Schneier on Security
AUGUST 18, 2021
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision : two images that hash to the same value.
Troy Hunt
AUGUST 18, 2021
Today I'm really excited to announce a big piece of work 1Password and I have been focusing on this year, a totally free video series called "Hello CISO" This is a multi-part series that launched with part 1 and when I say "free", I don't mean "give us your personal data so we can market to you", I mean here it is, properly free: This is intended to be a very practical, broadly accessible series and whilst it has "CISO" in the title, we expect it'll
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 16, 2021
Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.
Lohrman on Security
AUGUST 15, 2021
Email tips abound, but lasting email etiquette is severely lacking at home and work in 2021.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeperās affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
AUGUST 19, 2021
It’s a big one : As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social security numbers , driver’s license information, and IMEI numbers , unique identifiers tied to each mobile device.
Troy Hunt
AUGUST 20, 2021
It all feels a bit "business as usual" this week; data breaches, IoT and 3D printing. But what I'm most excited about is what I probably spent the least amount of time talking about, that being the work 1Password and I have been doing on our "Hello CISO" series. I love it because it's broadly relevant, easily consumable and totally, properly free.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Joseph Steinberg
AUGUST 16, 2021
Two recent ransomware attacks successfully breached computers at wastewater management plants in the US State of Maine , according to a statement by the state’s Department of Environmental Protection. While the two cyberattacks, which hit facilities in the towns of Mount Desert and Limestone in the USās most northeastern state, are believed to have posed no threat to human safety, they were far from benign, and have raised serious concerns about the potential danger to human life created b
Schneier on Security
AUGUST 20, 2021
In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.
The Last Watchdog
AUGUST 19, 2021
TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information. At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Related: Kaseya hack worsens supply chain risk.
Tech Republic Security
AUGUST 19, 2021
As the predominantly pandemic-caused global chip shortage rolls on, businesses are now facing another challenge ā component scams and bogus supply-chain claims.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youāll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
AUGUST 20, 2021
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
Schneier on Security
AUGUST 18, 2021
I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents.
The Last Watchdog
AUGUST 18, 2021
So NortonLifeLock has acquired Avast for more than $8 billion. This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering. Related: The coming of ubiquitous passwordless access.
Tech Republic Security
AUGUST 19, 2021
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatās next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
AUGUST 20, 2021
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
Schneier on Security
AUGUST 14, 2021
This is a current list of where and when I am scheduled to speak: I’m speaking (via Internet) at SHIFT Business Festival in Finland, August 25-26, 2021. Iāll be speaking at an Informa event on September 14, 2021. Details to come. Iām keynoting CIISec Live āan all-online eventāSeptember 15-16, 2021. I’m speaking at the Cybersecurity and Data Privacy Law Conference in Plano, Texas, USA, September 22-23, 2021.
Malwarebytes
AUGUST 20, 2021
This blog post was authored by Hossein Jazi. In late July 2021, we identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We discovered two documents written in Russian language and weaponized with the same malicious macro.
Tech Republic Security
AUGUST 17, 2021
People surveyed by KPMG reported feeling increasingly uneasy about the data collection practices of corporations.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
AUGUST 20, 2021
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [.].
We Live Security
AUGUST 19, 2021
Ransomware payments may have greater implications than you thought ā and not just for the company that gave in to the attackersā demands. The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity.
Malwarebytes
AUGUST 20, 2021
On the Cloudflare blog , the American web infrastructure behemoth that provides content delivery network (CDN) and DDoS mitigation services reports that it detected and mitigated a 17.2 million request-per-second (rps) DDoS attack. To put that number in perspective. The company reports that this is three times as large as anything it has seen before.
Tech Republic Security
AUGUST 16, 2021
Most organizations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Graham Cluley
AUGUST 19, 2021
Got a grudge against an Instagram user? Like to wipe your ex-partner's sickening selfies off social media? Well, scammers may just have the perfect service for you - at quite an affordable price. Read more in my article on the Tripwire State of Security blog.
Bleeping Computer
AUGUST 20, 2021
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. [.].
Malwarebytes
AUGUST 18, 2021
A deep dive into macOS 11’s internals reveals some security surprises that deserve to be more widely known. Contents. Introduction Disclaimers macOS 11’s better known security improvements Secret messages revealed? CPU security mitigation APIs The NO_SMT mitigation The TECS mitigation Who benefits from NO_SMT and TECS ? Endpoint Security API improvements More message types More notifications, less polling More metadata Improved performance A vulnerability quietly fixed O_NOFOLLOW_ANY
Tech Republic Security
AUGUST 17, 2021
The top certification on the annual Skillsoft list has a salary of more than $171,000. Find out what certifications you should be working toward.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
WIRED Threat Level
AUGUST 18, 2021
The alleged digital operation has deployed hundreds of websites and social media accounts to attack the broadcaster's reporting.
Bleeping Computer
AUGUST 19, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [.].
Malwarebytes
AUGUST 18, 2021
Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. And the brands phishers like most are the ones you’re expecting to hear from, or wouldn’t be surprised to hear from, like Amazon or DHL. Now you can add DocuSign to that list. DocuSign is a service that allows people to sign documents in the Cloud.
Tech Republic Security
AUGUST 20, 2021
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
363 
Let's personalize your content