Schneier on Security
AUGUST 18, 2021
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision : two images that hash to the same value.
Krebs on Security
AUGUST 16, 2021
Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
AUGUST 15, 2021
Email tips abound, but lasting email etiquette is severely lacking at home and work in 2021.
Tech Republic Security
AUGUST 19, 2021
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youāll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
AUGUST 19, 2021
It’s a big one : As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social security numbers , driver’s license information, and IMEI numbers , unique identifiers tied to each mobile device.
The Hacker News
AUGUST 20, 2021
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 20, 2021
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.
Schneier on Security
AUGUST 20, 2021
In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.
The Hacker News
AUGUST 20, 2021
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
We Live Security
AUGUST 19, 2021
Ransomware payments may have greater implications than you thought ā and not just for the company that gave in to the attackersā demands. The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatās next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
AUGUST 19, 2021
As the predominantly pandemic-caused global chip shortage rolls on, businesses are now facing another challenge ā component scams and bogus supply-chain claims.
Schneier on Security
AUGUST 18, 2021
I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents.
Graham Cluley
AUGUST 19, 2021
Got a grudge against an Instagram user? Like to wipe your ex-partner's sickening selfies off social media? Well, scammers may just have the perfect service for you - at quite an affordable price. Read more in my article on the Tripwire State of Security blog.
Bleeping Computer
AUGUST 19, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 20, 2021
In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.
Schneier on Security
AUGUST 14, 2021
This is a current list of where and when I am scheduled to speak: I’m speaking (via Internet) at SHIFT Business Festival in Finland, August 25-26, 2021. Iāll be speaking at an Informa event on September 14, 2021. Details to come. Iām keynoting CIISec Live āan all-online eventāSeptember 15-16, 2021. I’m speaking at the Cybersecurity and Data Privacy Law Conference in Plano, Texas, USA, September 22-23, 2021.
Security Boulevard
AUGUST 17, 2021
Corporate executives have a responsibility to ensure long-term positive outcomes for the companies they lead. One way to accomplish this is by minimizing corporate risk and protecting assets through proactive and innovative approaches to cybersecurity. Time and again, however, we have witnessed companies become unnecessary cyberattack victims. Often, these incidents are sadly due to their.
Security Affairs
AUGUST 17, 2021
A security researcher discovered that a secret FBIās terrorist watchlist was accidentally exposed on the internet for three weeks between July 19 and August 9, 2021. A security researcher Bob Diachenko discovered a secret terrorist watchlist with 1.9 million records that were exposed on the internet for three weeks between July 19 and August 9, 2021.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
AUGUST 16, 2021
Most organizations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
The Hacker News
AUGUST 16, 2021
A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection.
CSO Magazine
AUGUST 19, 2021
I am proud to say that the annual Life and Times of Cybersecurity Professionals report from ESG and ISSA is now available for free download. As part of the research for this report, we always ask cybersecurity professionals several questions about the global cybersecurity skills shortage. Is it real? Are things improving or getting worse? Is your organization impacted and, if so, how?
Security Affairs
AUGUST 18, 2021
The German state’s data protection agency (DPA) warns that the use of the videoconferencing platform Zoom violates the European Union’s GDPR. The German state’s data protection agency (DPA) warns that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR).
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
AUGUST 16, 2021
In recent months, a string of high-profile cyberattacks have targeted critical U.S. infrastructure. As students return to the classroom, could criminals look to focus their efforts on schools?
CyberSecurity Insiders
AUGUST 19, 2021
Britain is all set to launch a new law where the common public will be subjected to AI driven CCTV surveillance that will help nab criminals. But privacy advocates worry that the new law that is proposed to be implemented by this year’s end in councils related to England and Wales might trigger additional concerns. Soon those living in & around Britain might face a dystopian future as the government is planning to turn public spaces into open air prisons.
Trend Micro
AUGUST 15, 2021
The ransomware group LockBit resurfaced in July with LockBit 2.0, with reports indicating an increased number of targeted companies and the incorporation of double extortion features. Our detections followed attack attempts in Chile, Italy, Taiwan, and the UK from July to August.
Bleeping Computer
AUGUST 19, 2021
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. [.].
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
AUGUST 19, 2021
ThroughTek's Kalay is used to manage security cameras, baby monitors, DVRs and more. A newly discovered flaw lets attackers watch, listen and steal recordings from hardware sold by dozens of vendors.
CyberSecurity Insiders
AUGUST 14, 2021
Recently, many users choose Mac computers because they are fast, reliable, and cool. Some people still think that Apple computers have some “magic” inside to be protected from any viruses, and their speed will always be on the highest level. Well, in some ways, Macs are more reliable and high-performance compared to other devices but they still need attention from you to keep them on a good level of performance as well as improve their security when you are working online.
CSO Magazine
AUGUST 16, 2021
The cybersecurity mantra at Jefferson Health is āif we canāt do it well, weāre not going to do itā says Mark Odom, CISO of the Philadelphia-based healthcare organization. Such an approach has proved integral to Jefferson Healthās fast-tracked transition to a cloud-first, remote model to meet the demands of the COVID-19 pandemic. [ Learn the 7 keys to better risk assessment. | Get the latest from CSO by signing up for our newsletters. ].
Bleeping Computer
AUGUST 16, 2021
Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
363 
Let's personalize your content