Sat.Sep 11, 2021 - Fri.Sep 17, 2021

Zero-Click iMessage Exploit

Schneier on Security

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Uncategorized Apple exploits patching spyware vulnerabilities

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thoughts on the OWASP Top 10 2021

Daniel Miessler

This post will talk about my initial thoughts on The OWASP Top 10 release for 2021. Let me start by saying that I have respect for the people working on this project, and that as a project maintainer myself, I know how impossibly hard this is.

Weekly Update 261

Troy Hunt

Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Identifying Computer-Generated Faces

Schneier on Security

It’s the eyes : The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities.

Media 202

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Krebs on Security

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites.

DDOS 192

More Trending

Are Bots and Robots the Answer to Worker Shortages?

Lohrman on Security

Using software bots has become commonplace in many workplaces around the world, but with worker shortages, will robots start filling more roles soon

Designing Contact-Tracing Apps

Schneier on Security

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic. Uncategorized academic papers COVID-19 geolocation medicine privacy smartphones

195
195

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

The Last Watchdog

Surfshark wants to help individual citizens take very direct control of their online privacy and security. Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. Related: Turning humans into malware detectors. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says

Tech Republic Security

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Numando: Count once, code twice

We Live Security

The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. The post Numando: Count once, code twice appeared first on WeLiveSecurity. Malware

Social engineering explained: How criminals exploit human behavior

CSO Magazine

Social engineering definition. Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.

Behavior-Based Detection Can Stop Exotic Malware

Security Boulevard

To stay a step ahead of cyber defenders, malware authors are using “exotic” programming languages—such as Go (Golang), Rust, Nim and Dlang—to evade detection and impede reverse engineering efforts.

Apple releases emergency patch to protect all devices against Pegasus spyware

Tech Republic Security

Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac

A Ransomware Recovery Plan That's Solid Gold

Dark Reading

Having a gold copy of critical data offline is essential in every organization's disaster recovery or continuity plan. Follow the 3-2-1-1 rule to secure your data

How CISOs and CIOs should share cybersecurity ownership

CSO Magazine

In most organizations, it is common for both the CISO and CIO to have responsibilities around cybersecurity—an issue increasingly pivotal to the effective running of any modern business. Clear, defined cybersecurity ownership can prove integral to successful organizational security positioning.

CISO 114

Serious probe on T-Mobile Cyber Attack 2021

CyberSecurity Insiders

We all known that a few weeks ago, American Telecom Giant T-Mobile experienced a cyber attack in which data related to over 54.6m

Why you should avoid those fun social media "tell us about yourself" questions

Tech Republic Security

Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity

Media 170

What is a cyberattack surface and how can you reduce it?

We Live Security

Discover the best ways to mitigate your organization's attack surface, in order to maximize cybersecurity. The post What is a cyberattack surface and how can you reduce it? appeared first on WeLiveSecurity. Cybersecurity

Russia is fully capable of shutting down cybercrime

CSO Magazine

It is no secret the locus for a great deal of the world’s cybercriminal activity lays within the boundaries of The Russian Federation. The onslaught of ransomware attacks directed at non-Russian entities is evidence of that.

Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

WIRED Threat Level

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan. Security Security / Security News

111
111

Dell study finds most organizations don't think they can recover from a ransomware attack

Tech Republic Security

Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016

Telegram becomes a hub for hackers buying stolen data

CyberSecurity Insiders

Next time you find your corporate database breached, just be sure that the siphoned data might already been traded on a Telegram platform.

Federal agencies face new zero-trust cybersecurity requirements

CSO Magazine

As part of the Biden administration's wide-ranging cybersecurity executive order (EO) issued in May, the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) issued three documents on zero trust last week.

Apple and Google Go Further Than Ever to Appease Russia

WIRED Threat Level

The tech giants have set a troubling new precedent. Security Security / Security News

110
110

You can now eliminate the password for your Microsoft account

Tech Republic Security

By using an alternative means of authentication, you can now go passwordless on your Microsoft account

British schools to get free cybersecurity accessing tool

CyberSecurity Insiders

Schools operating in whole of Britain will get a free cyber security tool for free from September last week. The tool will be rolled out in a testing phase to help the educational institutes in accessing the robustness of their cybersecurity measures.

3 former US intel officers turned cyber mercenaries plead guilty: An insider threat case study

CSO Magazine

The U.S. Department of Justice (DoJ) announced on 14 September a deferred prosecution agreement with two U.S. citizens and one former U.S.

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty.

5 ways to better prepare your organization for a ransomware attack

Tech Republic Security

Most executives cite ransomware as their biggest security concern but few have run simulated attacks to prepare, says Deloitte

Report Finds Over 50% of Security Practitioners Are Unhappy With Current SIEM Vendor

CyberSecurity Insiders

Security industry blogs, magazines, and websites frequently report that many security teams are frustrated by the limitations of their SIEM tool. Analysts find dealing with data collected from numerous hosts within an enterprise to be a daunting task.

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data.

The new maxtrilha trojan is being disseminated and targeting several banks

Security Affairs

A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The new maxtrilha trojan is being disseminated and targeting several banks around the world.

Small businesses need to step up efforts to secure and retain hybrid workers

Tech Republic Security

Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds

Black Matter Ransomware targets Olympus Japan

CyberSecurity Insiders

Japan -based camera and binocular manufacturer Olympus that is also into the manufacturing of medical devices has revealed in an official statement that its servers were targeted by BlackMatter Ransomware group that could have disrupted the computers systems in network operating in Middle East, Europe and Africa.