Lohrman on Security
NOVEMBER 28, 2021
The world seems focused on new developments in artificial intelligence to help with a wide range of problems, including staffing shortages. But will AI help or harm security teams?
Joseph Steinberg
NOVEMBER 30, 2021
Giving Tuesday has arrived… and, so have many criminals who seek to exploit people’s sense of generosity. While evildoers perpetrate charity-related scams throughout the year, they know that the holiday spirit in general, and the concentrated focus on charity on Giving Tuesday specifically, both improve their odds of success. During this time of year, therefore, we must be extra vigilant to ensure that our charity dollars reach proper destinations and actually do good, rather than enrich c
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
NOVEMBER 13, 2021
The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.
Schneier on Security
NOVEMBER 17, 2021
I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
NOVEMBER 23, 2021
Third-party app trackers have become a real problem on Android, and DuckDuckGo is doing something about it. Find out why Jack Wallen believes this is the browser you need to use.
Graham Cluley
NOVEMBER 25, 2021
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. Read more in my article on the Tripwire State of Security blog.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Joseph Steinberg
NOVEMBER 17, 2021
Rockville, MD – November 17, 2021 – Sepio Systems , the leader in Zero Trust Hardware Access (ZTHA), announced today that cybersecurity expert Joseph Steinberg has joined its advisory board. Steinberg has led organizations within the cybersecurity industry for nearly 25 years and is a top industry influencer worldwide. He has written books ranging from Cybersecurity for Dummies to the advanced Official (ISC)2® Guide to the CISSP®-ISSMP® CBK®.
Krebs on Security
NOVEMBER 19, 2021
One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer.
Bleeping Computer
NOVEMBER 26, 2021
Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling. [.].
Tech Republic Security
NOVEMBER 19, 2021
Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing us to predict what threats might lead the future.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
NOVEMBER 23, 2021
Although the vast majority of businesses are making multi-cloud a strategic priority in 2022 and keeping security top-of-mind, many feel they lack the tools and skills needed to execute on these plans. In fact, additional security complexities have prevented IT leaders from moving to multiple cloud platforms, even though the majority of organizations know that.
The Hacker News
NOVEMBER 19, 2021
Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks.
We Live Security
NOVEMBER 22, 2021
Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed. The post What to do if you receive a data breach notice appeared first on WeLiveSecurity.
Krebs on Security
NOVEMBER 10, 2021
Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
NOVEMBER 22, 2021
GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [.].
Tech Republic Security
NOVEMBER 1, 2021
Attackers will vow to publicly release the stolen data, try to delete any backups and even deploy DDoS attacks to convince victims to give in to the ransom demands, says Sophos.
Security Boulevard
NOVEMBER 29, 2021
The cybersecurity world remains dynamic. On November 4, 2021, the Department of Defense (DoD) posted an update to its Cybersecurity Maturity Model Certification (CMMC) initiative, announcing program changes dubbed CMMC 2.0. These changes were driven by a tremendous amount of industry input; taken into consideration during the DoD’s review of the program over the past.
The Hacker News
NOVEMBER 22, 2021
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
NOVEMBER 13, 2021
Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data. “Our intelligence monitoring indicates exfiltration of se
IT Security Guru
NOVEMBER 11, 2021
What keeps OT security specialists up at night? It’s mostly problems from the IT world, says Andy Norton, European Cyber Risk Officer at Armis. Operational technology (OT) used to be the specialist networks nobody in IT bothered with, or perhaps thought they didn’t need to. For a while, that seemed reasonable; OT networks were usually isolated from IT operations, sat behind air gaps, and ran on obscure operating systems.
Bleeping Computer
NOVEMBER 22, 2021
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. [.].
Tech Republic Security
NOVEMBER 4, 2021
Ping Identity executive advisor Aubrey Turner warns that eager cybercriminals are ready to exploit the current chaotic state of the world, and preparation is essential going into the holidays.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
NOVEMBER 4, 2021
This week, the Department of Commerce (DoC) amended its export administrative regulations (EAR) with the addition of four companies onto the entity list, effective November 4, 2021. The four companies—one from Singapore, two from Israel and one from Russia—were all engaged in activities which the U.S. government determined were “contrary to the foreign policy and.
The Hacker News
NOVEMBER 15, 2021
Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets.
Security Affairs
NOVEMBER 4, 2021
Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys.
We Live Security
NOVEMBER 11, 2021
It’s often said that data breaches are no longer a matter of ‘if’, but ‘when’ – here’s what your organization should do, and avoid doing, in the case of a security breach. The post When the alarms go off: 10 key steps to take after a data breach appeared first on WeLiveSecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
NOVEMBER 13, 2021
The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen. [.].
Tech Republic Security
NOVEMBER 23, 2021
Though the feds haven't identified any specific known threats, criminals are prone to strike when key employees are traveling or spending time with family and friends.
Security Boulevard
NOVEMBER 30, 2021
Let’s dispel the myth first: Open source software isn’t any less secure than closed source software. However, once a vulnerability is found in an open source program, it tends to be much easier to weaponize and exploit than a vulnerability found in closed source. “The biggest risks of open source come from the fact that. The post Searching for Bugs in Open Source Code appeared first on Security Boulevard.
The Hacker News
NOVEMBER 1, 2021
Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
362 
Let's personalize your content