Schneier on Security
SEPTEMBER 1, 2021
Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they don’t require to victim to do anything, like click on a link or open a file. The victim receives a text message, and then they are hacked. More on this here.
Krebs on Security
SEPTEMBER 1, 2021
Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two weeks ago, VIP72’s online storefront — which ironically enough has remained at the same U.S.-based Internet address for more than a decade — simply vanished.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
AUGUST 30, 2021
As you are reading our recent paper “Autonomic Security Operations?—?10X Transformation of the Security Operations Center” , some of you may think “Hey, marketing inserted that 10X thing in there.” Well, 10X thinking is, in fact, an ancient tradition here at Google. We think that it is definitely possible to apply “10X thinking” to many areas of security (at the same link , they say that sometimes it is “easier to make something 10 times better than it is to make it 10 percent better” ).
Lohrman on Security
AUGUST 29, 2021
From cryptocurrency thefts to hacking bank accounts, SIM swapping is a growing threat online. Here are relevant definitions, real-world examples and tips to help stop cyber criminals.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
AUGUST 30, 2021
Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.
Tech Republic Security
SEPTEMBER 3, 2021
Cybersecurity training is not the same across all companies; SMB training programs must be tailored according to size and security awareness. Here are an expert's cybersecurity training tips.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
AUGUST 31, 2021
Microsoft Windows 11 won’t auto-update on slightly old PCs. It appears this includes security updates. The post Windows 11 Security Scare—MS Nixes Fixes on Older PCs appeared first on Security Boulevard.
Schneier on Security
SEPTEMBER 3, 2021
Black Hat is a hacker-themed board game.
Tech Republic Security
AUGUST 31, 2021
Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passé, it's time to make the leap to better security.
Bleeping Computer
SEPTEMBER 2, 2021
Almost a month after a disgruntled Conti affiliate leaked the gang's attack playbook, security researchers shared a translated variant that clarifies on any misinterpretation caused by automated translation. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CSO Magazine
AUGUST 30, 2021
Enterprise-class password managers have become one of the easiest and most cost-effective ways to help employees lock down their online accounts. Most of the options were originally designed for individual users. Your organizational needs will differ wildly from security-conscious personal users, but the good news is that the key password management players all have made their solutions suitable for the business world. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 s
We Live Security
SEPTEMBER 3, 2021
Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure. The post A parent’s guide to smartphone security appeared first on WeLiveSecurity.
Tech Republic Security
SEPTEMBER 3, 2021
Fail2ban should be on every one of your Linux servers. If you've yet to install it on either Rocky Linux or AlmaLinux, Jack Wallen is here to help you out with that.
Bleeping Computer
SEPTEMBER 2, 2021
The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
SEPTEMBER 2, 2021
Cybersecurity has steadily crept up the agenda of governments across the globe. This has led to initiatives designed to address cybersecurity issues that threaten individuals and organizations. “Government-led cybersecurity initiatives are critical to addressing cybersecurity issues such as destructive attacks, massive data breaches, poor security posture, and attacks on critical infrastructure,” Steve Turner, security and risk analyst at Forrester, tells CSO.
We Live Security
AUGUST 31, 2021
ESET's cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec's vaccine proof apps VaxiCode and VaxiCode Verif. The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity.
Tech Republic Security
AUGUST 31, 2021
Soft skills are just as important, if not more so, than technical skills in cybersecurity professionals. People with soft skills can be trained in tech skills, expert says.
Bleeping Computer
AUGUST 30, 2021
Single-factor authentication (SFA) has been added today by the US Cybersecurity and Infrastructure Security Agency (CISA) to a very short list of cybersecurity bad practices it advises against. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
SEPTEMBER 3, 2021
It’s a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to. If the mail ends up in the wild? They know there’s a good chance which service has suddenly experienced a breach.
The Hacker News
SEPTEMBER 2, 2021
Microsoft's Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data. A key authentication technology that underpins Microsoft Active Directory is Kerberos.
Tech Republic Security
AUGUST 31, 2021
Docker announced a new subscription plan for enterprises and free access to Docker Desktop for personal use, educational institutions, non-commercial open-source projects and small businesses.
Bleeping Computer
AUGUST 30, 2021
Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
SEPTEMBER 3, 2021
The FBI has issued a Private Industry Notification (PIN) about cybercriminal actors targeting the food and agriculture sector with ransomware attacks. Farms are literally the first step in one of the most important, if not the most important, supply chain in our economy: The food supply chain. As always, cybercriminals love the extra leverage that is provided by how important a target is.
Security Boulevard
SEPTEMBER 1, 2021
The White House-hosted cybersecurity summit on August 25, 2021 was an opportunity for representatives from the private and public sectors to discuss how they can collaborate to address pressing information and computer security issues. Many of the leading technology companies, such as Amazon, Google, IBM and Microsoft, made commitments to expand cybersecurity funding and to.
Tech Republic Security
AUGUST 31, 2021
Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.
Bleeping Computer
AUGUST 31, 2021
The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays to released a joint cybersecurity advisory issued earlier today. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
PCI perspectives
SEPTEMBER 2, 2021
Did you know that there are changes coming in how the Bank Identification Number (BIN, also known as Issuer Identification Number, or IIN) is encoded and used on payment cards? This initial post in a series of blog entries will highlight some of the PCI SSC FAQs that address specific questions related to 8-digit BINs. Upcoming posts will clarify ways in which to determine how 8-digit BINs may affect your environment; the effect of 8-digit BINs on encryption, masking, and truncation formats; and
Security Boulevard
AUGUST 30, 2021
When access to software-as-a-service (SaaS) data goes unmanaged, the likelihood of both insider and external threats increases. That’s why a new report from DoControl Inc. is so troubling. After assessing companies with an average of 1,000 employees and data stores with between 500,000 to 10 million assets, the SaaS company found that 40% of all. The post Unmanaged SaaS Data Brings Supply Chain Risks appeared first on Security Boulevard.
Tech Republic Security
SEPTEMBER 2, 2021
The Labor Day holiday could be prime time for more than just barbecues and closing the pool for the year as the open season on ransomware continues.
Bleeping Computer
SEPTEMBER 3, 2021
Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. [.].
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
285 
Let's personalize your content