WEIS 2021 Call for Papers
Schneier on Security
FEBRUARY 18, 2021
The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers.
This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Schneier on Security
FEBRUARY 18, 2021
The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers.
Daniel Miessler
SEPTEMBER 12, 2021
This post will talk about my initial thoughts on The OWASP Top 10 release for 2021. Let me start by saying that I have respect for the people working on this project, and that as a project maintainer myself, I know how impossibly hard this is.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JUNE 8, 2021
Among the zero-days are: – CVE-2021-33742 , a remote code execution bug in a Windows HTML component. – CVE-2021-31955 , an information disclosure bug in the Windows Kernel. – CVE-2021-31956 , an elevation of privilege flaw in Windows NTFS.
Krebs on Security
DECEMBER 19, 2024
The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. Archive.org’s recollection of what altugsara dot com looked like in 2021.
Security Affairs
MARCH 3, 2025
authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, which is a decentralized finance (DeFi) protocol built on Binances BNB Chain.
Schneier on Security
FEBRUARY 11, 2022
Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system.
Joseph Steinberg
NOVEMBER 17, 2021
Rockville, MD – November 17, 2021 – Sepio Systems , the leader in Zero Trust Hardware Access (ZTHA), announced today that cybersecurity expert Joseph Steinberg has joined its advisory board. He is also the inventor of several information-security technologies widely used today; his work is cited in over 500 published patents.
Schneier on Security
SEPTEMBER 20, 2023
million in 2021, according to Cybersecurity Ventures. What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.
The Last Watchdog
DECEMBER 2, 2021
In fact, Gartner forecasts that global spending on information security and risk management services will reach $150.4 In response to the growing threat of ransomware attacks, organizations are piling on more and more “defense in depth” cybersecurity solutions that are costly and difficult to manage. billion this year.
Daniel Miessler
MARCH 24, 2021
Mar 24, 2021 — Thanks to Andrew R. Mar 24, 2021 — Someone mentioned that there are higher ranks of authentication out there, which I agree with, but this is specifically for everyday users. Mar 24, 2021 — We can pronounce the acronym as “Chasm”, as in, “Lets see how deep into the chasm you are…” ??.
Security Affairs
OCTOBER 11, 2022
VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048 , in the vCenter Server. Please review KB89027 for more information.”
Joseph Steinberg
JUNE 23, 2021
He has been calculated to be one of the top 3 cybersecurity influencers worldwide, and has written books ranging from Cybersecurity for Dummies to the official study guide from which many Chief Information Security Officers (CISOs) study for their certification exams. New York, NY – June 23, 2021. About Newsweek.
SecureList
MARCH 12, 2024
Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.
Security Affairs
OCTOBER 27, 2024
In November 2021, the US Department of Justice charged Vasinskyi, REvil ransomware affiliate, for orchestrating the ransomware attacks on Kaseya MSP platform that took place on July 4, 2021.
Security Affairs
JANUARY 21, 2025
In May 2019, Security researchers with Tencent Security Keen Lab identified five vulnerabilities , tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.
Security Affairs
JUNE 20, 2024
A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.
Security Affairs
MARCH 26, 2024
The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. According to the police, the offences were committed between autumn 2020 and early 2021.
Security Affairs
JANUARY 4, 2025
. “These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors.“
Daniel Miessler
DECEMBER 18, 2021
From the Apache advisory: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 Look for ${event:Message} or ${ctx:*} in your log4j2 properties or xml files — d0nut (@d0nutptr) December 15, 2021. POV: you follow me pic.twitter.com/Xw33fmji1A — d0nut (@d0nutptr) December 15, 2021. Shame on me.
Security Affairs
FEBRUARY 13, 2025
“ Since 2021, Seashell Blizzard’s subgroup has exploited vulnerable infrastructure using scanning tools, evolving TTPs for persistence and lateral movement. This approach allowed covert access, credential theft, and data exfiltration while bypassing traditional security audits.
Daniel Miessler
MAY 19, 2021
Every year I like to look at Verizon’s DBIR report and see what kind of wisdom I can extract. This year they appear to have put in even more effort, so let’s get into it. The format is simple: a series of content extraction bullets, some analysis and commentary along the way, and then a quick summary of what I saw as the main takeaways.
Joseph Steinberg
JANUARY 10, 2023
Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum in 2021, will continue serving as a member of the premier news organization’s council in 2023. A prolific inventor of cybersecurity technology, Steinberg is also cited in over 500 US patent filings.
Krebs on Security
OCTOBER 31, 2021
. “Such code copying is a significant source of real-world security exploits.” ” Rust has released a security advisory for this security weakness, which is being tracked as CVE-2021-42574 and CVE-2021-42694. ” Image: XKCD.com/2347/.
Security Affairs
OCTOBER 12, 2024
Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.
Security Affairs
JANUARY 19, 2024
China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. ” concludes the report.
Security Affairs
FEBRUARY 4, 2025
Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them. ” reads the advisory.
Security Affairs
NOVEMBER 9, 2024
The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. Like in so many cases, these vulnerabilities are caused by insufficient sanitization when handling attacker-supplied input.” ” reads the advisory.
Security Affairs
DECEMBER 2, 2024
Russia first blocked Tor in 2021, but at the time the censorship was bypassed via bridges. .” reads the announcement published by Tor Project. Tor Project maintainers are urging users to deploy 200 WebTunnel bridges by year-end allow users in Russia to bypass government censorship.
Security Affairs
MARCH 13, 2025
Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.
Security Affairs
MARCH 10, 2025
@chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Victims include AMD and Keralty.
Joseph Steinberg
JANUARY 4, 2022
Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum last year, will continue serving as a member throughout 2022. A prolific inventor of cybersecurity technology, Steinberg is also cited in over 500 US patent filings. He amassed millions of readers as a regular columnist for Forbes and Inc.
Security Affairs
NOVEMBER 18, 2024
The carrier suffered multiple data breaches in the last years, the last one in order of time took place in December 2021 when it disclosed a data breach that impacted a “very small number of customers” who were victims of SIM swap attacks. In February 2021, hundreds of users were hit with SIM swapping attacks.
Krebs on Security
APRIL 27, 2023
This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. “My team is frustrated by the permissive nature of the platform,” Carbee said. As a result, five companies eventually fixed the problem.
The Hacker News
MAY 24, 2024
Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity.
Security Affairs
OCTOBER 23, 2024
“According to the SEC’s orders, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the threat actor likely behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized its cybersecurity incident in its public disclosures.”
Krebs on Security
MARCH 1, 2022
27, a new Twitter account “ Contileaks ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. government shared information with the Russians about the hackers they suspected were behind Trickbot. On Sunday, Feb.
Krebs on Security
MARCH 7, 2022
In 2020, researchers from Athens University School of Information Sciences and Technology in Greece showed (PDF) how ransomware-as-a-service offerings might one day be executed through smart contracts. Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif., ” Stern wrote.
Security Affairs
JANUARY 14, 2025
According to court documents , threat actors used the malware to target European shipping firms (2024), European governments (2021-2023), Chinese dissident groups, and Indo-Pacific governments, including Taiwan and Japan. A French law enforcement agency has gained access to the C2 server (45.142.166.112) used to control the malware.
Security Affairs
FEBRUARY 3, 2025
Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND, which are running targeted scams for specific victim profiles.
Security Affairs
NOVEMBER 3, 2024
Active since 2021, Storm-0940 gains access through password spraying, brute-force attacks, and exploiting network edge services, targeting sectors like government, law, defense, and NGOs in North America and Europe. Other variants like axlogin and zylogin target Axentra NAS and Zyxel VPNs respectively, but they are smaller and less observed.
Security Affairs
DECEMBER 26, 2024
In April 2021, China-linked APT breached New York Citys Metropolitan Transportation Authority (MTA) network exploiting a Pulse Secure zero-day. The Kansas City Area Transportation Authority (KCATA) is a public transit agency in metropolitan Kansas City.
Security Affairs
NOVEMBER 29, 2024
On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C. On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey.
Security Affairs
DECEMBER 3, 2024
In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents.
Krebs on Security
SEPTEMBER 15, 2021
A phone call placed to the media contact number listed on an August 2021 TTEC earnings release produced a message saying it was a non-working number. TTEC immediately activated its information security incident response business continuity protocols, isolated the systems involved, and took other appropriate measures to contain the incident.
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content