Tech Republic Security

JULY 21, 2021

Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just that—a useful tool.

Artificial Intelligence 218

Artificial Intelligence Cybersecurity 218

Krebs on Security

JULY 19, 2021

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

Backups 360

Backups Ransomware Encryption Insurance 360

Daniel Miessler

JULY 23, 2021

There’s massive confusion in the security community around Security Through Obscurity. In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy , meaning if you hide anything, it’s Security Through Obscurity.

Encryption 300

Encryption Information Security 300

Schneier on Security

JULY 23, 2021

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis : The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual.

Surveillance 363

Surveillance Marketing Data collection 363

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Troy Hunt

JULY 21, 2021

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in the breach which really shouldn't have been there; let me list off some headlines to illustrate the point: Ashley Madison Hack: 10,000 Gov’t Officials’ Email Addresses on Leaked Ashley

Accountability 364

Accountability Data breaches Government InfoSec 364

Lohrman on Security

JULY 18, 2021

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?

Government 363

Government Cyber Attacks Ransomware 363

Schneier on Security

JULY 22, 2021

From SentinelLabs , a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.

Encryption 357

Encryption Accountability 357

Troy Hunt

JULY 23, 2021

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC. Plus, she has to put up with all my IoT shenanigans so that made for some fun conversation, along with how our respective homelands are dealing with the current pandemic (less fun, but very important).

IoT 348

IoT 348

The Last Watchdog

JULY 21, 2021

Most of us, by now, take electronic signatures for granted. Related: Why PKI will endure as the Internet’s secure core. Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations. That’s why “wet” signatures, i.e. signing in the presence of a notary, remains a requirement for some transactions involving high dollars or very sensitive rec

Computers and Electronics 269

Computers and Electronics Authentication Digital transformation Internet 269

Joseph Steinberg

JULY 22, 2021

I recently came across the following interesting infographic (reproduced with permission), comparing unseen cybersecurity threats to the threats faced by basketball teams that do not fully recognize and appreciate the offensive capabilities of one or more opposing players. While professional sports and cybersecurity may seem like two completely unrelated disciplines, the reality is that professionals working in both fields face similar prospects of suffering serious failures if they fail to both

Cybersecurity 246

Cybersecurity Artificial Intelligence Information Security 246

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

JULY 23, 2021

Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.

218

218

Cisco Security

JULY 23, 2021

Bringing focus back to organizations’ IT, and empowering security heroes. Esports are becoming massively popular, and you’ll commonly hear about how a player “carried the team on their back,” a phrase often used when a teammate perseveres through adversity, contributes more than their fair share, and ultimately delivers a win. Over the last year and a half, IT and security heroes globally have adapted and met the needs of their workforces that had to rapidly pivot to remote work.

VPN 145

VPN Marketing Technology Firewall 145

Bleeping Computer

JULY 23, 2021

Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [.].

Adware 145

Adware Malware 145

Malwarebytes

JULY 22, 2021

A very serious security flaw in immensely popular printer drivers has been disclosed and it could affect many millions of Windows systems. The printer driver was issued by HP, but it’s also in use by Samsung and Xerox. All the affected printers are laser printers. The most surprising about this find is probably that the vulnerability apparently has existed since 2005 and was only found 16 years later.

Software 145

Software Firmware Manufacturing Engineering 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

JULY 22, 2021

Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.

218

218

Cisco Security

JULY 22, 2021

Ransomware. Certainly not a new form of cybercrime, but one that has dominated mainstream headlines in recent months. High-profile cyberattacks on critical infrastructure and sectors in the global economy, such as government agencies, a major U.S. fuel pipeline, and one of the world’s largest meat processing plants have put a giant spotlight on ransomware.

Ransomware 145

Ransomware DNS Authentication Cybercrime 145

Bleeping Computer

JULY 23, 2021

A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. [.].

145

145

Malwarebytes

JULY 21, 2021

Users with low privileges can access sensitive Registry database files on Windows 10 and Windows 11, leaving them vulnerable to a local elevation of privilege vulnerability known as SeriousSAM or HiveNightmare. Doesn’t sound serious? Reassured that users must already have access to the system and be able to execute code on said system to use this vulnerability?

Passwords 145

Passwords Authentication Accountability Backups 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JULY 21, 2021

About one-quarter of respondents do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security.

IoT 218

IoT Cybersecurity 218

The Hacker News

JULY 23, 2021

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics.

Malware 145

Malware Software 145

Security Boulevard

JULY 21, 2021

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year. This data reflects something every forward-looking business leader already knows–digital transformation (DX) is the key to remaining competitive in 2021 and beyond. However, to fully reap the benefits of digital transformation, organizations must.

Digital transformation 145

Digital transformation CISO InfoSec Security Awareness 145

We Live Security

JULY 21, 2021

Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money. The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity.

DDOS 145

DDOS Phishing Ransomware Cybersecurity 145

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

JULY 20, 2021

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.

Phishing 218

Phishing Mobile 218

Bleeping Computer

JULY 20, 2021

Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [.].

145

145

Security Boulevard

JULY 23, 2021

Cyber criminals are taking advantage of the global crisis coronavirus pandemic (COVID-19) to attempt cyber scams! The Wave of Coronavirus Cyber Scams While the world is busy fighting with the coronavirus pandemic (COVID-19), cyber attackers are misusing this global crisis for their malicious use. The outbreak of newly discovered endangering infectious disease coronavirus (COVID-19) has […].

Scams 145

Scams Cyber Attacks 145

We Live Security

JULY 20, 2021

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity.

Banking 145

Banking Malware Mobile 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JULY 22, 2021

An attacker who exploits this flaw could use system privileges to install programs, view or delete data, and create accounts with full user rights.

Accountability 217

Accountability 217

Malwarebytes

JULY 19, 2021

This blog post was authored by Erika Noerenberg. Introduction. Over the past months, Malwarebytes researchers have been tracking a unique malspam campaign delivering the Remcos remote access trojan (RAT) via financially-themed emails. Remcos is often delivered via malicious documents or archive files containing scripts or executables. Like other RATs, Remcos gives the threat actor full control over the infected system and allows them to capture keystrokes, screenshots, credentials, or other sens

Malware 145

Malware DNS Software Marketing 145

Security Boulevard

JULY 19, 2021

In January, we published the Ransomware Pandemic, a report discussing the ever-evolving threat of ransomware and the growing devastation disseminated by these malicious malware strains. The report discussed the future forecast for ransomware and how we imagined the threat would progress in the immediate future. Just six months later, these predictions have already become a.

Ransomware 145

Ransomware Malware Security Awareness Cybersecurity 145

Cisco Security

JULY 21, 2021

Building a company from the ground up is not for the faint of heart. I know, I’ve been there. As co-founder of Duo, the leading provider of Zero Trust access security, I know what it means to dedicate yourself fully to a vision, to your customers, and to your team. And I know how daunting it can be to find the right investors to join the team – people and organizations that truly understand, and believe in your vision.

CISO 145

CISO Phishing Architecture Marketing 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!