Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Internet 362

Internet Internet Hacking Accountability 362

Joseph Steinberg

NOVEMBER 17, 2021

Rockville, MD – November 17, 2021 – Sepio Systems , the leader in Zero Trust Hardware Access (ZTHA), announced today that cybersecurity expert Joseph Steinberg has joined its advisory board. Steinberg has led organizations within the cybersecurity industry for nearly 25 years and is a top industry influencer worldwide. He has written books ranging from Cybersecurity for Dummies to the advanced Official (ISC)2® Guide to the CISSP®-ISSMP® CBK®.

Cybersecurity 340

Cybersecurity Artificial Intelligence Government Information Security 340

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 327

Passwords 327

Lohrman on Security

NOVEMBER 14, 2021

The newly approved federal infrastructure deal brings with it a great holiday present for state and local governments: dedicated cyber funding. Here’s the history, and the future, of cyber grants.

Government 313

Government 313

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

NOVEMBER 19, 2021

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it. I've just watched this back and other than mucking around with the gain in the first part of the video, I reckon it's great.

Wireless 280

Wireless Mobile 280

Tech Republic Security

NOVEMBER 19, 2021

Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing us to predict what threats might lead the future.

218

218

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

Encryption 143

Encryption Data privacy Technology Marketing 143

Bleeping Computer

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen. [.].

Hacking 145

Hacking 145

Tech Republic Security

NOVEMBER 19, 2021

The new product, Cisco Secure Cloud Insights, offers cloud inventory tracking and relationship mapping to navigate public clouds as well as access rights management and security compliance reporting.

189

189

Schneier on Security

NOVEMBER 15, 2021

This is part 3 of Sean Gallagher’s advice for “securing your digital life.

Phishing 271

Phishing Risk Cybersecurity 271

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

NOVEMBER 19, 2021

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks.

Passwords 144

Passwords Cybersecurity 144

We Live Security

NOVEMBER 19, 2021

Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks. The post CYBERWARCON – Foreign influence operations grow up appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

NOVEMBER 18, 2021

Midsize companies often lack the staff, expertise and expensive tools needed to defend themselves against attack, says security provider Coro.

Data breaches 214

Data breaches 214

Bleeping Computer

NOVEMBER 18, 2021

Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites. [.].

Malware 144

Malware 144

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

NOVEMBER 15, 2021

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets.

Cybersecurity 143

Cybersecurity Engineering Software 143

We Live Security

NOVEMBER 16, 2021

ESET researchers have discovered strategic web compromise (aka watering hole) attacks against high‑profile websites in the Middle East. The post Strategic web compromises in the Middle East with a pinch of Candiru appeared first on WeLiveSecurity.

Malware 145

Malware 145

Tech Republic Security

NOVEMBER 17, 2021

This is the year business leaders will learn just how innovative online criminals have become, and it'll take rethinking how we perceive account security to fight it, says PerimeterX CTO Ido Safruti.

Account Security 186

Account Security Accountability 186

Bleeping Computer

NOVEMBER 15, 2021

Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server. [.].

Authentication 143

Authentication 143

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CSO Magazine

NOVEMBER 18, 2021

Over the past year, a string of high-profile cyberattacks coming from Russia and China has galvanized the United States and its western allies into taking swift action to counter the escalating incidents. Consequently, the SolarWinds spyware infiltration , the Microsoft Exchange hack , and ransomware attacks launched by criminal gangs harbored by the Kremlin dominate headlines and drive nation-state cybersecurity responses.

Spyware 142

Spyware Ransomware Hacking Cybersecurity 142

Security Boulevard

NOVEMBER 17, 2021

It’s fitting that the industry formally recognizes October as Cybersecurity Awareness Month, but awareness is just where security starts—and the other 11 months of the year are just as important for cybersecurity awareness. While I regard an informed perspective as an essential framework for cloud computing, successful SMBs need to ensure that security is more.

Cybersecurity 140

Cybersecurity Data breaches Security Awareness Phishing 140

Tech Republic Security

NOVEMBER 15, 2021

Most organizations surveyed by Hitachi ID are moving partly to software-as-a-service. Less than half have adopted a Zero Trust strategy.

Cybersecurity 215

Cybersecurity Ransomware Software 215

Bleeping Computer

NOVEMBER 18, 2021

Winamp is getting closer to release with a redesigned website, logo, and a new beta signup allowing users to soon test the upcoming version of the media player. [.].

Media 145

Media Software 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

NOVEMBER 13, 2021

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data. “Our intelligence monitoring indicates exfiltration of se

Hacking 139

Hacking Technology Information Security 139

Malwarebytes

NOVEMBER 17, 2021

If your kids play Roblox, you may wish to warn them of ransomware perils snapping at their heels. A very smart, and determined attack has been taking place for a little while now. Although initially dismissed as a form of prank , the developers under fire now disagree. Whether prank or malicious campaign, the end results are still bad for everyone involved.

Ransomware 138

Ransomware Scams Malware Phishing 138

Tech Republic Security

NOVEMBER 17, 2021

Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.

Passwords 218

Passwords 218

Bleeping Computer

NOVEMBER 17, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans (known as playbooks) for federal civilian executive branch (FCEB) agencies. [.].

Cybersecurity 140

Cybersecurity 140

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Graham Cluley

NOVEMBER 15, 2021

With so many in the educational sector under attack, it's never been more important to ensure schools are properly defended against ransomware - and not relying on advice that is 11 years old. Read more in my article on the Tripwire State of Security blog.

Ransomware 138

Ransomware Government Education Malware 138

InfoWorld on Security

NOVEMBER 17, 2021

For software developers who primarily build their applications as a set of microservices deployed using containers and orchestrated with Kubernetes , a whole new set of security considerations has emerged beyond the build phase. Unlike hardening a cluster , defending at run time in containerized environments has to be dynamic: constantly scanning for unexpected behaviors within a container after it goes into production, such as connecting to an unexpected resource or creating a new network socke

Software 136

Software 136

Tech Republic Security

NOVEMBER 16, 2021

Security researchers analyzed 700 incidents to understand the economics of these threats as well as what bargaining tactics work.

Ransomware 214

Ransomware 214

Bleeping Computer

NOVEMBER 17, 2021

?There's some unusual activity brewing on Russian-speaking cybercrime forums, where hackers appear to be reaching out to Chinese counterparts for collaboration. [.].

Cybercrime 144

Cybercrime Ransomware 144

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk