WIRED Threat Level

JULY 29, 2021

The latest weapons in the global information war are fake vessels behaving badly.

106

106

CyberSecurity Insiders

JULY 26, 2021

United States is interested in seeking an international strategy to tackle AI based cyber attacks that are leading to hybrid warfare. However, Antony Blinken, the State Secretary said that it is not an easy task to deal and warned Russia to mend its ways when it comes to cyber warfare that is being backed by artificial intelligence. Mr. Blinken’s remarks came amid raising concerns about ransomware attacks on critical infrastructure such as the recent Colonial Pipeline Cyber Attack and JBS Meat A

Cyber Attacks 141

Cyber Attacks Artificial Intelligence Government Ransomware 141

SiteLock

JULY 27, 2021

One of the most dangerous concerns one could find is malware on a server. Malware can appear on websites produced through any CMS including WordPress. A malware developer can create a code that targets a specific website, or an entire CMS. It can ruin how a site works, and it can be quite difficult to […]. The post The Damaging Effects of Malware On a Server appeared first on The SiteLock Blog.

Malware 98

Malware 98

CSO Magazine

JULY 27, 2021

There’s no shortage of definitions of zero trust floating around. You’ll hear terms such as principles, pillars, fundamentals, and tenets. While there is no single definition of zero trust, it helps to have a shared understanding of a concept. For that reason, the National Institute of Standards and Technology (NIST) published NIST SP 800-207 Zero Trust Architecture , which describes the following seven tenets of zero trust.

Architecture 144

Architecture Technology 144

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

JULY 30, 2021

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user’s credentials give attackers unfettered access to all of the user’s photos.

Encryption 363

Encryption Architecture Mobile 363

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

Passwords 363

Passwords Password Management Phishing Scams 363

Tech Republic Security

JULY 27, 2021

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller.

Authentication 218

Authentication 218

Schneier on Security

JULY 30, 2021

The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporate or personal home if that’s the only option available.

Education 363

Education 363

The Last Watchdog

JULY 30, 2021

Company-supplied virtual private networks (VPNs) leave much to be desired, from a security standpoint. Related: How ‘SASE’ is disrupting cloud security. This has long been the case. Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps.

VPN 214

VPN Firewall Encryption Accountability 214

Cisco Security

JULY 29, 2021

Every organization regardless of size, budget or area of focus should have some form of a security operation center (SOC). When I use the term “Security Operations Center”, many people imagine a dedicated team with expensive tools and a room full of monitors. That image can be a SOC, but it is not always the case. A SOC can just be one person or multiple groups of people spread across the globe.

Small Business 145

Small Business Risk Technology IoT 145

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

JULY 30, 2021

It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security.

Cybercrime 217

Cybercrime 217

Schneier on Security

JULY 28, 2021

This is important : Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work, vacation home, family members’ addresses, and more. […].

Mobile 363

Mobile Advertising Data collection Surveillance 363

The Last Watchdog

JULY 29, 2021

Modern civilization revolves around inextricably intertwined relationships. This is why our financial markets rise and fall in lock step; why climate change is accelerating; and why a novel virus can so swiftly and pervasively encircle the planet. Related: What it will take to truly secure data lakes. Complex relationships also come into play when it comes to operating modern business networks.

Risk 214

Risk Cloud Migration Digital transformation Software 214

Security Affairs

JULY 29, 2021

A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

Encryption 145

Encryption Ransomware Malware Hacking 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

JULY 26, 2021

If you want people to trust the photos and videos your business puts out, it might be time to start learning how to prove they haven't been tampered with.

Authentication 217

Authentication 217

Schneier on Security

JULY 27, 2021

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models” Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and have a good generalization ability.

Malware 363

Malware Artificial Intelligence Antivirus Engineering 363

The Last Watchdog

JULY 27, 2021

The ethical hackers at WizCase recently disclosed another stunning example of sensitive consumer data left out in the open in the public cloud — for one and all to access. Related: How stolen data gets leveraged in full-stack attacks. This latest high-profile example of security sloppiness was uncovered by a team of white hat hackers led by Ata Hakçil.

Government 203

Government Encryption Passwords Internet 203

Malwarebytes

JULY 29, 2021

This blog post was authored by Hossein Jazi. On July 21, 2021, we identified a suspicious document named “????????.docx” (“Manifest.docx”) that downloads and executes two templates: one is macro-enabled and the other is an html object that contains an Internet Explorer exploit. While both techniques rely on template injection to drop a full-featured Remote Access Trojan, the IE exploit (CVE-2021-26411) previously used by the Lazarus APT is an unusual discovery.

Architecture 145

Architecture Social Engineering Cyber Attacks Engineering 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JULY 30, 2021

Move up in the profitable field of cybersecurity by improving your ethical hacking skills.

Hacking 216

Hacking Cybersecurity 216

Schneier on Security

JULY 29, 2021

A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched. The teen was not allowed to reboard. I can’t find any information about whether he was charged with any of those vague “terrorist threat” crimes.

355

355

Cisco Security

JULY 28, 2021

It’s a Monday morning and you’re opening up your laptop to start another week of work. Your weekly team meeting pops up on your calendar and you sigh as you set down your cup of coffee to join the conference call. The usual chatter of “How was your weekend?” naturally transitions into the hottest topic at work – “Are you going back to the office?”. The question of “what’s next?

Cybersecurity 145

Cybersecurity DNS VPN Phishing 145

Zero Day

JULY 28, 2021

IBM research estimates that the average data breach now costs upward of $4 million.

Data breaches 145

Data breaches 145

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

JULY 28, 2021

The average cost of a data breach among companies surveyed for IBM Security reached $4.24 million per incident, the highest in 17 years.

Data breaches 216

Data breaches 216

CSO Magazine

JULY 29, 2021

Cyberattacks are so sophisticated these days that even with the best education and training, employees inadvertently click links or download documents that look all too real. Furthermore, systems are often configured to allow downloads or macros that contain malicious files because employees use these applications and documents to do their everyday work, from wherever they may be working.

Education 145

Education Ransomware 145

Cisco Security

JULY 27, 2021

SecureX is Cisco’s free, acronym-defying security platform. (“Is it XDR? Is it SOAR? Does it solve the same problems as a SIEM? As a TIP?” “Yes.”) From the very beginning, one of the pillars of SecureX was the ability to consume and operationalize your local security context alongside global threat intelligence. And to that end, SecureX includes, by default, a few very respectable threat intelligence providers: The Cisco Secure Endpoint File Reputation database (formerly AMP FileDB) composed of

Cybercrime 145

Cybercrime Malware 145

Security Affairs

JULY 30, 2021

Researcher published an exploit code for a high-severity privilege escalation flaw (CVE-2021-3490) in Linux kernel eBPF on Ubuntu machines. The security researcher Manfred Paul of the RedRocket CTF team released the exploit code for a high-severity privilege escalation bug, tracked as CVE-2021-3490, in Linux kernel eBPF (Extended Berkeley Packet Filter).

Hacking 145

Hacking Technology Information Security Cybersecurity 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JULY 29, 2021

DEF CON 29 sold out of virtual passes, so tuning in on Twitch and Discord are the best options for attending online this year.

213

213

Security Boulevard

JULY 26, 2021

With all of the focus on ransomware attacks, it’s easy to forget about the damage done by email phishing. Yet, new research from Vade shows that phishing has seen a meteoric rise in the first half of 2021, including a 281% increase in May and a 284% increase in June. And what they want is. The post Phishing Used to Get PII, not Just Ransomware appeared first on Security Boulevard.

Phishing 145

Phishing Ransomware Social Engineering Engineering 145

Zero Day

JULY 27, 2021

They are focused on exploiting pain points in code analysis and reverse-engineering.

Malware 145

Malware Engineering 145

Cisco Security

JULY 26, 2021

With cloud comes complexity. As organizations accelerate their transition to hybrid cloud, multicloud, and other dynamic environments, static security controls are no longer adequate. The shift of applications and the associated security controls within dynamic cloud environments create challenges for firewall teams to keep up with security requirements.

Firewall 145

Firewall Architecture Network Security 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!