Sat.Nov 20, 2021 - Fri.Nov 26, 2021

“Crypto” Means “Cryptography,” not “Cryptocurrency”

Schneier on Security

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” ” I’m not the only one

Holiday Travel Surge Brings Back Vaccine Passports — Or Not

Lohrman on Security

As global travel returns, airline rules, checks and tests are hard to track. But get ready for more as travel returns for the holidays and 2022. Here’s the latest

199
199
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Arrest in ‘Ransom Your Employer’ Email Scheme

Krebs on Security

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company.

Scams 186

5 Tips to be an awesome CISO

Javvad Malik

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you.

CISO 173

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Proposed UK Law Bans Default Passwords

Schneier on Security

Following California’s lead, a new UK law would ban default passwords in IoT devices

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

More Trending

How Threat Actors Get Into OT Systems

Dark Reading

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems

Apple Sues NSO Group

Schneier on Security

Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware.

How to avoid Video Conferencing Security Risks

CyberSecurity Insiders

As most of the jobs are turning remote these days, videoconferencing has become a critical component of Work From Home (WFH) scenarios, while conducting day-to-day operations.

Risk 114

9 tips for an effective ransomware negotiation

CSO Magazine

Cybersecurity and threat analysts from Fox-IT (part of NCC Group) have shone a light on the mechanics of ransomware negotiations to help organizations improve the outcome of an attack.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

When Will Security Frameworks Catch Up With the New Cybersecurity Normal?

Dark Reading

Standards need to reflect that most endpoints will be remote and/or wireless

Underinvestment in Multi-Cloud Security a Pressing Concern

Security Boulevard

Although the vast majority of businesses are making multi-cloud a strategic priority in 2022 and keeping security top-of-mind, many feel they lack the tools and skills needed to execute on these plans.

Cyber Attack on Bureau Veritas

CyberSecurity Insiders

The digital operations of the multinational company Bureau Veritas(BV) was brought to a halt when hackers launched a cyber attack on the IT infrastructure of the company that offers lab testing, inspection and certification services.

NCSC warns industry, academia of foreign threats to their intellectual property

CSO Magazine

CISOs of companies both small and large understand how intellectual property (IP) and company infrastructure may be targeted from one of four vectors: malevolent insiders, unscrupulous competitors, criminals, or nation states.

Holiday Scams Drive SMS Phishing Attacks

Dark Reading

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well

Scams 114

Attackers compromise Microsoft Exchange servers to hijack internal email chains

Security Affairs

A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails.

Samsung offers Mobile Security protection as below

CyberSecurity Insiders

Samsung released a summary of how it protects its smart phones from cyber attacks and the content is as follows-.

Mobile 113

What CISOs can learn from the US Navy insider who stole nuclear secrets

CSO Magazine

The legal entanglement of the entrepreneurial U.S. Navy engineer, Jonathan Toebbe, who hoped to parley sensitive nuclear submarine secrets into a cool $5 million is now in hiatus as he sits in a West Virginia jail cell awaiting his December trial.

CISO 113

How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity

Dark Reading

The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place

The McDonald’s Ice Cream Machine Hacking Saga Has a New Twist

WIRED Threat Level

The cold war between a startup and a soft-serve machine manufacturer is heating up, thanks to a newly released trove of internal emails. Security Security / Security News

Britain introduces IOT Device Security Legislation

CyberSecurity Insiders

A new legislation was introduced in the Britain’s parliament last week aiming to better protect IoT devices from sophisticated hackers.

IoT 113

Study: Storage systems are weakest link in IT infrastructure security

CSO Magazine

Storage systems have a significantly weaker security posture than the other two layers of IT infrastructure — compute and network equipment — according to a report from cybersecurity company Continuity Software.

Is it OK to Take Your CEO Offline to Protect the Network?

Dark Reading

Are you asking the right questions when developing your incident response playbook? What security tasks are you willing to automate

114
114

Experts found 11 malicious Python packages in the PyPI repository

Security Affairs

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks.

DNS 113

If you're serious about privacy, it's time to use DuckDuckGo as your default Android browser

Tech Republic Security

Third-party app trackers have become a real problem on Android, and DuckDuckGo is doing something about it. Find out why Jack Wallen believes this is the browser you need to use

161
161

Compromised cloud accounts leading to Cryptocurrency mining

CyberSecurity Insiders

Google, the business subsidiary of tech giant Alphabet Inc, has released a report saying that the compromised cloud accounts were leading hackers to mine cryptocurrency that could prove as a double threat to customers.

10 Stocking Stuffers for Security Geeks

Dark Reading

Check out our list of gifts with a big impact for hackers and other techie security professionals

112
112

9 cloud and on-premises email security suites compared

CSO Magazine

Email remains the soft underbelly of enterprise security because it is the most tempting target for hackers. They just need one victim to succumb to a phishing lure to enter your network.

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection.

Effective software security activities for managing supply chain risks

Security Boulevard

BSIMM12 reports increased attention on software security due to recent supply chain disruptions. Get recommendations for managing supply chain risks. The post Effective software security activities for managing supply chain risks appeared first on Software Integrity Blog.

Immense ransomware cyber threat during Thanksgiving and Black Friday weekends

CyberSecurity Insiders

As most of the IT employees have either applied or planning to take a long leave for this weekend.

NIST workshop provides clues to upcoming software supply chain security guidelines

CSO Magazine

President Biden’s wide-ranging cybersecurity executive order (EO) issued in May aims to improve software security through a series of guidelines.

New Memento ransomware uses password-protected WinRAR archives to block access to the files

Security Affairs

Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious approach to block access to victims’ files.

Bug Bounties Surge as Firms Compete for Talent

Dark Reading

Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers

110
110

AI to help Saudi Arabia build an eight sided Oxagon Sea Ports

CyberSecurity Insiders

We have seen multiple instances when the technology of Artificial Intelligence (AI) helped humans built robots to serve in healthcare, hospitality, manufacturing and defense sector.