Daniel Miessler
SEPTEMBER 12, 2021
This post will talk about my initial thoughts on The OWASP Top 10 release for 2021. Let me start by saying that I have respect for the people working on this project, and that as a project maintainer myself, I know how impossibly hard this is. Right, so with that out of the way, here’s what struck me with this list, along with some comments on building lists like this in general.
Schneier on Security
SEPTEMBER 24, 2021
This isn’t the first time I’ve received an e-mail like this: Hey! I’ve done my research and looked at a lot of facts and old forgotten archives. I know that you are Satoshi, I do not want to tell anyone about this. I just wanted to say that you created weapons of mass destruction where niches remained poor and the rich got richer! When bitcoin first appeared, I was small, and alas, my family lost everything on this, you won’t find an apple in the winter garden, people onl
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
SEPTEMBER 5, 2021
For more than a decade there have been calls to merge physical and cybersecurity in global organizations. Is this the right time? What are the benefits?
Krebs on Security
SEPTEMBER 15, 2021
TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. While many companies have been laying off or furloughing workers in response to the Coronavirus pandemic, TTEC has been massively hiring.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Troy Hunt
SEPTEMBER 6, 2021
For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API. Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them.
Tech Republic Security
SEPTEMBER 27, 2021
Commercially-available malware, with minimal modification, is behind attacks against the Indian government, says Cisco's Talos security research group.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Schneier on Security
SEPTEMBER 22, 2021
The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.
Lohrman on Security
SEPTEMBER 26, 2021
Marc Sokol shares a powerful case study on the benefits of cybersecurity convergence with physical security, an example of measuring risk reduction and other benefits to global enterprises.
Krebs on Security
SEPTEMBER 8, 2021
Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.
Troy Hunt
SEPTEMBER 9, 2021
111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence. We've all since watched enough crime shows to understand that fingerprints are unique personal biometric attributes and to date, no two people have ever been found to have a matching set. As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
SEPTEMBER 29, 2021
Not all organizations have a team or even staffers who can focus solely on vulnerability management, says Trustwave.
Anton on Security
SEPTEMBER 3, 2021
As you recall from “Anton and The Great XDR Debate, Part 1” , there are several conflicting definitions of XDR today. As you also recall, I never really voted for any of the choices in the post. While some of you dismiss XDR as the work of excessively excitable marketing people (hey … some vendor launched “XDR prevention ”, no way, right?), perhaps there is a way to think about it from a different perspective.
Schneier on Security
SEPTEMBER 17, 2021
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.
Lohrman on Security
SEPTEMBER 19, 2021
For decades, NASCIO has provided best practices for governments to learn from. This year is no different, and three finalists offer lessons for all public-sector agencies.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
SEPTEMBER 28, 2021
The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.
Troy Hunt
SEPTEMBER 25, 2021
5 years of weekly updates, wow. It's not like anything of much significance has happened in that time, right?! I've done these videos every single week without fail, through high and lows and no matter where I was in the world. As I say early on, they've helped keep me focused and whilst it hasn't always been easy to sit here and create them each week, I'm very glad I've done it.
Tech Republic Security
SEPTEMBER 14, 2021
Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.
Anton on Security
SEPTEMBER 16, 2021
Sometimes great old blog posts are hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts over the past quarter. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and now our Cloud Security Podcast too! Top 5 most popular posts of all times: “Security Correlation Then and Now: A Sad Truth About SIEM” “Can We Have “Detection as Code”?
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
SEPTEMBER 30, 2021
The NSA and CISA have released a document on how to harden your VPN.
Lohrman on Security
SEPTEMBER 12, 2021
Using software bots has become commonplace in many workplaces around the world, but with worker shortages, will robots start filling more roles soon?
Krebs on Security
SEPTEMBER 16, 2021
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
Troy Hunt
SEPTEMBER 17, 2021
Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids. We'd love questions and topics in advance or just drop in on the day, we're planning it for 18:00 Gold Coast time on Friday 24 which will be 09:00 that morning in London and ridiculous o'clock everywhere in the US.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 9, 2021
IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a "thankless task" and that they're the "bad guys" for implementing these rules.
The Last Watchdog
SEPTEMBER 20, 2021
An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.
Schneier on Security
SEPTEMBER 23, 2021
ROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that is).
Thales Cloud Protection & Licensing
SEPTEMBER 13, 2021
Authentication and access management increasingly perceived as core to Zero Trust Security. madhav. Tue, 09/14/2021 - 05:52. The changing global environment has brought many changes to all organizations. While many consider that remote access to corporate resources and data as the key disruption, security teams had to face many more challenges. The acceleration of cloud migration and the proliferation of containers, microservices and IoT devices have placed identity in the center of corporate se
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Krebs on Security
SEPTEMBER 20, 2021
It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.
Troy Hunt
SEPTEMBER 3, 2021
I'm back from the most epic of holidays! How epic? Just have a scroll through the thread: I’m back! Went offline for most of the last week, pics and stories to follow 🐊 pic.twitter.com/hRUcKMwgGU — Troy Hunt (@troyhunt) September 2, 2021 Which the Twitter client on my iPad somehow decided to break into 2 threads: At times this felt like navigating through a scene from Jurassic Park, just with wallabies rather than velociraptors 🦖 pic.twitter.com/VHa4kJw6k
Tech Republic Security
SEPTEMBER 13, 2021
Most executives cite ransomware as their biggest security concern but few have run simulated attacks to prepare, says Deloitte.
The Last Watchdog
SEPTEMBER 13, 2021
Surfshark wants to help individual citizens take very direct control of their online privacy and security. Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. Related: Turning humans into malware detectors. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
364 
Let's personalize your content