Schneier on Security
FEBRUARY 4, 2021
At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks : Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S.
Krebs on Security
FEBRUARY 1, 2021
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “ SMS Bandits ,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
FEBRUARY 4, 2021
For about the last decade, a huge proportion of my interactions with people has been remote and across different cultures and time zones. Initially this was in my previous life at Pfizer due to the regional nature of my role and over the last six years, it's been as an independent either talking to people remotely or travelling to different places. Since I began dropping content into this post, pretty much everyone now finds themselves in the same position - conducting most of their meetings onl
Tech Republic Security
FEBRUARY 1, 2021
Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
FEBRUARY 3, 2021
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.
Krebs on Security
FEBRUARY 4, 2021
Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
FEBRUARY 1, 2021
Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked (enough to change the outcome). Then this would have been detected in the audit, and (in principle) Georgia would have been able to recover by doing a full recount.
Tech Republic Security
FEBRUARY 3, 2021
Enterprise security software is essential to protecting company data, personnel, and customers. Learn about some of the popular options available for your organization.
Bleeping Computer
FEBRUARY 3, 2021
Recently discovered Linux SUDO privilege escalation vulnerability, CVE-2021-3156 (aka Baron Samedit) also impacts the latest Apple macOS Big Sur with no patch available yet. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
FEBRUARY 5, 2021
Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner.
Hot for Security
FEBRUARY 5, 2021
A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data. Read more in my article on the Hot for Security blog.
Tech Republic Security
FEBRUARY 5, 2021
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
The Hacker News
FEBRUARY 4, 2021
Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
FEBRUARY 4, 2021
The past year has put digital identity challenges, security and passwords under scrutiny. This report explains why passwordless is the future. Passwords are deeply ingrainetd in all aspects of our digital reality. A year ago, NordPass estimated that the average person had 70 to 80 passwords. And yet, password compromises and shared secrets remain the.
Bleeping Computer
FEBRUARY 3, 2021
Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. [.].
Tech Republic Security
FEBRUARY 1, 2021
Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.
We Live Security
FEBRUARY 2, 2021
ESET researchers publish a white paper about unique multiplatform malware they’ve named Kobalos. The post Kobalos – A complex Linux threat to high performance computing infrastructure appeared first on WeLiveSecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
FEBRUARY 5, 2021
The SolarWinds Cyber Attack seems to be like a never-ending saga as daily a new revelation is being made by US Department of Homeland Security. Now, the latest find is that the hacking group suspected to be from Russia is reported to be only interested in Microsoft Corporation products and services. Brandon Wales, the director of DHS Cybersecurity and Infrastructure Security Agency, has confirmed the news and stated that the hacking operation was massive and could have been launched with a long-
Bleeping Computer
FEBRUARY 2, 2021
The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. [.].
Tech Republic Security
FEBRUARY 4, 2021
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.
Security Boulevard
FEBRUARY 1, 2021
Predicting a global pandemic that reshaped how we interact with each other and our devices at a fundamental level […]. The post 3 Cybersecurity Resolutions to Survive 2021 appeared first on NuData Security. The post 3 Cybersecurity Resolutions to Survive 2021 appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
FEBRUARY 3, 2021
The US Federal Trade Commission received 1.4 million reports of identity theft last year, double the number from 2019. The post Identity theft spikes amid pandemic appeared first on WeLiveSecurity.
Bleeping Computer
FEBRUARY 5, 2021
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. [.].
Tech Republic Security
FEBRUARY 1, 2021
Security experts suggest using IOBs to move from reacting to a cyberattack to preventing the incident.
Security Boulevard
JANUARY 31, 2021
The pandemic and resulting migration to remote work emphasized the importance of having a digital transformation process in place. The companies that did so appeared to be the companies that had the smoothest transition. Cloud computing played a pivotal role, allowing employees to have the access they needed to do their work. The downside was. The post Taking a Data-Centric Approach to Cloud Security appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Graham Cluley
FEBRUARY 1, 2021
Karen Banks from Swadlincote in South Derbyshire, England, isn't very happy with whoever managed to post a message on an electronic traffic information sign in the neighbouring town of Burton.
Bleeping Computer
FEBRUARY 2, 2021
The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out. [.].
Tech Republic Security
FEBRUARY 3, 2021
The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.
CyberSecurity Insiders
FEBRUARY 3, 2021
Most of the American office workers are reportedly becoming vulnerable to cyber attacks and that’s because of their oversharing on social media platforms says a survey conducted by email services provider named Tessian. Out of 4000 UK and US Professionals interviewed in during the research titled “How to hack a human”, the email security vendor discovered that half of the IT professionals were seen sharing personal details on Facebook and Twitter like their driving license numbers, contact detai
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
347 
Let's personalize your content