Schneier on Security
JUNE 8, 2021
“If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” That was Bruce’s response at a conference hosted by U.S. Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. That may be necessary to keep in touch with civilian companies like FedEx in peacetime or when fighting terrorists or insurgents.
Troy Hunt
JUNE 9, 2021
I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago , then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
JUNE 9, 2021
According to the FBI, it has successfully seized most of the Bitcoin ransom paid by Colonial Pipeline to “Darkside” criminals after the highly publicized ransomware attack that led to recent gas shortages in multiple US States. Unlike reversing financial transactions performed by banks and/or classic funds-transfer networks, seizing Bitcoin typically entrails issuing a new transaction to move Bitcoin from the address at which it resides to a new address controlled by the seizer; to p
Krebs on Security
JUNE 8, 2021
Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into comp
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JUNE 11, 2021
For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announced 800 arrests based on text messages sent over the app.
Troy Hunt
JUNE 5, 2021
This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
JUNE 11, 2021
Should we expect cybercriminals to ditch the pseudonymous cryptocurrency for other forms of payment that may be better at throwing law enforcement off the scent? The post Tracking ransomware cryptocurrency payments: What now for Bitcoin? appeared first on WeLiveSecurity.
Schneier on Security
JUNE 10, 2021
“Markpainting” is a clever technique to watermark photos in such a way that makes it easier to detect ML-based manipulation: An image owner can modify their image in subtle ways which are not themselves very visible, but will sabotage any attempt to inpaint it by adding visible information determined in advance by the markpainter. One application is tamper-resistant marks.
Troy Hunt
JUNE 8, 2021
Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ? Many people certainly noticed the time because I kept getting asked when it was actually going to happen.
Tech Republic Security
JUNE 8, 2021
Medical data is a valuable commodity—one that needs to be protected from cybersecurity threats. Tom Merritt lists five things to know about medical data security.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JUNE 11, 2021
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. [.].
Security Boulevard
JUNE 9, 2021
According to Ran Shahor, CEO and co-founder of HolistiCyber, a successful cybersecurity strategy should start with a detailed plan. This should place your business requirements, budget, and security posture at the forefront of any other decisions you make to keep your company assets and data secured. How do you build your strategy? Well, for starters, […].
Troy Hunt
JUNE 7, 2021
This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy. They are now the 2nd Latin American country and 20th country worldwide to have free and easy API level access to all their government domains. I'm going to continue onboarding governments as they reach out and ask for access, my hope being that greater visibility to the impact of data breaches helps minimise the disruption they cause t
Tech Republic Security
JUNE 11, 2021
Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA's death knell in the process.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
TrustArc
JUNE 8, 2021
For almost five years, privacy professionals have been breaking their heads over what to do with international transfers of personal data originating in the European Union. The two Schrems decisions of the Court of Justice of the European Union (CJEU) have brought some clarity – we now know that no international transfer may undermine the […].
Security Boulevard
JUNE 8, 2021
2020 will be remembered most as the year the world was swept up in the COVID pandemic. Dig a little deeper and you’ll find another alarming news story: 2020 was a record breaking year on the Cybersecurity front. There was more data lost in breaches and a higher number of cyber attacks than ever before. The post A Look into Chuck Brooks’s Alarming Cybersecurity Stats appeared first on Security Boulevard.
Hot for Security
JUNE 8, 2021
The Australian Federal Police (AFP) has revealed that it was able to decrypt and snoop on the private messages sent via a supposedly secure messaging app used by criminals… because the app was actually the brainchild of the FBI. At a press conference , AFP commissioner Reece Kershaw described how the idea of “AN0M” – a backdoored messaging app – was dreamt up by members of the FBI and AFP over a few beers after the shutdown in 2018 of “Phantom Secure,” an encr
Tech Republic Security
JUNE 9, 2021
Dubbed RockYou2021, the list as revealed on a hacker forum contains 8.4 billion password entries, says CyberNews.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
We Live Security
JUNE 7, 2021
Hacking an orbiting satellite is not light years away – here’s how things can go wrong in outer space. The post Hacking space: How to pwn a satellite appeared first on WeLiveSecurity.
Security Boulevard
JUNE 8, 2021
On Friday, May 7th, 2021, Colonial Pipeline suffered a cyberattack that forced the company to shut down its operations. As a result, gasoline outages were reported across the U.S. East Coast. The post Malicious Life Podcast: Inside the DarkSide Colonial Pipeline Attack appeared first on Security Boulevard.
Hot for Security
JUNE 7, 2021
US authorities charged Alla Witte for helping build TrickBot, a type of malware that was active for many years in a worldwide campaign, defrauding numerous people. Taking down much of TrickBot was a group effort involving multiple countries and coordination that doesn’t usually happen with similar threats. While all of Trickbot’s infrastructure was eventually primarily dismantled, a few servers are still active in various countries where the law enforcement agencies had no jurisdiction.
Tech Republic Security
JUNE 9, 2021
Whether intentional or not, gig workers can cause security breaches. Here's how to set your company up for safety.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JUNE 6, 2021
Amazon will be launching the Amazon Sidewalk service on Tuesday that automatically opts-in your Echo and Ring devices into a new feature that shares your Internet with your neighbors. Here's more about this new feature and how to opt-out of sharing your bandwidth with other Amazon devices. [.].
Security Boulevard
JUNE 8, 2021
Risk management has developed significantly from when it was first introduced. In the 16th and 17th centuries, notions of risk management evolved into something more akin to how we see it in the cybersecurity landscape today. The amount of risk for voyages would be weighed and calculated, and at the end of the day, someone would decide whether the complex risk environment was worth the possibility of losing the entire shipment or if the risk was acceptable enough to take the gamble on the produc
Hot for Security
JUNE 8, 2021
The most extensive data leak collection to date, dubbed ‘RockYou2021’, was dumped on popular hacking forums earlier this month. According to a CyberNews report , a forum user posted a 100GB text file with 8.4 billion password entries, presumably obtained from previous data leaks and breaches. Despite the author’s claims that the document contains 82 billion passwords, researchers noted that the “actual number turned out to be nearly ten times lower – at 8,459,060,239 uniq
Tech Republic Security
JUNE 11, 2021
The restaurant chain reportedly said no U.S. customer data was exposed and the attack did not involve ransomware.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
JUNE 7, 2021
New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities. [.].
SecureList
JUNE 8, 2021
On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges.
Quick Heal Antivirus
JUNE 11, 2021
For the last three years, Joker Trojan is making its way on Google Play Store. Quick Heal Security. The post Google Play store applications laced with Joker malware yet again appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Tech Republic Security
JUNE 9, 2021
If you're hiring gig workers, take precautions to protect your company from intentional or accidental data breach.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
358 
Let's personalize your content