Schneier on Security

JUNE 4, 2018

Last week, researchers disclosed vulnerabilities in a large number of encrypted email clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. But first, if you use PGP or S/MIME to encrypt email, you need to check the list on this page and see if you are vulnerable.

Computers and Electronics 137

Computers and Electronics Encryption Internet Internet 137

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. “And the ‘fix’ put in seems to be temporary in nature.”

Telecommunications 360

Telecommunications Mobile Wireless Accountability 360

Identity IQ

FEBRUARY 8, 2024

Alongside the benefits of a digitally connected office, however, is the ongoing threat of cyberattacks. Among these ever-present threats is phishing, which is a deceptively simple yet effective method cybercriminals use to compromise both business and personal accounts. What Is Phishing?

Phishing 98

Phishing Scams Education Firewall 98

Malwarebytes

DECEMBER 7, 2021

Although the news and press release regarding this haven’t mentioned other browsers that are Chromium-based and Firefox-based, we can make a cautious assumption that these, too, could be vulnerable to the new XS-Leak attacks. But what is XS-Leak? Why should internet users be worried about them? What is the XSinator?

Mobile 133

Mobile Internet Internet Risk 133

The Last Watchdog

AUGUST 19, 2021

Here’s what they had to say, edited for clarity and length: Allie Mellen , analyst, Forrester. Instead of addressing the security gaps that have plagued T-Mobile for years, they are offering their customers temporary identity protection when breaches happen, as if to say, ‘This is the best we can do.’. Josh Shaul, CEO, Allure Security.

Mobile 306

Mobile Data breaches Authentication Accountability 306

NopSec

FEBRUARY 13, 2024

Brad LaPort , a veteran Gartner analyst and I were on a content project, talking about why the market was missing out on a new category to encapsulate the disparate exposure data and derive actionable insights. We were debating about what we should call this new category. Threat Exposure Management?

Marketing 52

Marketing Risk Digital transformation Software 52

eSecurity Planet

MAY 12, 2023

Overview Security vulnerabilities enable attackers to compromise a resource or data. Vulnerabilities occur through product defects, misconfigurations, or gaps in security and IT systems. Vulnerabilities consist of two categories: unplanned and planned. Policy defines what MUST be done, not HOW it must be done. Download 1.

Penetration Testing 108

Penetration Testing Risk Firmware Software 108

Schneier on Security

OCTOBER 12, 2018

The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data. As a result, we are stuck with hackable internet protocols, computers that are riddled with vulnerabilities and networks that are easily penetrated. Security is not a problem the market will solve.

Government 230

Government Internet Internet Marketing 230

CyberSecurity Insiders

JANUARY 28, 2022

In this article, we will explore penetration testing services pricing as well as factors that might affect the pricing of a penetration test and what you should look for when choosing a penetration tester. Penetration testing is important because it allows businesses to identify any vulnerabilities in their system.

Penetration Testing 114

Penetration Testing Data breaches Social Engineering Security Awareness 114

eSecurity Planet

APRIL 7, 2023

It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEM , incident response , intrusion detection and more should raise the profile of those defensive tools. What’s new in Kali 2023.1?

Penetration Testing 141

Penetration Testing Social Engineering Energy and Utilities Hacking 141

McAfee

JANUARY 5, 2022

Why am I here? . And even better, you found your way to ATR’s monthly security digest where we discuss our favorite vulnerabilities of the last 30 days. What is it? . It was revealed in early December that a path traversal vulnerability allowed an attacker to access local files due to an improper sanitization of “./././”

Software 81

Software Network Security Authentication Internet 81

Malwarebytes

AUGUST 30, 2022

If you are a user of Google Chrome or any other Chromium-based web browser, then websites may push anything they want to the operating system's clipboard without your permission or any user interaction. This means that by simply visiting a website, the data on your clipboard may be overwritten without your consent or knowledge.

Banking 68

Banking Accountability Malware 68

SC Magazine

MAY 28, 2021

Some in the security research community are concerned that over marketing of vulnerability disclosures are misleading the public about their true impact. Worst of all, it’s built into Apple’s M1 chip design, meaning that it cannot be patched or fixed without new redesign.

Media 99

Media Marketing Information Security Accountability 99

SecureWorld News

APRIL 27, 2023

Should it be used broadly to identify a wide range of security holes and improperly retained sensitive data, including problems that neither Security nor IT had even considered? The biggest strategic issue speaks to cybersecurity strategies well beyond pen testing: What should an enterprise do with the results?

Penetration Testing 92

Penetration Testing CISO IoT Risk 92

Krebs on Security

AUGUST 2, 2019

What follows is based on interviews with almost a dozen security experts, including one who is privy to details about the ongoing breach investigation. Because this incident deals with somewhat jargon-laced and esoteric concepts, much of what is described below has been dramatically simplified.

Hacking 238

Hacking Firewall Data breaches Software 238

SiteLock

AUGUST 27, 2021

With more consumers and B2B enterprises conducting business in the cyber world, security threats are an increasing concern. Winning the ongoing battle against cybercrime and criminals starts with understanding the nature of the threats and how to combat them. How high is your business’ cyber threat intelligence ?

Cyber threats 98

Cyber threats Mobile B2B Threat Detection 98

Malwarebytes

APRIL 14, 2021

A rather remarkable story has emerged, setting the scene for lively debates about permissible system access. Bizarrely, they did this without letting the admins know beforehand. A campaign targeting vulnerable Exchange servers has left web shells scattered everywhere. When calls to fix systems go unheeded.

Malware 92

Malware Hacking Phishing Passwords 92

SecureWorld News

FEBRUARY 4, 2021

I was just a kid. This story has a direct parallel to what is happening at some organizations right now, especially when it comes to ransomware and Zero-Day attacks. Security researchers say an increasing number of ransomware victims are doing exactly that. Maybe that's why I'll never forget that night. That's excellent advice.

Ransomware 87

Ransomware Risk Cyber Risk CISO 87

SecureWorld News

FEBRUARY 29, 2024

Interestingly enough, recent BlackCat threats are in response to a groundbreaking move against cybercrime. In a LinkedIn comment regarding a blog post about BlackCat's retaliatory move on HealthcareInfoSecurity , Krista Arndt , CISO at United Musculoskeletal Partners, said: " Retaliation is so much fun. Insert sarcasm here).

Healthcare 102

Healthcare Ransomware Cyber threats Encryption 102

Troy Hunt

DECEMBER 21, 2017

In the first 4 parts of "Fixing Data Breaches", I highlighted education , data ownership and minimisation , the ease of disclosure and bug bounties as ways of addressing the problem. But it's important, so let me do my best articulating it. Are Organisations Actually Paying Attention? This is an incident where 4.8

Data breaches 127

Data breaches Education Hacking Passwords 127

ForAllSecure

FEBRUARY 23, 2023

In this blog post, we'll explore why API security is so important, and how you can make sure you're doing it right. This includes rigorous authentication procedures, regular vulnerability scanning, and refined access control for customer data. There are too many ways to define what “API security” is.

Authentication 52

Authentication Threat Detection Firewall Technology 52

SC Magazine

MARCH 26, 2021

The issue is so widespread, in fact, that a panel of experts who specialize in threat hunting, IT consulting and/or managed services for smaller businesses called for third-party partners to push for client contracts that authorize them to take decisive mitigation steps in critical situations without permission. John Ferrell, ?co-founder

Scams 83

Scams CISO Technology Engineering 83

ForAllSecure

APRIL 27, 2023

. “Shift left” approaches combined development processes and methodologies with traditional operations tasks, putting more work on development teams in exchange for freedom from fire drills and production fixes. The Emergence of DevOps Fun fact: In 2010 I was doing ‘development operations’ for a small engineering team.

Software 52

Software Risk Engineering Architecture 52

Krebs on Security

OCTOBER 9, 2018

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? “Although Xiongmai had seven months notice, they have not fixed any of the issues,” the researchers wrote in a blog post published today. Source: xiongmaitech.com.

Computers and Electronics 198

Computers and Electronics IoT Passwords Internet 198

Malwarebytes

DECEMBER 6, 2022

The individual sections of the 17 digit number detail all manner of information about the car, ranging from manufacturer to attributes. If there was no way to pull this data together, you’d potentially have no real way of knowing what you may be getting yourself into as a buyer which could have major ramifications down the line.

Manufacturing 91

Manufacturing Wireless Risk Data collection 91

ForAllSecure

OCTOBER 9, 2019

Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future. The technology is poised to change just about everything else …at least eventually. When it comes to what can you do today?

InfoSec 52

InfoSec Artificial Intelligence Computers and Electronics Software 52

SiteLock

AUGUST 27, 2021

Despite the alarming stats above, you may still be asking a lot of questions: Do I really need website security? With our fast, affordable website security solutions, we find, fix, and protect against malware and other cyberattacks that threaten websites and businesses every day. Q: What is website security?

Malware 52

Malware Backups Engineering Small Business 52

SiteLock

AUGUST 27, 2021

When you’re busy managing your website, it helps to have a security expert on your side should you ever run into trouble. Expert Services is our team of trained security engineers who manually find and fix malware, vulnerabilities, and other security issues quickly. See what our customers have to say about Expert Services!

Malware 52

Malware Engineering Firewall Education 52

ForAllSecure

MAY 17, 2023

Or even basic low level threat analysis. Chris Gray of Deep Watch talks about the view from the inside of a virtual SOC, the ability to see threats against a large number of SMB organizations, and the changes to cyber insurance we’re seeing as a result. A lot of SMBs do not have security operations centers or SOCs.

Internet 40

Internet Internet Insurance Cyber Insurance 40

LRQA Nettitude Labs

MARCH 22, 2023

A covert entry assessment is a physical security assessment in which penetration testers try to gain access to sensitive or valuable data, equipment, or a certain location on a target site, without being detected. This can help with persistence and increase the total time a penetration tester can spend on a site without being detected.

Social Engineering 52

Social Engineering Engineering Penetration Testing Security Awareness 52

Thales Cloud Protection & Licensing

MARCH 10, 2021

Looking specifically at today’s automobiles, they run as much on code and connectivity as they do on electricity or gasoline, especially as new safety and accident avoidance features are rolled out. Additionally, many auto manufacturers now have the ability to remotely update software to fix vulnerabilities or even upgrade functionality.

IoT 78

IoT Firmware Manufacturing Encryption 78

eSecurity Planet

NOVEMBER 17, 2022

Vendors regularly deliver feature updates, correct malfunctions, and issue security patches to improve the performance and eliminate security vulnerabilities in their products. Prompt adoption of these updates protects against threats and potentially improves the experience for users and can improve productivity for the organization.

Firmware 52

Firmware Software Backups Risk 52

Errata Security

MAY 19, 2020

In today's post, I answer the following question: Our customer's employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature can we add for these customers? Your product has security bugs, known as vulnerabilities.

Engineering 41

Engineering VPN Encryption Marketing 41

Errata Security

APRIL 1, 2020

Today a couple vulnerabilities were announced in Zoom, the popular work-from-home conferencing app. Hackers can possibly exploit these to do evil things to you, such as steal your password. This means my non-techy friends and relatives have been asking about it. I thought I'd write up a blogpost answering their questions.

Passwords 47

Passwords Accountability Internet Internet 47

McAfee

MAY 19, 2020

In my last blog I talked about how we should define “zero day” and the many misuses which in my view muddy the waters, making it ever more difficult to address the actual problem. In case you missed that one you can read it here , or you can simply accept the premise that zero day threats are very rare.

Malware 52

Malware Education Software Marketing 52

ForAllSecure

JUNE 8, 2022

Martin joins The Hacker Mind to discuss this and his earlier Bluetooth vulnerability research, including the Car Whisperer and the Tesla Radar. Vamosi: I once wrote about a petty car thief in Prague, Czech Republic who started the usual way by using scissors to cut the wires and hotwire the engine to drive away. Think about it.

Hacking 52

Hacking Manufacturing Encryption Wireless 52

ForAllSecure

JUNE 16, 2021

In this episode, Jason Kent from Cequence Security talks about his experience hacking a garage door opener API, the tools he uses such as Burp, ZAP, and APK tool, and why we need to be paying more attention to the OWASP API Security Top 10. For that, I called upon an expert. I play an adversarial role with our clients.

Hacking 52

Hacking Mobile Authentication Internet 52