Lohrman on Security
NOVEMBER 28, 2021
The world seems focused on new developments in artificial intelligence to help with a wide range of problems, including staffing shortages. But will AI help or harm security teams?
Joseph Steinberg
NOVEMBER 30, 2021
Giving Tuesday has arrived… and, so have many criminals who seek to exploit people’s sense of generosity. While evildoers perpetrate charity-related scams throughout the year, they know that the holiday spirit in general, and the concentrated focus on charity on Giving Tuesday specifically, both improve their odds of success. During this time of year, therefore, we must be extra vigilant to ensure that our charity dollars reach proper destinations and actually do good, rather than enrich c
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 2, 2021
A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens.
Krebs on Security
DECEMBER 3, 2021
Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “ Babam ,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occa
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 1, 2021
This won't replace antivirus software, but it can help you detect problems much more efficiently and allows more customization. Here's how to install it on Mac, Windows and Linux.
Bleeping Computer
DECEMBER 3, 2021
The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
DECEMBER 2, 2021
Retail is known to experience a spike in cybercrime around the holidays. With millions of shoppers conducting business online, the threat landscape usually increases with this jolt in traffic. However, this year, it's not only Retail that should be concerned — research by CORO finds that all mid-market businesses are 490% more likely to experience.
Tech Republic Security
DECEMBER 3, 2021
When using LinkedIn and other social media accounts for professional reasons, there are important factors to consider about securing your personal data. Learn how to protect yourself from a hacker.
We Live Security
DECEMBER 1, 2021
ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs. The post Jumping the air gap: 15 years of nation‑state effort appeared first on WeLiveSecurity.
Schneier on Security
NOVEMBER 30, 2021
Interesting : Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
DECEMBER 1, 2021
The Finnish National Cyber Security Centre (NCSC-FI) has issued a warning to citizens about the current version of the FluBot malware campaign which is affecting “tens of thousands of people in Finland.” The malware campaign leverages SMS by sending out numerous text messages, according to NCSC-FI. The messages, all of which are written in Finnish, The post Finland Fending Off FluBot Malware, Again appeared first on Security Boulevard.
Tech Republic Security
NOVEMBER 28, 2021
You'll never get a better deal on self-paced courses that can teach you the skills necessary to become a cybersecurity analyst, so start training now and switch to a new career in 2022.
Bleeping Computer
NOVEMBER 30, 2021
Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload. [.].
The Hacker News
DECEMBER 2, 2021
The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities. Tracked as CVE-2021-44077 (CVSS score: 9.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
NOVEMBER 30, 2021
Let’s dispel the myth first: Open source software isn’t any less secure than closed source software. However, once a vulnerability is found in an open source program, it tends to be much easier to weaponize and exploit than a vulnerability found in closed source. “The biggest risks of open source come from the fact that. The post Searching for Bugs in Open Source Code appeared first on Security Boulevard.
Tech Republic Security
NOVEMBER 27, 2021
You will never again need to worry about your anonymity or sensitive personal data online when the best VPN service offers a lifetime of powerful protection.
Bleeping Computer
DECEMBER 1, 2021
Three APT hacking groups from India, Russia, and China, were observed using a novel RTF (rich text format) template injection technique in their recent phishing campaigns. [.].
We Live Security
DECEMBER 3, 2021
Fraudsters take advantage of the emergence of the new variant to dupe unsuspecting victims out of their sensitive data. The post Scammers exploit Omicron fears in new COVID‑19 phishing campaign appeared first on WeLiveSecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
NOVEMBER 29, 2021
The cybersecurity world remains dynamic. On November 4, 2021, the Department of Defense (DoD) posted an update to its Cybersecurity Maturity Model Certification (CMMC) initiative, announcing program changes dubbed CMMC 2.0. These changes were driven by a tremendous amount of industry input; taken into consideration during the DoD’s review of the program over the past.
Tech Republic Security
DECEMBER 1, 2021
Technologies are available to better protect the data used in artificial intelligence, but they're not quite ready for prime time, says Deloitte.
Bleeping Computer
DECEMBER 1, 2021
BlackByte ransomware actors were observed exploiting the ProxyShell set of vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) to compromise Microsoft Exchange servers. [.].
The Hacker News
NOVEMBER 30, 2021
Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
DECEMBER 1, 2021
There’s no question that the past 18 months have been challenging for technology and cybersecurity leaders. Cyberthreats have skyrocketed at a time when companies have been enabling hybrid workforce models and transforming their businesses. In fact, 2020 was one for the record books in terms of security incidents. Broadvoice, Facebook and Microsoft reported breaches involving.
Tech Republic Security
NOVEMBER 29, 2021
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.
Bleeping Computer
NOVEMBER 27, 2021
Free unofficial patches have been released to protect Windows users from a local privilege escalation (LPE) zero-day vulnerability in the Mobile Device Management Service impacting all Windows 10 versions from v1809 to v21H1. [.].
Security Affairs
DECEMBER 2, 2021
U.S. CISA urges to address vulnerabilities Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of actively exploited vulnerabilities recommending federal agencies to address the flaws in Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software within specific timeframes and deadlines.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Boulevard
NOVEMBER 30, 2021
Concerns regarding cyberattacks against critical infrastructure have elevated industrial control systems (ICS) security to a mainstream topic. The first half of the year saw an increase in vulnerabilities found in ICS, exposing the high risk for attacks. As businesses continue connecting devices to the internet and converging operational technology (OT) under IT systems management, it’s.
Tech Republic Security
DECEMBER 3, 2021
Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs.
CyberSecurity Insiders
NOVEMBER 29, 2021
REvil ransomware gangs, known to fleece millions from their victims, are seen leading luxurious lives in their hideouts protected by Russian government. According to a covert operation launched by leading news publishing resource DailyMail, a suspected hacker running REvil aka Sodinokibi ransomware gang was arrested by the police last week. Named as Yevgeniy Polyanin, the 28-year hacking techie was arrested from Siberia from his $380,000 USD home.
The Hacker News
DECEMBER 1, 2021
Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
362 
Let's personalize your content