Sat.Jul 17, 2021 - Fri.Jul 23, 2021

Should we use AI in cybersecurity? Yes, but with caution and human help

Tech Republic Security

Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just that—a useful tool

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Dead Drops and Security Through Obscurity

Daniel Miessler

There’s massive confusion in the security community around Security Through Obscurity. In general, most people know it’s bad, but they can’t say exactly why.

NSO Group Hacked

Schneier on Security

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

As Ransomware Surge Continues, Where Next for Government?

Lohrman on Security

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

More Trending

Commercial Location Data Used to Out Priest

Schneier on Security

A Catholic priest was outed through commercially available surveillance data.

The Presenting Vendor Paradox

Daniel Miessler

There’s a paradox in information security where the community wants two things at once: High quality research and talks, and. Unbiased research and talks. I’ve personally been one of these affiliated speakers countless times.

Weekly Update 253

Troy Hunt

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC.

IoT 206

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

Peter Levashov, appearing via Zoom at his sentencing hearing today.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Nasty Printer Driver Vulnerability

Schneier on Security

From SentinelLabs , a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

Most of us, by now, take electronic signatures for granted. Related: Why PKI will endure as the Internet’s secure core. Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations.

How DuckDuckGo makes money selling search, not privacy

Tech Republic Security

Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy

171
171

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

The Hacker News

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics."

Candiru: Another Cyberweapons Arms Manufacturer

Schneier on Security

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report : Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments.

Hackers Exploit the COVID-19 Pandemic for Cyber Scams

Security Boulevard

Cyber criminals are taking advantage of the global crisis coronavirus pandemic (COVID-19) to attempt cyber scams! The Wave of Coronavirus Cyber Scams While the world is busy fighting with the coronavirus pandemic (COVID-19), cyber attackers are misusing this global crisis for their malicious use.

Scams 114

How cyberattacks exploit known security vulnerabilities

Tech Republic Security

Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda

171
171

Cyber Attack on Transnet South Africa Shipping

CyberSecurity Insiders

South Africa-based Transport Company named Transnet is reported to have been hit by a cyber attack that has caused serious disruptions to its operations that can last for a week.

Holes in Linux Kernel Could Pose Problems for Red Hat, Ubuntu, Other Distros

eSecurity Planet

A pair of vulnerabilities in the Linux kernel disclosed this week expose major Linux operating systems that could let a hacker either gain root privileges on a compromised host or shut down the entire OS altogether.

CISO 113

Security and Culture are Key to Digital Transformation

Security Boulevard

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year.

Cybersecurity lags behind as IoT devices proliferate, according to a new report

Tech Republic Security

About one-quarter of respondents do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security

IoT 170

China officially condemns Pegasus spyware surveillance and accuses US

CyberSecurity Insiders

Chine Foreign Ministry has issued a public statement condemning the distribution and usage of Pegasus Spyware surveillance software by various countries.

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

When millions of people around the world were sent home to work at the onset of the global COVD-19 pandemic, they left behind not only empty offices but also a host of Internet of Things (IoT) devices – from smartwatches to networked printers – that were still connected to corporate networks and cranking away.

IoT 113

New Windows and Linux Flaws Give Attackers Highest System Privileges

The Hacker News

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.

Companies are losing the war against phishing as attacks increase in number and sophistication

Tech Republic Security

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors

Mobile 168

The Top Five Habits of Cyber-Aware Employees

CyberSecurity Insiders

By: Matt Lindley, COO and CISO at NINJIO. The ultimate goal of any effective cybersecurity platform is to make digital safety and awareness second nature to employees.

Some URL shortener services distribute Android malware, including banking or SMS trojans

We Live Security

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity. Mobile Security Uncategorized

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

The Hacker News

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.

Your iPhone and the Pegasus spyware hack: What you need to know

Tech Republic Security

iPhones have been compromised by the NSO Group's Pegasus spyware. Should you be worried? That depends on who you ask

Malware, Cybercrime and Cloud Security

CyberSecurity Insiders

Organizations have expedited use of and reliance on public cloud services to run their businesses in ways that would have been hard to anticipate, even a few years ago.

The Second Wave of a Ransomware Pandemic

Security Boulevard

In January, we published the Ransomware Pandemic, a report discussing the ever-evolving threat of ransomware and the growing devastation disseminated by these malicious malware strains.

Five Critical Password Security Rules Your Employees Are Ignoring

The Hacker News

According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic?

Kaseya obtained a universal decryptor for REvil ransomware attack

Security Affairs

The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware.

Threat Hunting Frameworks and Methodologies: An Introductory Guide

CyberSecurity Insiders

Author: Dave Armlin, VP Customer Success, ChaosSearch. Creating an effective threat hunting program is among the top priorities of security leaders looking to become more proactive and build active defenses.

The Move Toward Continuous Testing

Security Boulevard

DevSecOps is the expansion of DevOps that includes security professionals as well. The idea is for everyone to be looking at the code together, rather than in silos. This will produce the most robust and resilient software with the least amount of time and cost.