Krebs on Security
JANUARY 11, 2021
Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.
Schneier on Security
JANUARY 14, 2021
Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location. […].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JANUARY 9, 2021
And we're finally home. After 8,441km of driving finished off by a comfy flight home whilst the car catches a ride on a carrier, we're done. I talk about why we didn't finish the drive in the latter part of this week's video (basically boiled down to border uncertainties due to COVID outbreaks), but we still did all the big things we'd hoped for on this holiday.
Tech Republic Security
JANUARY 11, 2021
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
JANUARY 12, 2021
New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software p
Schneier on Security
JANUARY 11, 2021
If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes: User phone numbers.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JANUARY 15, 2021
Review your recent Gmail access, browser sign-in history, and Google account activity to make sure no one other than you has used your account.
Krebs on Security
JANUARY 13, 2021
Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.
Schneier on Security
JANUARY 13, 2021
Smart commentary : …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had the ones that look like bike racks that can hook together to try to keep the crowds away from sensitive areas and, later, push back people intent on accessing the grounds.
Adam Levin
JANUARY 13, 2021
The data breach of the Reserve Bank of New Zealand has been attributed to the compromise of a third party file sharing service. “A third party file sharing service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information, was illegally accessed,” the bank announced in a January 11 press release.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JANUARY 13, 2021
Risk management is more than recovery from a cyberattack. Learn how risk management can help your company discover gaps in security, as well as how to handle the fallout from a cybersecurity event.
Joseph Steinberg
JANUARY 12, 2021
In the context of cybersecurity, threat intelligence refers to information about hostile actors and/or the threats that they pose; cyber-defenders who arm themselves with such information can often dramatically improve their chances of preventing a breach. Of course, the concept of knowing your enemy is not knew – Sun Tzu speaks about its importance in The Art of War , written almost 2,500 years ago.
Schneier on Security
JANUARY 14, 2021
This is a current list of where and when I am scheduled to speak: I’m speaking (online) as part of Western Washington University’s Internet Studies Lecture Series on January 20, 2021. I’m speaking at ITY Denmark on February 2, 2021. Details to come. I’m being interviewed by Keith Cronin as part of The Center for Innovation, Security, and New Technology’s CSINT Conversations series, February 10, 2021 from 11:00 AM – 11:30 AM CST.
Adam Shostack
JANUARY 15, 2021
Rupin Gupta runs Digital Guru books. He’s one of the nicest people you’ll ever meet, a real joy to work with, and he works hard to put books on shelves so that you can discover them. With the conference business changing, Digital Guru needs some help. Borrowing some words from my editor Jim Minatel: “If you’ve ever bought a book at a technical conference bookstore – RSA, dozens of Microsoft events, and so on – chances are you’ve bought it from the Digita
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JANUARY 12, 2021
Whether you're trying to break into the role or you're already a cloud engineer, these programming languages are a must for maintaining an edge over the competition.
CSO Magazine
JANUARY 15, 2021
Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. This comes after an active 2018. Uber’s poor handling of its 2016 breach cost it close to $150 million.
Schneier on Security
JANUARY 15, 2021
For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. Note that I have had occasional problems with international shipping. The book just disappears somewhere in the process. At this price, international orders are at the buyer’s risk. Also, the USPS keeps reminding us that shipping — both US and international — may be delayed during the pandemic.
Adam Shostack
JANUARY 10, 2021
There’s a humble bundle out that includes my Threat Modeling: Designing for Security, The Shellcoders Handbook, Practical Reverse Engineering, The Art of Intrusion, Social Engineering, Crypto Engineering, a nearly complete set of Bruce Schneier, and more! And your donations benefit EFF! The deal is good through Monday morning at 11 Pacific. [link].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
JANUARY 14, 2021
Such attacks often occur when employees work remotely and use a mixture of personal and business devices to access cloud services.
Security Affairs
JANUARY 10, 2021
Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.
Quick Heal Antivirus
JANUARY 15, 2021
On January 8th, 2021, internet users woke up to an update to popular messaging service WhatsApp’s privacy policy. The post What does WhatsApp’s new privacy policy mean for you? appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Threatpost
JANUARY 13, 2021
Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
JANUARY 15, 2021
Virtual workforces face escalated threats due to their remote access from various networks. Learn how security information and event management tools can help in the battle.
Security Affairs
JANUARY 9, 2021
Dassault Falcon Jet has disclosed a data breach that exposed personal information belonging to current and former employees. In December Dassault, Dassault Falcon Jet (DFJ) was the victim of a cyber attack that may have exposed personal information belonging to current and former employees. The data security incident also exposed information belonging to employees’ spouses and dependents, states the notice of data breach sent by the US subsidiary of French aerospace company Dassault Aviati
We Live Security
JANUARY 11, 2021
Fraudsters are quick to exploit current events for their own gain, but many schemes do the rounds regardless of what’s making the news. Here are 5 common scams you should look out for. The post 5 common scams and how to avoid them appeared first on WeLiveSecurity.
CompTIA on Cybersecurity
JANUARY 12, 2021
Shoering Up Security, CompTIA’s cyber-focused YouTube series, sheds light on the latest cyber threats and trends, including how we could all do more of to protect customers. Read show host MJ Shoer’s highlights and takeaways from each episode.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
JANUARY 15, 2021
Find out what your company could risk by not getting cybersecurity audits.
Security Affairs
JANUARY 14, 2021
A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716 , that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Manager is a secure, flexible, high-performance access management proxy solution that delivers unified global access control for your users, devic
CSO Magazine
JANUARY 15, 2021
Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.
WIRED Threat Level
JANUARY 15, 2021
A sprawling tactical industry is teaching American civilians how to fight like Special Ops forces. By preparing for violence at home, are they calling it into being?
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
332 
Let's personalize your content