Schneier on Security
AUGUST 20, 2021
In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.
Troy Hunt
AUGUST 18, 2021
Today I'm really excited to announce a big piece of work 1Password and I have been focusing on this year, a totally free video series called "Hello CISO" This is a multi-part series that launched with part 1 and when I say "free", I don't mean "give us your personal data so we can market to you", I mean here it is, properly free: This is intended to be a very practical, broadly accessible series and whilst it has "CISO" in the title, we expect it'll
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 16, 2021
Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.
Lohrman on Security
AUGUST 15, 2021
Email tips abound, but lasting email etiquette is severely lacking at home and work in 2021.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
AUGUST 19, 2021
It’s a big one : As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social security numbers , driver’s license information, and IMEI numbers , unique identifiers tied to each mobile device.
Troy Hunt
AUGUST 20, 2021
It all feels a bit "business as usual" this week; data breaches, IoT and 3D printing. But what I'm most excited about is what I probably spent the least amount of time talking about, that being the work 1Password and I have been doing on our "Hello CISO" series. I love it because it's broadly relevant, easily consumable and totally, properly free.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Joseph Steinberg
AUGUST 16, 2021
Two recent ransomware attacks successfully breached computers at wastewater management plants in the US State of Maine , according to a statement by the state’s Department of Environmental Protection. While the two cyberattacks, which hit facilities in the towns of Mount Desert and Limestone in the US’s most northeastern state, are believed to have posed no threat to human safety, they were far from benign, and have raised serious concerns about the potential danger to human life created b
Schneier on Security
AUGUST 18, 2021
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision : two images that hash to the same value.
The Last Watchdog
AUGUST 19, 2021
TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information. At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Related: Kaseya hack worsens supply chain risk.
Tech Republic Security
AUGUST 19, 2021
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
AUGUST 20, 2021
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
Schneier on Security
AUGUST 18, 2021
I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents.
The Last Watchdog
AUGUST 18, 2021
So NortonLifeLock has acquired Avast for more than $8 billion. This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering. Related: The coming of ubiquitous passwordless access.
Tech Republic Security
AUGUST 19, 2021
As the predominantly pandemic-caused global chip shortage rolls on, businesses are now facing another challenge — component scams and bogus supply-chain claims.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
AUGUST 20, 2021
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
Schneier on Security
AUGUST 14, 2021
This is a current list of where and when I am scheduled to speak: I’m speaking (via Internet) at SHIFT Business Festival in Finland, August 25-26, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. I’m keynoting CIISec Live —an all-online event—September 15-16, 2021. I’m speaking at the Cybersecurity and Data Privacy Law Conference in Plano, Texas, USA, September 22-23, 2021.
Bleeping Computer
AUGUST 20, 2021
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [.].
Tech Republic Security
AUGUST 17, 2021
People surveyed by KPMG reported feeling increasingly uneasy about the data collection practices of corporations.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
AUGUST 20, 2021
This blog post was authored by Hossein Jazi. In late July 2021, we identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We discovered two documents written in Russian language and weaponized with the same malicious macro.
We Live Security
AUGUST 19, 2021
Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands. The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity.
Graham Cluley
AUGUST 19, 2021
Got a grudge against an Instagram user? Like to wipe your ex-partner's sickening selfies off social media? Well, scammers may just have the perfect service for you - at quite an affordable price. Read more in my article on the Tripwire State of Security blog.
Tech Republic Security
AUGUST 16, 2021
Most organizations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
AUGUST 20, 2021
On the Cloudflare blog , the American web infrastructure behemoth that provides content delivery network (CDN) and DDoS mitigation services reports that it detected and mitigated a 17.2 million request-per-second (rps) DDoS attack. To put that number in perspective. The company reports that this is three times as large as anything it has seen before.
Bleeping Computer
AUGUST 20, 2021
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. [.].
Security Boulevard
AUGUST 17, 2021
Corporate executives have a responsibility to ensure long-term positive outcomes for the companies they lead. One way to accomplish this is by minimizing corporate risk and protecting assets through proactive and innovative approaches to cybersecurity. Time and again, however, we have witnessed companies become unnecessary cyberattack victims. Often, these incidents are sadly due to their.
Tech Republic Security
AUGUST 17, 2021
The top certification on the annual Skillsoft list has a salary of more than $171,000. Find out what certifications you should be working toward.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Malwarebytes
AUGUST 18, 2021
A deep dive into macOS 11’s internals reveals some security surprises that deserve to be more widely known. Contents. Introduction Disclaimers macOS 11’s better known security improvements Secret messages revealed? CPU security mitigation APIs The NO_SMT mitigation The TECS mitigation Who benefits from NO_SMT and TECS ? Endpoint Security API improvements More message types More notifications, less polling More metadata Improved performance A vulnerability quietly fixed O_NOFOLLOW_ANY
Bleeping Computer
AUGUST 19, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [.].
Cisco Security
AUGUST 17, 2021
With contributions from Jamal “Jay” Bethea, Cisco Secure Email Product Marketing Manager. Think email security is not complicated; think again. Not only is email the #1 attack vector, but regulatory compliance requirements across sectors make it difficult to know which data protection laws are for your industry. Now mix in architectural changes that support cloud productivity suites like Microsoft 365 and Google’s G-Suite to accelerate your business to cloud-based email security serv
Tech Republic Security
AUGUST 20, 2021
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
363 
Let's personalize your content