Daniel Miessler
SEPTEMBER 12, 2021
This post will talk about my initial thoughts on The OWASP Top 10 release for 2021. Let me start by saying that I have respect for the people working on this project, and that as a project maintainer myself, I know how impossibly hard this is. Right, so with that out of the way, here’s what struck me with this list, along with some comments on building lists like this in general.
Krebs on Security
SEPTEMBER 15, 2021
TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. While many companies have been laying off or furloughing workers in response to the Coronavirus pandemic, TTEC has been massively hiring.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 17, 2021
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.
Tech Republic Security
SEPTEMBER 17, 2021
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Daniel Miessler
SEPTEMBER 17, 2021
In a previous post I talked about how security questionnaires are security theater. They were in 2018—and they still are—but pointing this out always raised the same challenge: Fine, but we have to do something. What’s the alternative? It’s a fair point, and I think we have an answer. I’m a bit allergic to 1.0 and 2.0 designations, but in this case I think we have a clear transition.
Krebs on Security
SEPTEMBER 16, 2021
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 14, 2021
Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity.
We Live Security
SEPTEMBER 17, 2021
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. The post Numando: Count once, code twice appeared first on WeLiveSecurity.
CSO Magazine
SEPTEMBER 16, 2021
Social engineering definition. Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.
Schneier on Security
SEPTEMBER 13, 2021
Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
SEPTEMBER 17, 2021
Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.
Security Boulevard
SEPTEMBER 15, 2021
To stay a step ahead of cyber defenders, malware authors are using “exotic” programming languages—such as Go (Golang), Rust, Nim and Dlang—to evade detection and impede reverse engineering efforts. Unconventional languages are composed of more complex and convoluted binaries that are harder to decipher than traditional languages like C# or C++. This entices both APTs.
Bleeping Computer
SEPTEMBER 16, 2021
Security researchers have discovered malicious Linux binaries created for the Windows Subsystem for Linux (WSL), indicating that hackers are trying out new methods to compromise Windows machines. [.].
Trend Micro
SEPTEMBER 14, 2021
Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
SEPTEMBER 15, 2021
Tuesday is National Online Learning Day. To ring in the holiday, we've crafted a guide to help students of all ages stay safe online and protect the home network in the virtual classroom.
We Live Security
SEPTEMBER 14, 2021
Discover the best ways to mitigate your organization's attack surface, in order to maximize cybersecurity. The post What is a cyberattack surface and how can you reduce it? appeared first on WeLiveSecurity.
Bleeping Computer
SEPTEMBER 15, 2021
The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. [.].
Security Boulevard
SEPTEMBER 14, 2021
A year ago, the buzz in cybersecurity was around how to best secure a remote workforce. Today, organizations have to consider how to secure a hybrid environment, with not just a mix of on-premises and cloud-based infrastructure but also with a workforce that is splitting time between the office and a remote site. “The shift. The post Securing the Edge in a Hybrid Environment appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
SEPTEMBER 14, 2021
Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.
The Hacker News
SEPTEMBER 16, 2021
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks.
Bleeping Computer
SEPTEMBER 15, 2021
?Kali Linux 2021.3 was released yesterday by Offensive Security and includes a new set of tools, improved virtualization support, and a new OpenSSL configuration that increases the attack surface. [.].
Security Boulevard
SEPTEMBER 14, 2021
As we covered in our recent PKI Survey results webcast, cybersecurity threats are a serious cause for concern for most organizations. Here we run through 7 of the major threat types 2021 has brought to the surface. The post Don’t Sleep on These 7 Cybersecurity Threats appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
SEPTEMBER 13, 2021
Most executives cite ransomware as their biggest security concern but few have run simulated attacks to prepare, says Deloitte.
We Live Security
SEPTEMBER 13, 2021
From cybercriminal evergreens like phishing to the verification badge scam we look at the most common tactics fraudsters use to trick their victims. The post Beware of these 5 common scams you can encounter on Instagram appeared first on WeLiveSecurity.
Bleeping Computer
SEPTEMBER 16, 2021
A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free. [.].
CyberSecurity Insiders
SEPTEMBER 14, 2021
We all known that a few weeks ago, American Telecom Giant T-Mobile experienced a cyber attack in which data related to over 54.6m individuals was exposed to hackers and that includes information such as addresses, names, DoBs, phone numbers, social security numbers, driving license details, IMEI numbers, IMSI numbers and some credit card info related to customers paying their T-Mobile bill online.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
SEPTEMBER 13, 2021
The smart home could be ripe for IoT device attacks as cybercriminals rake in record ransomware payments. Remote work may be responsible for the increase in attacks, Kaspersky says.
CSO Magazine
SEPTEMBER 14, 2021
As companies move more and more of their infrastructure to the cloud, they're forced to shift their approach to security. The security controls you need to put in place for a cloud-based infrastructure are different from those for a traditional datacenter. There are also threats specific to a cloud environment. A mistake could put your data at risk.
Bleeping Computer
SEPTEMBER 14, 2021
Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly. [.].
CyberSecurity Insiders
SEPTEMBER 13, 2021
Apple Inc has proudly announced that it has issued a fix to the famous Pegasus Spyware vulnerability existing on iPhones that could lead remote hackers to take control of the device to conduct espionage. Factually, the newly detected flaw was an addition to the already detected Pegasus malware flaw that was developed by NSO Group to hack into the phones of terrorists; but was actually being used to intercept communication taking place between the world’s prestigious dignitaries.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
364 
Let's personalize your content