DoublePulsar
JUNE 8, 2021
I’ve talked about ransomware and extortion attacks on organizations for about a decade. I recently spent a year at Microsoft in Threat… Continue reading on DoublePulsar ».
Mitnick Security
JUNE 11, 2021
If your company has invested in many penetration tests, you’re probably looking for more advanced ways of examining your security infrastructure.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JUNE 8, 2021
“If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” That was Bruce’s response at a conference hosted by U.S. Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. That may be necessary to keep in touch with civilian companies like FedEx in peacetime or when fighting terrorists or insurgents.
Troy Hunt
JUNE 9, 2021
I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago , then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Joseph Steinberg
JUNE 7, 2021
Every so often, I encounter an unusual technology device that so well solves a problem that I have encountered many times that I cannot imagine not adding the product to my arsenal of tools, even if it is not something that I would necessarily use every day. The Hushme is one such offering. Hushme is an unusual-looking headset that sports a single unusual, but tremendously significant, feature – it allows a person to carry on a conversation over the phone without anyone around them being able to
Krebs on Security
JUNE 8, 2021
Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into comp
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
JUNE 5, 2021
This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out.
Joseph Steinberg
JUNE 9, 2021
According to the FBI, it has successfully seized most of the Bitcoin ransom paid by Colonial Pipeline to “Darkside” criminals after the highly publicized ransomware attack that led to recent gas shortages in multiple US States. Unlike reversing financial transactions performed by banks and/or classic funds-transfer networks, seizing Bitcoin typically entrails issuing a new transaction to move Bitcoin from the address at which it resides to a new address controlled by the seizer; to p
Krebs on Security
JUNE 7, 2021
KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware.
Schneier on Security
JUNE 10, 2021
“Markpainting” is a clever technique to watermark photos in such a way that makes it easier to detect ML-based manipulation: An image owner can modify their image in subtle ways which are not themselves very visible, but will sabotage any attempt to inpaint it by adding visible information determined in advance by the markpainter. One application is tamper-resistant marks.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Troy Hunt
JUNE 7, 2021
This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy. They are now the 2nd Latin American country and 20th country worldwide to have free and easy API level access to all their government domains. I'm going to continue onboarding governments as they reach out and ask for access, my hope being that greater visibility to the impact of data breaches helps minimise the disruption they cause t
Tech Republic Security
JUNE 11, 2021
The restaurant chain reportedly said no U.S. customer data was exposed and the attack did not involve ransomware.
Lohrman on Security
JUNE 6, 2021
Maria Thompson’s last day as North Carolina’s chief risk officer was June 4, 2021. In this interview, she shares her team’s cyber journey, along with helpful insights for others to benefit from.
Schneier on Security
JUNE 9, 2021
Henry Farrell and I published a paper on fixing American democracy: “ Rechanneling Beliefs: How Information Flows Hinder or Help Democracy.” It’s much easier for democratic stability to break down than most people realize, but this doesn’t mean we must despair over the future. It’s possible, though very difficult, to back away from our current situation towards one of greater democratic stability.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Troy Hunt
JUNE 8, 2021
Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ? Many people certainly noticed the time because I kept getting asked when it was actually going to happen.
Tech Republic Security
JUNE 9, 2021
Dubbed RockYou2021, the list as revealed on a hacker forum contains 8.4 billion password entries, says CyberNews.
The Last Watchdog
JUNE 9, 2021
Data leaks and data theft are part and parcel of digital commerce, even more so in the era of agile software development. Related: GraphQL APIs stir new exposures. Many of the high-profile breaches making headlines today are the by-product of hackers pounding away at Application Programming Interfaces (APIs) until they find a crease that gets them into the pathways of the data flowing between an individual user and myriad cloud-based resources.
Schneier on Security
JUNE 7, 2021
In a 6-3 ruling , the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act : In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction. In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the “exceeds authorized access” language was, indeed, too broad.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
We Live Security
JUNE 11, 2021
Should we expect cybercriminals to ditch the pseudonymous cryptocurrency for other forms of payment that may be better at throwing law enforcement off the scent? The post Tracking ransomware cryptocurrency payments: What now for Bitcoin? appeared first on WeLiveSecurity.
Tech Republic Security
JUNE 10, 2021
The post-pandemic world will see cybersecurity addressed differently, said panelists during an online webinar hosted by ReliaQuest Wednesday.
Bleeping Computer
JUNE 10, 2021
Hackers have breached the network of gaming giant Electronic Arts (EA) and claim to have stolen roughly 750 GB of data, including game source code and debug tools. [.].
Security Boulevard
JUNE 9, 2021
According to Ran Shahor, CEO and co-founder of HolistiCyber, a successful cybersecurity strategy should start with a detailed plan. This should place your business requirements, budget, and security posture at the forefront of any other decisions you make to keep your company assets and data secured. How do you build your strategy? Well, for starters, […].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
SecureList
JUNE 8, 2021
On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges.
Tech Republic Security
JUNE 9, 2021
Whether intentional or not, gig workers can cause security breaches. Here's how to set your company up for safety.
TrustArc
JUNE 8, 2021
For almost five years, privacy professionals have been breaking their heads over what to do with international transfers of personal data originating in the European Union. The two Schrems decisions of the Court of Justice of the European Union (CJEU) have brought some clarity – we now know that no international transfer may undermine the […].
Security Boulevard
JUNE 8, 2021
2020 will be remembered most as the year the world was swept up in the COVID pandemic. Dig a little deeper and you’ll find another alarming news story: 2020 was a record breaking year on the Cybersecurity front. There was more data lost in breaches and a higher number of cyber attacks than ever before. The post A Look into Chuck Brooks’s Alarming Cybersecurity Stats appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
We Live Security
JUNE 10, 2021
ESET researchers discover a new campaign that evolved from the Quarian backdoor. The post BackdoorDiplomacy: Upgrading from Quarian to Turian appeared first on WeLiveSecurity.
Tech Republic Security
JUNE 10, 2021
Qrypt launches a quantum Entropy-as-a-Service and access to quantum random number generators hardware.
Hot for Security
JUNE 7, 2021
US authorities charged Alla Witte for helping build TrickBot, a type of malware that was active for many years in a worldwide campaign, defrauding numerous people. Taking down much of TrickBot was a group effort involving multiple countries and coordination that doesn’t usually happen with similar threats. While all of Trickbot’s infrastructure was eventually primarily dismantled, a few servers are still active in various countries where the law enforcement agencies had no jurisdiction.
Security Boulevard
JUNE 8, 2021
On Friday, May 7th, 2021, Colonial Pipeline suffered a cyberattack that forced the company to shut down its operations. As a result, gasoline outages were reported across the U.S. East Coast. The post Malicious Life Podcast: Inside the DarkSide Colonial Pipeline Attack appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
98 
Let's personalize your content