Schneier on Security
SEPTEMBER 11, 2020
Harvard Kennedy School’s Belfer Center published the “ National Cyber Power Index 2020: Methodology and Analytical Considerations.” The rankings: US China UK Russia Netherlands France Germany Canada Japan Australia. We could — and should — argue about the criteria and the methodology, but it’s good that someone is starting this conversation.
Krebs on Security
SEPTEMBER 8, 2020
Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web br
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
SEPTEMBER 11, 2020
The highlight of my week was absolutely getting the Shelly 1 units behind a couple of my light switches working as I'd always dreamed. It just opens up so many automation possibilities that I'm really excited about what I might do in the future with them now. When I get the place to a standard I'm happy with, I'll definitely do a good walkthrough and show how it all works.
Tech Republic Security
SEPTEMBER 10, 2020
Sophisticated hackers and crooks are developing more tools to target Linux-based systems used by government and big business.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
SEPTEMBER 5, 2020
I'm switching my website software from Movable Type to Wordpress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. (This is to prevent any new comments from disappearing in the move.). This is not a site redesign, so you shouldn't notice many differences.
Adam Levin
SEPTEMBER 8, 2020
The city of Hartford, Connecticut’s capital, was hit by a ransomware attack that disrupted many of its critical systems and caused the city’s first day of school to be postponed. “We are often the subject of cyberattacks,” said Hartford mayor Luke Bronin. This was, however, the most extensive and significant attack that the city has been subject to in the last five years.” .
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
SEPTEMBER 8, 2020
Small and midsized businesses cited budget constraints as their biggest security obstacle, according to Untangle.
Schneier on Security
SEPTEMBER 8, 2020
Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: We're in the process of moving this blog to Wordpress. Comments will be disabled until the move it complete. The management thanks you for your cooperation and support.
WIRED Threat Level
SEPTEMBER 7, 2020
The argument hinges in part on psychiatrists' testimony that Assange is a high suicide risk.
Security Affairs
SEPTEMBER 5, 2020
FBI issued a second flash alert about ProLock ransomware stealing data, four months after the first advisory published by the feds on the same threat. The FBI has issued the 20200901-001 Private Industry Notification about ProLock ransomware stealing data on September 1st. The fresh alert is the second one related to this threat, the first one (MI-000125-MW Flash Alert) was published on May 4th, 2020.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
SEPTEMBER 9, 2020
TechRepublic writer Erik Eckel gives tips on how to make sure your data is safe if you're working from home.
Schneier on Security
SEPTEMBER 10, 2020
Ross Anderson’s fantastic textbook, Security Engineering , will have a third edition. The book won’t be published until December, but Ross has been making drafts of the chapters available online as he finishes them. Now that the book is completed, I expect the publisher to make him take the drafts off the Internet. I personally find both the electronic and paper versions to be incredibly useful.
Adam Levin
SEPTEMBER 7, 2020
With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. Find out more on the latest episode of Third Certainty with Adam Levin. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.
Security Affairs
SEPTEMBER 10, 2020
ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
SEPTEMBER 10, 2020
Demands are sharply higher, and the complexity and costs of addressing an attack are increasing, according to cyber insurance provider Coalition.
Adam Shostack
SEPTEMBER 10, 2020
There’s been a lot of talk over the last week about “updating threat models” in light of the Tesla insider story. ( For example.) I’m getting this question a fair bit, and so wanted to talk about insiders in particular, and how to use the news in threat modeling more generally. This also is a great opportunity to think about incentives.
Threatpost
SEPTEMBER 10, 2020
A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.
Security Affairs
SEPTEMBER 5, 2020
Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are displayed on top of legitimate webpages to trick victims into providing their credentials. “Message quarantine phish are back, this time with a
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
SEPTEMBER 11, 2020
If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.
WIRED Threat Level
SEPTEMBER 5, 2020
Plus: Predictive policing taken even farther, Amazon surveillance of private Facebook groups, and more of the week’s top security news.
Threatpost
SEPTEMBER 10, 2020
Cyberattacks have caused several school systems to delay students' first day back - and experts warn that new COVID-related delays could be the new "snow days.".
Security Affairs
SEPTEMBER 6, 2020
Argentina’s official immigration agency, Dirección Nacional de Migraciones, is the last victim of the Netwalker ransomware operators. Argentina’s official immigration agency, Dirección Nacional de Migraciones, was hit by a Netwalker ransomware attack that caused the interruption of the border crossing into and out of the country for four hours.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
SEPTEMBER 7, 2020
Almost anything with an internet connection can be hijacked and used in a malicious botnet attack--IoT devices are especially popular targets. Learn how to spot and prevent this malware threat.
WIRED Threat Level
SEPTEMBER 11, 2020
Google Maps is arguably the easiest mapping service to use, but that doesn't mean it's the most secure.
Threatpost
SEPTEMBER 7, 2020
As IT systems, IoT and operational technology converge, attacks on cyber-physical systems in industrial, healthcare and other scenarios will come with dire consequences, Gartner predicts.
Security Affairs
SEPTEMBER 9, 2020
K-Electric, the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services. K-Electric, the electricity provider for Karachi (Pakistan) is another victim of the Netwalker ransomware gang, the infection disrupted billing and online services. K-Electric (KE) (formerly known as Karachi Electric Supply Company / Karachi Electric Supply Corporation Limited) is a Pakistani investor-owned utility managing all three key stage
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
SEPTEMBER 7, 2020
From January 2021, Flash will be disabled by default in IE 11 and Microsoft Edge browser.
WIRED Threat Level
SEPTEMBER 10, 2020
Five out of six brands tested by researchers would have allowed hackers to track kids—and in some cases eavesdrop on them.
Threatpost
SEPTEMBER 11, 2020
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Security Affairs
SEPTEMBER 8, 2020
UK research university Newcastle University suffered a DoppelPaymer ransomware attack and took its systems offline in response to the attack. UK research university Newcastle University was infected with the DoppelPaymer ransomware, in response to the incident it was forced to take systems offline on the morning of August 30th. The Newcastle University did not provide info about the family of ransomware behind the attack, but the DoppelPaymer ransomware operators are claiming to be responsible.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
363 
Let's personalize your content