Lohrman on Security
JUNE 13, 2021
After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?
Hot for Security
JUNE 15, 2021
Our mobile devices are not just a means to communicate with others. They’ve evolved into a data storage device, a video and sound recorder, as well as an easy way to access our bank accounts. Mobile security is often overlooked by many technology users, who dismiss the reality of security risks brought by careless interactions with the digital world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
JUNE 15, 2021
Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan. Moynihan made the comment on CNBC’s Squawk Box show yesterday (June 14), noting that “I became CEO 11 and a half years ago, and we probably spent $300 million to $400 million (per year) and we’re up over a billion now… The institutions around us, other institutions and my peers, spend like amounts, and our contra
Troy Hunt
JUNE 14, 2021
Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on the Finnish government. Finland is now the 5th Nordic country and 21st national CERT to be onboarded with many more from around the globe to be announced shortly.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
JUNE 17, 2021
General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.” GEA-1 was d
Krebs on Security
JUNE 16, 2021
Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School , the University of California , and University of Maryland. A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
JUNE 16, 2021
Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.
Schneier on Security
JUNE 16, 2021
TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies. Express VPN is incorporated in the British Virgin Islands. NordVPN is incorporated in Panama.
Krebs on Security
JUNE 15, 2021
The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her
eSecurity Planet
JUNE 18, 2021
There’s a never ending cycle between the measures cybersecurity providers introduce to prevent or remediate cyber threats and the tactics cyber criminals use to get around these security measures. As soon as a security company develops a way to mitigate the latest threat, attackers develop a new threat to take its place. Artificial intelligence has emerged as a critical tool cybersecurity companies leverage to stay ahead of the curve.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
JUNE 17, 2021
With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster.
Schneier on Security
JUNE 15, 2021
Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of optical-scan voting machines (possibly over several years of use) can cause paper-fold lines in absentee ballots to be interpreted as votes… New Hampshire (and other states) may need to maintain the accu
Krebs on Security
JUNE 18, 2021
In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [ NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.
Hot for Security
JUNE 18, 2021
According to a report by Catalin Cimpanu at The Record , authorities in South Korea have filed charges against employees at a computer repair store. What are the nine charged employees of the unnamed company based in Seoul alleged to have done? Created and installed ransomware onto the computers of their customers, netting more than 360 million won (approximately US $320,000.).
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
JUNE 15, 2021
56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report.
Schneier on Security
JUNE 14, 2021
This is a current list of where and when I am scheduled to speak: I’ll be part of a European Internet Forum virtual debate on June 17, 2021. The topic is “Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?” I’m speaking at the all-online Society for Philosophy and Technology Conference 2021 , June 28-30, 2021.
We Live Security
JUNE 18, 2021
By failing to prepare you are preparing to fail – here’s what you can do today to minimize the impact of a potential ransomware attack in the future. The post 5 essential things to do before ransomware strikes appeared first on WeLiveSecurity.
Hot for Security
JUNE 17, 2021
In December last year, we reported how the email and mailing addresses of some 270,000 Ledger customers had been published on a hacking forum following a data breach. At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal users’ credentials. What we hadn’t predicted was that cybercriminals would use a rather more elaborate way to steal users’ credentials.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
JUNE 18, 2021
Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.
Schneier on Security
JUNE 14, 2021
This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained.
Trend Micro
JUNE 16, 2021
We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script.
Google Security
JUNE 16, 2021
Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacks—unauthorized modifications to software packages—have been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software. The software development and deployment supply chain is quite complicated, with numerous threats along the source ?
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
JUNE 14, 2021
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.
Schneier on Security
JUNE 17, 2021
Paul van Oorschot’s webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. It’s worth reading.
Zero Day
JUNE 16, 2021
The exposure is another example of misconfiguration that can impact security.
Bleeping Computer
JUNE 16, 2021
Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets. [.].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
JUNE 16, 2021
A new IBM global report examining consumer behaviors finds an average of 15 new online accounts were created and 82% are reusing the same credentials some of the time.
We Live Security
JUNE 14, 2021
How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business? The post Vishing: What is it and how do I avoid getting scammed? appeared first on WeLiveSecurity.
Google Security
JUNE 18, 2021
Posted by Kristoffer Janke, Information Security Engineer Are you ready for no sleep, no chill and a lot of hacking? Our annual Google CTF is back! The competition kicks off on Saturday July 17 00:00:01 AM UTC and runs through Sunday July 18 23:59:59 UTC. Teams can register at [link]. Just like last year, the top 16 teams will qualify for our Hackceler8 speed run and the chance to take home a total of $30,301.70 in prize money.
CyberSecurity Insiders
JUNE 14, 2021
By Tony Goulding, cybersecurity evangelist, ThycoticCentrify. Employees have dozens of interactions with fellow team members, customers, and partners per day. Due to the remote work boom and accelerated digital transformation projects, many of those conversations and exchanges are online. While your team may think they know who is on the other end of that email or completing a task you have asked them to do, there is no guarantee.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
299 
Let's personalize your content