Schneier on Security
FEBRUARY 12, 2021
Sonja Drummer describes (with photographs) two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second is for integrity: hashed lines written above and below a block of text ensure that no one can add additional text at a later date.
Tech Republic Security
FEBRUARY 12, 2021
Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
FEBRUARY 12, 2021
A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.
Tech Republic Security
FEBRUARY 12, 2021
Agile thinking is important in dealing with cyberattacks. Read one psychologist's tips for cybersecurity professionals on how to adapt and stop the attackers.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Hot for Security
FEBRUARY 12, 2021
Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients Hackers bragged about the poor state of firm’s security. Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy ses
Tech Republic Security
FEBRUARY 12, 2021
Multiple senators have demanded a hearing on what court officials know about the hackers' access to sensitive filings. The effects could make accessing documents harder for lawyers.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Zero Day
FEBRUARY 12, 2021
The Russian company said the employee sold access to 4,887 user email accounts.
Graham Cluley
FEBRUARY 12, 2021
Microsoft made an embarrassing goof in the release notes it published for the Patch Tuesday security updates it issued earlier this week.
Zero Day
FEBRUARY 12, 2021
iOS 14.5 is currently in beta.
CSO Magazine
FEBRUARY 12, 2021
What is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers, devices, services, networks, applications, and even specific transactions within applications. In a DoS attack, it’s one system that is sending the malicious data or requests; a DDoS attack comes from multiple systems.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
FEBRUARY 12, 2021
Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts. The security incident was discovered during a routine screening by its internal security team, an internal investigation is still ongoing. “An internal investiga
Zero Day
FEBRUARY 12, 2021
Microsoft says it's seeing around 140,000 web shells a month, up from roughly 77,000 last August.
CyberSecurity Insiders
FEBRUARY 12, 2021
Ever since offensive security testing began, we have expected that the test or simulation will find something. Even if a pen tester doesn’t uncover an issue, the best ones can always achieve success through phishing or social engineering of your organization’s employees. In the same way, Red Team-Blue Team exercises highlight the near impossibility of foiling a motivated attacker – the odds of success heavily favor the attacker and make it extremely difficult for the defender.
Naked Security
FEBRUARY 12, 2021
Practical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
FEBRUARY 12, 2021
Security expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users’ data. Summary: While understanding the implementation of various security and privacy measures in Telegram, I identified that telegram fails again in terms of handling the users data. My initial study started with understanding how self-destructing messages work in the secret chats option, telegram says that “ The clock starts ticking the mom
Hot for Security
FEBRUARY 12, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the upcoming Valentine’s Day, telling people to watch out for romance scams. If there’s money to be made, criminals will find a way to take advantage of any situation. Since Valentine’s Day is one of the year’s biggest celebrations, scammers, fraudsters, and criminals of all kinds come out of the woodwork with new tools.
CyberSecurity Insiders
FEBRUARY 12, 2021
Zero day attacks are a serious threat to computer networks, and a recent research says that the attacks can be curbed with the use of machine learning algorithms. In fact, security analysts say that the tool can prove as a cost effective solution to defend organizations from the present day cyber threats. A research carried out by Cisco Talos says that it takes approximately 15 days time for a victimized company to come out of the repercussions of cyber attacks.
The Hacker News
FEBRUARY 12, 2021
Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
FEBRUARY 12, 2021
Ransomware scrotes have followed through on their threat to auction off the data they stole from the maker of Cyberpunk 2077. The post Hackers Sell ‘Cyberpunk 2077’ Data and Source for Millions appeared first on Security Boulevard.
Cisco Security
FEBRUARY 12, 2021
We’re always looking for the “quick wins” in security — whether it’s the magic blinky box that you drop into the right place in your network and it stops all the bad stuff (let me know if you find one of those), or the secret incantation that you can perform that doesn’t cost money but adds protection to your armor. The “one weird trick” sometimes leads to clicks; I once got the head of one of the biggest tech companies on the planet to click on my analy
Threatpost
FEBRUARY 12, 2021
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.
Malwarebytes
FEBRUARY 12, 2021
In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update , we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. All initial signs led us to believe that LavaBird LTD was the developer of this malware, but since then, a representative from LavaBird reached out to us.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Bleeping Computer
FEBRUARY 12, 2021
Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [.].
SC Magazine
FEBRUARY 12, 2021
Security teams were under siege last year, according to research analyzing 2020 NIST data on common vulnerabilities and exposures (CVEs) that found more security flaws – 18,103 – were disclosed in 2020 than in any other year to date. To understand the significance, there were far more “critical” and “high severity” vulnerabilities in 2020 (10,342) than the total number of all vulnerabilities recorded in 2010 (4,639), according to Redscan, which ran the analysis of NIST’s National Vulnerability D
Threatpost
FEBRUARY 12, 2021
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.
Bleeping Computer
FEBRUARY 12, 2021
Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks. [.].
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
FEBRUARY 12, 2021
Researchers from Microsoft are warning that the number of monthly web shell attacks has doubled since last year. Microsoft reported that the number of monthly web shell attacks has almost doubled since last year, its experts observed an average of 140,000 of these software installs on servers on a monthly basis, while in 2020 they were 77,000. “One year ago, we reported the steady increase in the use of web shells in attacks worldwide.
Hot for Security
FEBRUARY 12, 2021
A security researcher discovered that one of Telegram’s features on macOS that should have guaranteed complete privacy by destroying the information sent by users wasn’t working as intended. Telegram is an instant messaging application with support for all major operating systems, including macOS. While the app developers don’t boast of default end-to-end encryption for messages, they do offer a feature called ‘secret chat.
Security Boulevard
FEBRUARY 12, 2021
This week law enforcement agencies around the world made press releases about the arrest of SIM Swapping criminals. The UK's National Crime Agency says "eight men have been arrested in England and Scotland as part of an investigation into a series of SIM swapping attacks, in which criminals illegally gained access to the phones of high-profile victims in the US.
CyberSecurity Insiders
FEBRUARY 12, 2021
In March 2020, Google Cloud unveiled its telecom operator strategy called Global Mobile Edge Cloud (GMEC), aimed at helping Communications Service Providers (CSPs) digitally transform and harness the full potential of 5G. In parallel, Thales has deployed a large portfolio of its solutions onto Google Cloud to leverage cloud at the edge of its MNO customers’ infrastructure.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
350 
Let's personalize your content