Sat.Jul 03, 2021 - Fri.Jul 09, 2021

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

Joseph Steinberg

Ransomware Defense: Top 5 Things to do Right Now

Threatpost

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware. InfoSec Insider Malware

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Vulnerability Scanning vs. Penetration Testing

The State of Security

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing, on its own, cannot secure the entire network.

Welcoming the Dutch Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Microsoft Issues Emergency Patch for Windows Flaw

Krebs on Security

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited.

Vulnerability in the Kaspersky Password Manager

Schneier on Security

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems.

More Trending

Book Review: Present Future — Business, Science and the Deep Tech Revolution

Lohrman on Security

Guy Perelmuter offers an insightful, easy to read, helpful guide to present and future technology in business areas ranging from the future of jobs to AI and from cryptocurrencies to quantum computing.

Spike in “Chain Gang” Destructive Attacks on ATMs

Krebs on Security

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside.

Details of the REvil Ransomware Attack

Schneier on Security

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision.

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

The Last Watchdog

The video game industry saw massive growth in 2020; nothing like a global pandemic to drive people to spend more time than ever gaming. Related: Credential stuffers exploit Covid 19 pandemic. Now comes a report from Akamai detailing the extent to which cyber criminals preyed on this development. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019.

MVP 11

Troy Hunt

A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn't understand, namely devoting a bunch of my time to creating things for the community.

Media 198

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely.

What Your CISO Can Learn From Logan Paul vs Floyd Mayweather

Javvad Malik

Logan Paul and his brother Jake Paul are what you could call social media celebrities. They amassed over 20 million followers across YouTube, Vine, Instagram, and others over the years through different types of content, sketches, and pranks.

CISO 191

Stealing Xbox Codes

Schneier on Security

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught

183
183

Weekly Update 250

Troy Hunt

This week is a bit of everything again, although the main difference this time was an update on the COVID situation we're facing in Australia.

IoT 178

Sketching to Answer “What Are We Working On?”

Adam Shostack

The latest in the World’s Shortest Threat Modeling Videos: podcasts threat modeling videos

130
130

Reevaluating Your Breach Prevention Strategy

Security Boulevard

Do you deploy security products to protect your organization against data breaches as part of your infrastructure cybersecurity strategy? If so, it’s important to ensure there are no critical gaps in your security stack.

Scammers exploiting Kaseya ransomware attack to deploy malware

Tech Republic Security

A new phishing campaign claims to offer a security update for Kaseya's VSA software but actually tries to install malware, says Malwarebytes

China using AI to develop robots that can hide in sea launch bombs and cyber attacks

CyberSecurity Insiders

China is once again in the news for misusing the technology of Artificial Intelligence. Earlier, it was using AI tech to analyze loads of videos that were grabbed from the CCTV cameras installed across some of its major cities.

HSBC CISO champions neurodiversity awareness in cybersecurity

CSO Magazine

Neurodiversity within cybersecurity is progressively becoming a topic of regular, meaningful discussion across the sector.

CISO 111

How to Protect Medical Devices from Ransomware

Security Boulevard

Cyberattacks on hospitals are rising, and patients are worried. Is my personal data at risk? Could ransomware or hackers effectively shut down the ER near me?

Warning: 1 in 3 employees are likely to fall for a phishing scam

Tech Republic Security

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack

Scams 160

How to protect your site against lethal unauthorized code injections

CyberSecurity Insiders

This blog was written by an independent guest blogger. Lethal unauthorized code injections like XXS (cross site scripting) attacks are some of the most dynamic cyber-attacks.

Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files

The Hacker News

While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims' computers.

China ‘Eugenics’ Claim as BGI Hoards Prenatal Test DNA Data

Security Boulevard

Chinese genetics company BGI accused of misusing DNA harvested from prenatal testing. The post China ‘Eugenics’ Claim as BGI Hoards Prenatal Test DNA Data appeared first on Security Boulevard.

Kaseya attack shows how third-party software is the perfect delivery method for ransomware

Tech Republic Security

An analysis by Sophos suggests that the latest attack is similar to one that Kaseya endured in 2018

Mobile Security Company Zimperium acquires WhiteCryption

CyberSecurity Insiders

Zimperium, a globally recognized mobile security firm has made it official that it is going to acquire application security company whiteCryption for an undisclosed amount. The details of the deal are kept under wraps.

Mobile 112

Android Apps with 5.8 million Installs Caught Stealing Users' Facebook Passwords

The Hacker News

Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. The applications were fully functional, which was supposed to weaken the vigilance of potential victims.

Reaction to Social Engineering Indicative of Cybersecurity Culture

Security Boulevard

During COVID-19, threat actors used fear of the virus and hope of a vaccine to trick unwitting victims into downloading malware or giving up their credentials. It was a master class in social engineering, one that put an organization’s security posture at risk.

How to prevent ransomware attacks with a zero-trust security model

Tech Republic Security

Ransomware attacks are rampant, with thousands taking place every single day. Learn how a zero-trust security model can protect your organization

Authentication is Outdated: A New Approach to Identification

CyberSecurity Insiders

Identity security is the greatest weakness in enterprise security. As any infosec manager will tell you, no matter how secure your infrastructure, anyone with the right credentials can walk through the front door. Identity and user authentication continue to be a concern for IT managers.

How to control ransomware? International cooperation, disrupting payments are key, experts say

CSO Magazine

Ransomware evolved from a menial cybercrime issue to a crisis that threatens national security. Incidents such as the Colonial Pipeline attack show that this type of criminal activity can impact not just specific organizations that lack good security practices, but every citizen.

Processing Machine Data With Machine Learning | Avast

Security Boulevard

This post was written by the following Avast researchers: Petr Somol, Avast Director AI Research. Tomáš Pevný, Avast Principal AI Scientist. Viliam Lisý, Avast Principal AI Scientist. Branislav Bošanský, Avast Principal AI Scientist. Andrew B. Gardner, Avast VP Research & AI. Michal P?chou?ek,

Ransomware: To pay or not to pay? Legal or illegal? These are the questions …

We Live Security

Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here’s what might change the calculus. The post Ransomware: To pay or not to pay? Legal or illegal? These are the questions … appeared first on WeLiveSecurity. Ransomware

Kaseya Ransomware attack strikes UK Companies

CyberSecurity Insiders

Top 5 more things to know about ransomware

Tech Republic Security

Ransomware attacks are getting bigger and harder to defend against. Tom Merritt lists the top five more things about ransomware you need to know