitigate the Top 4 Ransomware Vectors

Security Boulevard

The ransomware economy is booming. Ransomware gangs are so successful that if cybercriminals were companies, some would be considered “unicorns.” Organized crime syndicates have taken over this highly lucrative extortion racket and are now running the ransomware economy at an industrial scale.

APT29 targets Active Directory Federation Services with stealthy backdoor

CSO Magazine

Security researchers have recently seen a notorious cyberespionage group with ties to the Russian government deploy a new backdoor that's designed to hook into Active Directory Federation Services (AD FS) and steal configuration databases and security token certificates. [

CSO 102

Considerations when choosing an XDR solution

CyberSecurity Insiders

Introduction. Cybersecurity is a fast-moving space. In fact, it’s hard to think of a time that security has been moving more quickly.

DNS 109

GSS, one of the major European call center providers, suffered a ransomware attack

Security Affairs

The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers.