Sat.Oct 09, 2021 - Fri.Oct 15, 2021

The European Parliament Voted to Ban Remote Biometric Surveillance

Schneier on Security

It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Breach Numbers, Costs and Impacts All Rise in 2021

Lohrman on Security

By almost any measure, the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here’s a roundup of the numbers

Weekly Update 264

Troy Hunt

A lot of cyber things this week: loads of data breach (or "scrape", In LinkedIn's case) incidents, Windows 11 upgrade experiences and then bricking my house courtesy of a Home Assistant update that fundamentally changed the Tuya integration.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Security Risks of Client-Side Scanning

Schneier on Security

Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption.

Risk 218

Patch Tuesday, October 2021 Edition

Krebs on Security

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.

More Trending

Weekly Update 265

Troy Hunt

I had a bunch of false starts with this one. I don't know if it was just OBS or something else, but we got there after several failed attempts and me resorting to reading Gov Parson's nutty tweets until it all started working. "Nutty"

Airline Passenger Mistakes Vintage Camera for a Bomb

Schneier on Security

I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday.

221
221

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.

AI Driving Foreign Influence, Disinformation and Espionage

Security Boulevard

In early October 2021, director of the NSA and U.S. Cyber Command General Paul Nakasone spoke at the 2021 Mandiant Cyber Defense Summit. In his speech, Nakasone detailed numerous ongoing influence operations and outlined how the entities he commands are tackling nation-state threats.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

REvil ransomware explained: A widespread extortion operation

CSO Magazine

REvil is a ransomware-as-a-service (RaaS) operation that has extorted large amounts of money from organizations worldwide over the past year. Its name stands for Ransomware Evil and was inspired by the Resident Evil movie series.

CSO 109

Recovering Real Faces from Face-Generation ML System

Schneier on Security

New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers.

180
180

Broadcom Software's Symantec Threat Hunter Team discovers first-of-its-kind ransomware

Tech Republic Security

The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it's dangerous

Missouri FAIL: Gov. Mike Parson says Viewing Web Source is ‘Hacking’

Security Boulevard

The Missouri Department of Education website was leaking teachers’ social security numbers. A local journalist, Josh Renaud, spotted the PII flaw and reported it to the department, giving them plenty of time to fix the leak. But the state governor accused Renaud of hacking. Specifically, Gov.

Edge computing: The architecture of the future

CSO Magazine

To fully digitize the last mile of business, you need to distribute compute power where it's needed most -- right next to IoT devices that collect data from the real world

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page

174
174

How to combat the most prevalent ransomware threats

Tech Republic Security

Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

In recent years, brands have started butting up against the line between convenience and privacy. Shoppers love the convenience of personalized experiences that their data powers, but then horror stories such as the Cambridge Analytica scandal make people skeptical about how much information companies should be collecting and sharing. Related: Apple battles Facebook over consumer privacy.

October is high season for cyberattacks, InfoSec Institute study shows

CSO Magazine

There has been an exponential increase in cyberattacks around the globe in the last five years and a major chunk of it happened in October each year, according to a study by InfoSec Institute.

Suing Infrastructure Companies for Copyright Violations

Schneier on Security

It’s a matter of going after those with deep pockets.

Retail 148

The White House holds an international summit on ransomware: What you should know

Tech Republic Security

This week the White House held a summit with various nations to address the threat of ransomware. Learn some of the takeaways and why certain nations were excluded

Bracing for the Data Security ‘Bang’

Security Boulevard

Data security is top-of-mind for businesses and consumers alike these days. According to the Gartner Hype Cycle for Data Security, 2021, “organizations are accelerating the deployment of sensitive data across multi-cloud architectures, which exposes data beyond traditional network boundaries.

Microsoft mitigated a record 2.4 Tbps DDoS attack in August

Security Affairs

Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4

DDOS 108

6 ways the pandemic has triggered long-term security changes

CSO Magazine

Some of the changes to IT environments prompted by the COVID-19 pandemic—primarily work-from-home (WFH) and cloud adoption—are here to stay and will require long-term revisions to enterprise cybersecurity strategies.

WhatsApp starts offering password enabled encryption to user backups

CyberSecurity Insiders

From now on, all WhatsApp backups will be protected by a password enabled encryption method offering an extra layer of security protection to users from spying eyes.

Cisco Report Shows Shift Away from Traditional Passwords

Security Boulevard

A report published this week by Cisco’s Duo Security unit found the use of both multifactor authentication (MFA) and biometric authentication is on the rise as alternatives to passwords.

What it costs to hire a hacker on the Dark Web

Tech Republic Security

Though the final price for a cybercriminal's services is usually negotiated, personal attacks are the most expensive, says Comparitech

152
152

Accenture discloses data breach after LockBit ransomware attack

Security Affairs

IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021. Global IT consultancy giant Accenture discloses a data breach after the LockBit ransomware attack that hit the company in August 2021.

Google Launches Security Advisory Service, Security to Workspaces

Dark Reading

Internet giant aims to help companies use the cloud securely and adds more security features to its productivity workspaces to better compete with Microsoft

Experts Say Cyber Attacks Are Getting Worse

Security Boulevard

A new article on WNEP is reporting on experts who claim that cyber attacks are getting worse. Not surprising at the top of the list is ransomware attacks., which have made headlines, crippling healthcare computer systems, 9-1-1 centers, stopping work on gas pipelines, and more.

How a vishing attack spoofed Microsoft to try to gain remote access

Tech Republic Security

A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer

NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

Security Affairs

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack.

DNS 108

'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks

Dark Reading

Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system

Aqua Security Uses eBPF to Extend Security Platform

Security Boulevard

Aqua Security this week at the Kubecon + CloudNativeCon North America conference added a cloud-native detection and response (CNDR) capability to its open source Tracee software-based platform.

Acer hacked (for the second time this year)

Graham Cluley

Hardware and electronics giant Acer has suffered a data breach, with hackers claiming they have stolen 60GB worth of files from the company's Indian servers. Data loss Acer data breach