Lohrman on Security
OCTOBER 10, 2021
By almost any measure, the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here’s a roundup of the numbers.
Krebs on Security
OCTOBER 13, 2021
A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
OCTOBER 12, 2021
I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday. American Airlines Flight 4817 from Indianapolis — operated by Republic Airways — made an emergency landing at LaGuardia just after 3 p.m., and authorities took a suspicious passen
Troy Hunt
OCTOBER 9, 2021
A lot of cyber things this week: loads of data breach (or "scrape", In LinkedIn's case) incidents, Windows 11 upgrade experiences and then bricking my house courtesy of a Home Assistant update that fundamentally changed the Tuya integration. So pretty much "same, same but different" to every other week 🙂 References I've done another podcast with 1Password ("Crocodile Shower Privacy Settings with Troy Hunt" - yep!
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
OCTOBER 13, 2021
A ransomware kit costs as little as $66, though it needs to be modified, while a spearphishing attack can run as low as $100, says Altas VPN.
Krebs on Security
OCTOBER 14, 2021
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
OCTOBER 15, 2021
I had a bunch of false starts with this one. I don't know if it was just OBS or something else, but we got there after several failed attempts and me resorting to reading Gov Parson's nutty tweets until it all started working. "Nutty" is a bit of a theme this week not just with the Gov, but particularly Thingiverse's extraordinarily poor handling of their data breach.
Tech Republic Security
OCTOBER 11, 2021
Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says.
Krebs on Security
OCTOBER 12, 2021
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.
Schneier on Security
OCTOBER 15, 2021
Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic backdoor, but it’s still a backdoor — and brings with it all the insecurities of a backdoor.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Cisco Security
OCTOBER 15, 2021
While October is designated as Cybersecurity Awareness Month, focusing on keeping your company and customers safe should be a constant priority, especially with the growing number and sophistication of ransomware attacks worldwide. As companies interact more digitally with customers and end-users, their attack surface increases, presenting more opportunities for would-be attackers.
Tech Republic Security
OCTOBER 12, 2021
Though the final price for a cybercriminal's services is usually negotiated, personal attacks are the most expensive, says Comparitech.
Security Boulevard
OCTOBER 14, 2021
In early October 2021, director of the NSA and U.S. Cyber Command General Paul Nakasone spoke at the 2021 Mandiant Cyber Defense Summit. In his speech, Nakasone detailed numerous ongoing influence operations and outlined how the entities he commands are tackling nation-state threats. He noted that the main challenge his organizations face can be summed.
Schneier on Security
OCTOBER 13, 2021
It’s a matter of going after those with deep pockets. From Wired : Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn’t terminate services for websites that infringed on the dressmakers’ copyrighted designs… [Judge] Chhabria noted that the dressmakers have been harmed “by the proliferation of counter
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Cisco Security
OCTOBER 14, 2021
During a ransomware attack, it is critical to detect and respond early and quickly. By decreasing your mean time to detection in identifying the attacker’s behavior, your security team can quickly investigate and respond timely to prevent a ransomware incident. And, if you can interrupt the attacker’s tools, tactics, or techniques early in the process that will force most attackers to abandon the campaign as they cannot progress further along in the “kill chain”.
Tech Republic Security
OCTOBER 15, 2021
This week the White House held a summit with various nations to address the threat of ransomware. Learn some of the takeaways and why certain nations were excluded.
The Hacker News
OCTOBER 15, 2021
The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
Schneier on Security
OCTOBER 14, 2021
This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Cisco Security
OCTOBER 15, 2021
In case you’re not a sports fan, a hat-trick is a term for three goals by a player in one game. Interestingly, the phrase comes from cricket, and was first used when a bowler took three wickets from three consecutive balls. The team would present a bowler with a hat to celebrate the achievement. Along similar lines, Cisco Secure Firewall celebrates three scores in 2021: Cisco was the only vendor recognized by Frost & Sullivan with the Best Practices Market Leadership Award for excellence in
Tech Republic Security
OCTOBER 14, 2021
The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it's dangerous.
We Live Security
OCTOBER 14, 2021
There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe? The post Employee offboarding: Why companies must close a crucial gap in their security strategy appeared first on WeLiveSecurity.
Schneier on Security
OCTOBER 14, 2021
New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek website [link] taunts users with GAN generated images that seem too real to believe. On the other hand, GANs do leak information about their training data, as evidenced by membership attacks recently demonstrated in the literature.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Cisco Security
OCTOBER 13, 2021
Breaking out of silos. Security teams face an expanding threat landscape and an environment that is rife with complexity—making security efficacy increasingly elusive. The theory behind simplification is simple in theory but can often be difficult to achieve. Security teams need to be able to turn weak signals into reliable alerts and act on them with confidence.
Tech Republic Security
OCTOBER 12, 2021
With more workers at home than ever before, security has become an even bigger concern. Tom Merritt shows us how to be extra safe.
Appknox
OCTOBER 13, 2021
SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime.
SecureList
OCTOBER 12, 2021
Executive Summary. In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309 , but closer analysis revealed that it was a zero-day.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Cisco Security
OCTOBER 13, 2021
The security industry brings together people from all backgrounds and experiences. And my path to security is no different. What seems “way back when” in 1994, when the Internet was the next big thing in technology, I was part of the team that set up the national Internet backbone in India. At a time when it was relatively unfamiliar to the masses—just shy of a mere thirty years ago— the internet was also an intriguing concept for the country’s leaders who were present at its unveiling.
Tech Republic Security
OCTOBER 13, 2021
More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.
Bleeping Computer
OCTOBER 12, 2021
A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. [.].
We Live Security
OCTOBER 12, 2021
The attack, which clocked in at 2.4 Tbps, targeted one of Azure customers based in Europe. The post Microsoft thwarts record‑breaking DDoS attack appeared first on WeLiveSecurity.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
363 
Let's personalize your content