Sat.Jun 12, 2021 - Fri.Jun 18, 2021

The 5 Biggest Cybersecurity Threats of 5 Industries

Doctor Chaos

Unaddressed cybersecurity threats can cause lost profits, regulatory fines and missed opportunities. Plus, as company leaders scramble to recover from attacks, making progress often takes weeks or months, severely disrupting business operations.

Retail 141

Where Next With Hacking Back Against Cyber Crime?

Lohrman on Security

After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

7 Mobile Security Tips to Help Safeguard Your Device and Personal Information

Hot for Security

Our mobile devices are not just a means to communicate with others. They’ve evolved into a data storage device, a video and sound recorder, as well as an easy way to access our bank accounts.

Mobile 108

How Does One Get Hired by a Top Cybercrime Gang?

Krebs on Security

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function.

Billion Dollar CyberSecurity Annual Budgets Have Arrived

Joseph Steinberg

Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan.

More Trending

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

TikTok Can Now Collect Biometric Data

Schneier on Security

This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content.

Podcast: Predator, Hunter, Prey

Doctor Chaos

Click Here to listen to the podcast on SoundCloud. We are honored to have Dr. Alex Tarter, CTO of Thales UK and co-founder of TurgenSec, and Breaches.UK on our podcast. Alex is a bit of a legend in the CISO space.

CISO 130

Weekly Update 248

Troy Hunt

Thought I'd do a bit of AMA this week given the rest of the content was a bit lighter. If you like this sort of content then I'll try and be a bit more organised next time, give some notice and make more of an event out of it.

IoT 172

First American Financial Pays Farcical $500K Fine

Krebs on Security

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years.

VPNs and Trust

Schneier on Security

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies.

VPN 204

Israel’s Naftali Bennett Becomes The First Head of Government To Emerge From The CyberSecurity Industry

Joseph Steinberg

Naftali Bennett, elected yesterday as Prime Minister of Israel , appears to be the first entrepreneur and executive from the cybersecurity industry to have become the head of a national government.

Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea

Hot for Security

According to a report by Catalin Cimpanu at The Record , authorities in South Korea have filed charges against employees at a computer repair store. What are the nine charged employees of the unnamed company based in Seoul alleged to have done?

Scams 114

5 essential things to do before ransomware strikes

We Live Security

By failing to prepare you are preparing to fail – here’s what you can do today to minimize the impact of a potential ransomware attack in the future. The post 5 essential things to do before ransomware strikes appeared first on WeLiveSecurity. Cybersecurity

Peloton Vulnerability Found and Fixed

Schneier on Security

Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires physical access to the Peloton, so it’s not really a practical attack. President Biden’s Peloton was not in danger

155
155

Best new Windows 10 security features: Improvements to Intune, Windows Defender Application Guard

CSO Magazine

With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices.

CSO 105

Microsoft to Pull the Plug on Windows 10 in 2025

Hot for Security

Microsoft will retire the Windows 10 operating system on October 10, 2025. It’s the first time the company puts an expiration date on its current operating system, paving the way for its successor, Windows 11.

Fast threat modeling videos

Adam Shostack

I’m exploring the concept of very fast threat modeling videos, and have posted the first one. Feedback welcome! Threat Model Thursdays threat modeling

100
100

Andrew Appel on New Hampshire’s Election Audit

Schneier on Security

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire.

Risk 139

Instagram? ?Bug Allowed Anyone to View Private Accounts Without Following Them

The Hacker News

Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. This bug could have allowed a malicious user to view targeted media on Instagram," Mayur Fartade said in a Medium post today. "An

Participating in This UPS Survey Will Not Earn You a Brand New Sony PlayStation 5

Hot for Security

Online scammers use the name of international shipping company UPS to dupe consumers into participating in a survey giveaway scam.

“Not in my threat model”?

Adam Shostack

You know what’s not in my threat model? A meteor hitting a volcano…And that’s ok! Your threat modeling should be focused on the threats that are likely to impact your systems. So unless your system is your evil supervillain volcano lair, a meteor is likely out of scope. And unless you have giant space lasers, there’s not a lot you can do about that meteor. You’ll learn this, and more in my threat modeling courses, and speaking of which, we have some upcoming.

100
100

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’ll be part of a European Internet Forum virtual debate on June 17, 2021. The topic is “Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?”

Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild

The Hacker News

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4, comes with three security fixes, including a memory corruption issue in the ASN.1

What You Should Know About Voilá, the Latest Viral Selfie App

WIRED Threat Level

Before you use it to cartoonify your face, consider the risks to your data. Security Security / Privacy

Risk 92

Amazon Prime Day scams resurface for 2021

Tech Republic Security

With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster

Scams 124

Paul van Oorschot’s Computer Security and the Internet

Schneier on Security

Paul van Oorschot’s webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. It’s worth reading. Uncategorized books computer security

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

The Hacker News

A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus.

Most health apps engage in unhealthy data?harvesting habits

We Live Security

Most medical and fitness apps in Google Play have tracking capabilities enabled and their data collection practices aren’t transparent. The post Most health apps engage in unhealthy data‑harvesting habits appeared first on WeLiveSecurity. Privacy

The many ways a ransomware attack can hurt your organization

Tech Republic Security

Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason

Risk-based security now more important than ever for Energy and Utilities!

CyberSecurity Insiders

This is the third of three blogs in a series to help the energy and utility industries. You can read the first blog on Ransomware and Energy and Utilities and the second blog on Threat Intelligence and Energy and Utilities as well.

Cybersecurity Executive Order 2021: What It Means for Cloud and SaaS Security

The Hacker News

In response to malicious actors targeting US federal IT systems and their supply chain, the President released the "Executive Order on Improving the Nation’s Cybersecurity (Executive Order)."

Fake Ledger devices mailed out in attempt to steal from cryptocurrency fans

Hot for Security

In December last year, we reported how the email and mailing addresses of some 270,000 Ledger customers had been published on a hacking forum following a data breach.

Microsoft product vulnerabilities reached a new high of 1,268 in 2020

Tech Republic Security

56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report

124
124

What is Digital Identity, and why is it important?

CyberSecurity Insiders

This article first appeared on Philippe Vallée’s LinkedIn. A woman contacts her bank to take out a mortgage on her first house. A group of teenagers excitedly buy tickets to see their favourite musician who is touring through their town.