CyberSecurity Insiders

MAY 5, 2021

This blog was written by an independent guest blogger. Without a doubt, digital transformation accelerated amid the pandemic and made it possible for employees to work remotely. However, it also intensified the threat landscape created by malicious attackers who jumped on the first opportunity to attack the more vulnerable home networks. As remote working becomes the new norm, it is paramount to have an agile infrastructure and team for security.

Digital transformation 103

Digital transformation Security Awareness Cybersecurity Cyber threats 103

We Live Security

MAY 6, 2021

Millions of Brits could be at risk of cyberattacks due to poor default passwords and a lack of firmware updates. The post Popular routers found vulnerable to hacker attacks appeared first on WeLiveSecurity.

Firmware 145

Firmware Passwords Risk 145

Schneier on Security

MAY 4, 2021

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi.

Hacking 344

Hacking Software 344

Krebs on Security

MAY 5, 2021

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability 314

Accountability Passwords Advertising Phishing 314

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 7, 2021

DevOps is speeding up software release cycles like never before. But according to GitLab's latest survey, finger-pointing over who should be in charge of security remains an issue.

Software 214

Software 214

SecurityTrails

MAY 3, 2021

Sitting down with Eric Head, one of the most successful bug bounty hunters, known online as todayisnew, to discuss his mindful practices and how to remain focused on your goals.

145

145

Krebs on Security

MAY 7, 2021

John Bernard , a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish and head of a new “private office” called Hempton Business Management LLP.

Scams 248

Scams Cryptocurrency Advertising Marketing 248

Tech Republic Security

MAY 6, 2021

Scientists find that blaming employees is counterproductive and suggest creating a safe environment for people to admit their mistakes and learn from them. One company already puts that into practice.

Cybersecurity 208

Cybersecurity 208

Security Boulevard

MAY 7, 2021

A high-severity bug affects almost 40% of Android phones. The security hole is in Qualcomm modems. The post Very Many Qualcomm Phone Chips Hiding Very Nasty Vulnerability appeared first on Security Boulevard.

IoT 145

IoT Mobile Malware Cybersecurity 145

Schneier on Security

MAY 5, 2021

There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details : The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process, as the team explains

Engineering 301

Engineering 301

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Hot for Security

MAY 7, 2021

Insurance giant AXA has said that it is no longer writing cyberinsurance policies in France that cover ransom payments to extortionists. AXA’s decision, which appears to be a first for the cyberinsurance industry, will still it still reimburse companies for the cost of responding and recovering from a ransomware attack – but will not cover the often significant sums of cryptocurrency demanded by criminal gangs after they have compromised a network, and encrypted or stolen data.

Insurance 145

Insurance Ransomware Retail Cryptocurrency 145

Tech Republic Security

MAY 6, 2021

Patched on Qualcomm's end, the flaw could allow attackers to access your call history and text messages and eavesdrop on your phone conversations, says Check Point Research.

174

174

Quick Heal Antivirus

MAY 7, 2021

Have you received an SMS with a link that says, “Register for vaccine using COVID-19 app”? Well, beware! The post Beware! Hackers target users with fake COVID-19 vaccine registration app appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Malware 145

Malware Cybersecurity 145

Schneier on Security

MAY 3, 2021

The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of people’s bitcoins up so that it was hard to figure out where any individual coins came from. It ran for ten years. Identifying the person behind Bitcoin Fog serves as an illustrative example of how hard it is to be anonymous online in the face of a competent police investigation: Most remarkable, however, is the IRS’s account of tracking down Sterlin

Cryptocurrency 275

Cryptocurrency Accountability 275

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 4, 2021

Tens of billions of dollars each year are spent on cybersecurity, yet cybercriminals continue to succeed. There seems to be a never-ending stream of cybersecurity bad news. Companies constantly experience negative security events – Facebook, Verkada, and Elekta are recent examples. Cybersecurity failures become public relations, customer relations, and financial problems for companies.

Cybersecurity 145

Cybersecurity CISO 145

Tech Republic Security

MAY 5, 2021

The first Thursday in May is World Password Day. Learn some tips for what your organization should do to foster good password management techniques.

Passwords 191

Passwords Password Management 191

SecureList

MAY 6, 2021

Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Usually deployed as drivers, such implants have high privileges in the system, allowing them to intercept and potentially tamper with core I/O operations conducted by the underlying OS, like reading or writing to files or processing incoming and outgoing network packets.

Malware 145

Malware Architecture Engineering Technology 145

Schneier on Security

MAY 6, 2021

Nice video of a talk by Chris Shore on the history of Colossus.

311

311

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

MAY 4, 2021

The only constant is change. The ongoing effects of COVID-19 have taught us that change is inevitable to survive. One major area that has been affected during COVID-19 is how we interact with employees, and what we need those employees to know right now. Cybersecurity is one of those critical areas of this new world. The post The New Wave of Cybersecurity Awareness Training appeared first on Security Boulevard.

Cybersecurity 145

Cybersecurity Security Awareness Education 145

Tech Republic Security

MAY 3, 2021

Turns out, even the most sci-fi-inspired passwords still need the occasional capital letter and special character splashed in.

Passwords 193

Passwords 193

Malwarebytes

MAY 6, 2021

Most of our readers are well aware of the fact that the big tech corporations, especially those that run social media know a great deal about us and our behavior. But it rarely hits home how much personal data they have about us and how they can guess, quite correctly, even more. Lots more. Signal came up with an idea to drive that point home. A simple but very effective idea, nothing short of genius.

Advertising 145

Advertising Media Encryption Government 145

SC Magazine

MAY 3, 2021

(Justin Sullivan/Getty Images). Cisco’s Customer Experience organization reports that 44% of support cases are resolved in a day or less and 75% successfully reduce the risk of downtime. The Cisco Secure portfolio offers three distinct advantages: First, the breadth of its products and size of Cisco’s customer base means it has a large footprint in an industry where scale matters.

DNS 145

DNS Cyber threats Marketing Media 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MAY 6, 2021

Having a framework for security helps organizations identify what is missing and what is needed for their existing security architecture. A recent article in Dark Reading covered some of the cyber security frameworks that are available. The post Choosing a Cyber Security Framework appeared first on K2io. The post Choosing a Cyber Security Framework appeared first on Security Boulevard.

Architecture 145

Architecture Cybersecurity 145

Tech Republic Security

MAY 3, 2021

Before you can use a camera app in Windows 10 you have to allow access to the camera itself. Only then can you allow access to the app. We walk you through it.

158

158

We Live Security

MAY 5, 2021

Another in our occasional series demystifying Latin American banking trojans. The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity.

Banking 145

Banking Malware 145

Hot for Security

MAY 4, 2021

Apple this week issued out-of-band updates for mobile customers to patch two zero-day vulnerabilities that let attackers execute remote code on their iDevices. The Cupertino-based tech giant says criminals “may” have already exploited the flaws. Available for most iDevices in circulation, iOS 14.5.1 (and the complementary iPadOS 14.5.1) fixes a critical memory corruption issue in the Safari WebKit engine where “processing maliciously crafted web content may lead to arbitrary code execution,” acc

VPN 144

VPN Adware Engineering Malware 144

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Boulevard

MAY 7, 2021

When the security industry talks about a data breach, often the first question asked involves the state of the victim’s network security – not the breach of data. Why is this? It’s because organizations have their security priorities backward, and that needs to change. It’s clear that organizations currently prioritize protection of their networks first, The post The Security Industry is Protecting the Wrong Thing appeared first on Security Boulevard.

Data breaches 145

Data breaches Network Security Encryption CISO 145

Tech Republic Security

MAY 6, 2021

Jack Wallen walks you through the steps of installing both Linux Malware Detection and ClamAV for a reliable one-two punch of malware and virus prevention.

Malware 154

Malware 154

Bleeping Computer

MAY 1, 2021

Python 3.3 standard library 'ipaddress' suffers from a critical IP address vulnerability (CVE-2021-29921) identical to the flaw that was reported in the "netmask" library earlier this year. [.].

143

143

Digital Shadows

MAY 6, 2021

Note: This blog is an overview of password history and best practices for individuals in honor of World Password Day, The post Creating Security-Aware Passwords first appeared on Digital Shadows.

Security Awareness 142

Security Awareness Passwords 142

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk