Schneier on Security
AUGUST 18, 2021
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision : two images that hash to the same value.
Troy Hunt
AUGUST 9, 2021
Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 23, 2021
It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.
Bleeping Computer
AUGUST 4, 2021
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. [.].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youāll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
AUGUST 31, 2021
Microsoft Windows 11 wonāt auto-update on slightly old PCs. It appears this includes security updates. The post Windows 11 Security ScareāMS Nixes Fixes on Older PCs appeared first on Security Boulevard.
Graham Cluley
AUGUST 26, 2021
The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking US companies since November 2020. Read more in my article on the Tripwire State of Security blog.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
AUGUST 12, 2021
More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path.
Tech Republic Security
AUGUST 3, 2021
As more companies are considering the shift to a fully or hybrid remote workforce, accelerating plans to acquire digital and cloud services to address increasing cybersecurity risks is necessary.
McAfee
AUGUST 24, 2021
Overview. As part of our continued goal to provide safer products for enterprises and consumers, we at McAfee Advanced Threat Research (ATR) recently investigated the B. Braun Infusomat Space Large Volume Pump along with the B. Braun SpaceStation , which are designed for use in both adult and pediatric medical facilities. This research was done with support from Culinda ā a trusted leader in the medical cyber-security space.
CSO Magazine
AUGUST 30, 2021
Enterprise-class password managers have become one of the easiest and most cost-effective ways to help employees lock down their online accounts. Most of the options were originally designed for individual users. Your organizational needs will differ wildly from security-conscious personal users, but the good news is that the key password management players all have made their solutions suitable for the business world. [ Learn 12 tips for effectively presenting cybersecurity to the board and 6 s
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatās next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
AUGUST 23, 2021
Information manipulation has been around since Chinese general Sun Tzu wrote “The Art of War” in 550 BC. The Russians routinely use disinformation tactics to destabilize democracies. Events like the 2020 U.S. elections or COVID-19 vaccinations highlight how political opponents and rogue nations actively practice disinformation campaigns to undermine confidence in governments and science, sowing.
Schneier on Security
AUGUST 6, 2021
Fascinating research: “ Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information.
Heimadal Security
AUGUST 24, 2021
The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments. What motivates the ransomware actors to become even more […].
Tech Republic Security
AUGUST 19, 2021
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Graham Cluley
AUGUST 21, 2021
T-Mobile has confirmed media reports from earlier this week that it had suffered a serious data breach. And it's not just existing T-Mobile users who should be alarmed, but former and prosepective customers as well.
The Hacker News
AUGUST 20, 2021
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
Bleeping Computer
AUGUST 20, 2021
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [.].
Schneier on Security
AUGUST 10, 2021
Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We Live Security
AUGUST 19, 2021
Ransomware payments may have greater implications than you thought ā and not just for the company that gave in to the attackersā demands. The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity.
Tech Republic Security
AUGUST 20, 2021
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.
Graham Cluley
AUGUST 19, 2021
Got a grudge against an Instagram user? Like to wipe your ex-partner's sickening selfies off social media? Well, scammers may just have the perfect service for you - at quite an affordable price. Read more in my article on the Tripwire State of Security blog.
The Hacker News
AUGUST 20, 2021
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
AUGUST 17, 2021
Corporate executives have a responsibility to ensure long-term positive outcomes for the companies they lead. One way to accomplish this is by minimizing corporate risk and protecting assets through proactive and innovative approaches to cybersecurity. Time and again, however, we have witnessed companies become unnecessary cyberattack victims. Often, these incidents are sadly due to their.
Schneier on Security
AUGUST 3, 2021
Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted. […].
We Live Security
AUGUST 26, 2021
The man was after sexually explicit photos and videos that he would then share online or store in his own collection. The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity.
Tech Republic Security
AUGUST 31, 2021
Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passƩ, it's time to make the leap to better security.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, āDo you know whatās in your software?
Bleeping Computer
AUGUST 19, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [.].
The Hacker News
AUGUST 16, 2021
A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection.
Security Boulevard
AUGUST 23, 2021
Those who manage insider threat programs just got a healthy reminder from researchers at Abnormal Security who detailed how their deployed tools detected a new insider recruitment tacticāthis time involving ransomware. Insider recruitment, be it sponsored by a nation-state, competitor or criminal enterprise, is not new. The means by which the adversary approaches the target.
Schneier on Security
AUGUST 2, 2021
Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […]. The satellite can detect and characterise any rogue emissions, enabling it to respond dynamically to accidental interference or intentional jamming.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
363 
Let's personalize your content