Sat.Jul 31, 2021 - Fri.Aug 06, 2021

The European Space Agency Launches Hackable Satellite

Schneier on Security

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […].

Biden Sets Cyber Standards for Critical Infrastructure

Lohrman on Security

A new presidential directive announced that performance standards will be released for critical infrastructure operated by the public sector and private companies to bolster national cybersecurity

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

What is Zero Trust Network Access (ZTNA)?

Doctor Chaos

The Information Technology (IT) industry is growing, and the technologies that are made available tend to grow in number and complexity as well. With more and more people working from home or any remote location, it’s no surprise that cybersecurity threats are becoming more prevalent.

VPN 130

Black Hat insights: The retooling of SOAR to fit as the automation core protecting evolving networks

The Last Watchdog

In less than a decade, SOAR — security orchestration, automation and response — has rapidly matured into an engrained component of the security technology stack in many enterprises. Related: Equipping SOCs for the long haul. SOAR has done much since it entered the cybersecurity lexicon to relieve the cybersecurity skills shortage. SOAR leverages automation and machine learning to correlate telemetry flooding in from multiple security systems.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Ransomware Attacks Leave Lasting Damage

Security Boulevard

Organizations hit by ransomware attacks also report tightened budgets and lingering impacts on productivity, profitability and security posture, suggesting the extensive damage caused in the wake of ransomware attacks has long-lasting effects. A Keeper Security survey of 2,000 U.S.-based

10 DevOps Tools for Continuous Monitoring

CyberSecurity Insiders

Author: Dave Armlin, VP Customer Success, ChaosSearch. DevOps has become the dominant software development and deployment methodology over the past decade.

More Trending

Threat actors leaked data stolen from EA, including FIFA code

Security Affairs

Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data.

Cloudflare Vulnerability Enabled Compromise of 12% of All Websites

Security Boulevard

A vulnerability in the open-source cdnjs CDN could have enabled cyberattacks on the 12.7% of ALL websites that rely on its JavaScript and CSS libraries, with hackers taking over systems or propagating flaws to millions of websites.

Alerts, Events, Incidents – Where Should Your Security Team Focus?

CyberSecurity Insiders

By Brian Stoner, Vice President, Service Providers at Stellar Cyber. As the cybersecurity threat landscape is evolving so is the way we need to look at those threats. The drumbeat of new breaches is continuous.

Hospitals Still Use Pneumatic Tubes—and They Can Be Hacked

WIRED Threat Level

The tech may seem antiquated, but it poses very modern cybersecurity problems. Security Security / Cyberattacks and Hacks

Behind the scenes: A day in the life of a cybersecurity expert

Tech Republic Security

Leading a team is kind of like when a burglar alarm goes off and "you're the police," says the head of cybersecurity at ExpressVPN

Security BSides Athens 2021 – Talk 1: Erfan Fazeli’s ‘Blockchain Basics And Security For Penetration Testers’

Security Boulevard

Our thanks to Security BSides Athens for publishing their outstanding Security BSides Athens 2021 Conference videos on the groups' YouTube channel. Permalink.

Cloud Security Company SecureWorx acquired by EY Australia

CyberSecurity Insiders

Ernst & Young Australia has made it official that it is going to acquire Cloud Security Company SecureWorx that offers managed security solutions to National Network Operations Centre (NOC) and Secure Operations Centre (SOC).

Not the Invasion They Warned Us About: TikTok and the Continued Erosion of Online Privacy

Approachable Cyber Threats

Category News, Privacy Risk Level. Gone are the days where the term “invasion” was, in most cases, jovially preceded by the word “Alien” and a subsequent discussion on the likelihood of extraterrestrial life existing in the cosmos.

What Is Ransomware As A Service?: What You Need To Know

SiteLock

You’ve likely heard of ransomware, the highly profitable cybercrime through which malicious actors gain unauthorized access to sensitive data and hold it hostage in exchange for a ransom, typically paid in cryptocurrency. With that in mind, you’re likely wondering “What is ransomware as a service?”

Debunking the seven myths of FSI application security

Security Boulevard

Don’t let myths undermine the security of financial software. We examine the seven myths and misconceptions found in FSI application security. The post Debunking the seven myths of FSI application security appeared first on Software Integrity Blog.

The Top 30 Vulnerabilities Include Plenty of Usual Suspects

WIRED Threat Level

Plus: A sneaky iOS app, a wiper attack in Iran, and more of the week's top security news. Security Security / Security News

87

PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S.

The Hacker News

Cybersecurity researchers on Monday disclosed a set of nine vulnerabilities known as "PwnedPiper" that left a widely-used pneumatic tube system (PTS) vulnerable to critical attacks, including a possibility of complete takeover.

Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System

Dark Reading

"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows

75

U.S., UK and Australia Issue Joint Cybersecurity Advisory

Security Boulevard

As vulnerabilities are discovered, advisories are issued, remedies and mitigations are shared and then the onus is on the end user and/or company to do what’s necessary to close the window into their infrastructure.

WordPress Download Manager Plugin was affected by two flaws

Security Affairs

An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations.

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

The Hacker News

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks.

Registry Explorer is the registry editor every Windows user needs

Bleeping Computer

Last week, a new open-source Registry Editor was released that puts Windows Regedit software to shame by supporting a host of advanced features, making editing the Registry easier than ever. [.]. Microsoft Software

How to stop your exposed API business logic from being breached

Security Boulevard

This article was originally published in The Hacker News. The post How to stop your exposed API business logic from being breached appeared first on Security Boulevard. Security Bloggers Network API security CISOs Cybersecurity

CISO 82

Do You Trust Your Smart TV?

Security Affairs

Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy? In our latest video, we demonstrate an attack scenario that can occur within any organization – hacking a smart TV.

Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild

The Hacker News

Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular".NET-based

Set up an SSH tarpit in Ubuntu Server 20.04: Here's how

Tech Republic Security

You can add an SSH tarpit to Ubuntu Server with the help of endlessh. Jack Wallen shows you how

99

SANS Survey Finds Only 29% of Orgs Have Automated Most of Their Security Testing

Security Boulevard

IT workloads are increasingly moving to the cloud, changing the way organizations develop and deliver software. Deploying and running production systems is now separate from the hardware and network, infrastructure is defined through code, and operations are now part of cloud service APIs.

GhostEmperor, a new Chinese-speaking threat actor targets Southeast Asia

Security Affairs

Kaspersky experts spotted a previously undocumented Chinese-speaking threat actor, tracked as GhostEmperor, that is targeting Microsoft Exchange flaws in attacks on high-profile victims.

On course for a good hacking

We Live Security

A story of how easily hackers could hit a hole-in-one with the computer network of a premier golf club in the UK. The post On course for a good hacking appeared first on WeLiveSecurity. Hacking

Detect What Others Miss with CESA

Cisco Retail

BrandPost: Improving Cybersecurity as a Team

CSO Magazine

No matter an organization's size or complexity, cybersecurity is a team sport. Departments and individuals across the board have a stake in ensuring that assets and data remain secure. Just like a successful sports team, collaboration among the players is essential.

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

Security Affairs

Cybersecurity researchers disclosed multiple flaws, dubbed PwnedPiper , that left a widely-used pneumatic tube system (PTS) vulnerable to attacks.

Champion Spotlight: Hans Dam

Security Boulevard

?. This interview was cross-posted from the Veracode Community. With his third consecutive championship in the Secure Coding Challenge – the monthly coding competition in the Veracode Community – Hans Dam is the first in the community to clinch the title of Secure Code Champion.

Windows PetitPotam attacks can be blocked using new method

Bleeping Computer

Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. [.]. Microsoft Security

93

5 riskiest mobile apps

CSO Magazine

Unsanctioned software and applications running on corporate mobile devices is a security nightmare.