Schneier on Security
AUGUST 10, 2021
Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.
Troy Hunt
AUGUST 9, 2021
Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 13, 2021
A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “ Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.
Lohrman on Security
AUGUST 8, 2021
Exponential increases in global cyber crime. Ransomware crippling governments and businesses. Nations ignoring cyber criminals operating on their soil. The time for international cooperation on cybersecurity is now.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
AUGUST 9, 2021
This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization.
Troy Hunt
AUGUST 12, 2021
More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
AUGUST 13, 2021
Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.
Schneier on Security
AUGUST 11, 2021
Cobolt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the Cobalt Strike client — also known as a Beacon — and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate.
Troy Hunt
AUGUST 13, 2021
Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things? Bad tech because it can do bad things? Or is tech just morally neutral and we need to look at it more holistically?
Adam Shostack
AUGUST 9, 2021
Twenty-five years ago I published a set of code review guidelines that I had crafted while working for a bank. I released them (thanks, SteveMac!) to get feedback and advice, because back then, there was exceptionally little in terms of practical advice on what we now call AppSec. Looking back at what’s there: it’s explicitly a review document for a firewall group, taking code that’s ‘thrown over a wall’ to be run and operated by that group.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
AUGUST 9, 2021
Here's how one security operations analyst, an expert at incident reporting, began her career, collaborates with her colleagues and prioritizes incoming threats.
Schneier on Security
AUGUST 13, 2021
The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAI’s GPT-3 platform in conjunction with other AI-as-a-service products focused on personality analysis to generate phishing emails tailored to their colleagues’ backgrounds and traits.
Cisco Security
AUGUST 12, 2021
Black Hat is back! What an experience to be attending the first major cybersecurity conference since the lockdowns of the COVID-19 pandemic. Cisco Secure returned as a supporting partner of the Black Hat USA 2021 Network Operations Center (NOC) for the 5 th year ; joining conference producer Informa Tech and its other security partners. Like other Black Hat conferences, the mission of the NOC is to build a conference network that is secure, stable and accessible for the training events, briefing
CyberSecurity Insiders
AUGUST 12, 2021
Like how the 2019 developed Corona Virus threat mutated into the latest Delta variant, a malware that was developed by hackers from Pakistan has reportedly mutated into a new nefarious variant, say experts. Security researchers from Black Lotus Labs, a business unit of US Telecom firm Lumen Technologies has discovered that a malware that was developed to target the power sectors of Afghanistan has now mutated into a more dangerous variant that could paralyze the critical infrastructure of India,
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
AUGUST 10, 2021
It's impossible to guarantee security—but nearly all organizations should take these actions to protect organizational data and systems.
eSecurity Planet
AUGUST 13, 2021
As the demand for robust security defense grows by the day, the market for cybersecurity technology has exploded, as well as the number of available solutions. To help you navigate this growing marketplace, we provide our recommendations for the world’s leading cybersecurity technology providers, based on user reviews, product features and benefits, vendor information, analyst reports, independent security tests, and use cases.
Cisco Security
AUGUST 11, 2021
The REvil ransomware family has been in the news due to its involvement in high-profile incidents, such as the JBS cyberattack and the Kaseya supply chain attack. Yet this threat carries a much more storied history , with varying functionality from one campaign to the next. The threat actors behind REvil attacks operate under a ransomware-as-a-service model.
CyberSecurity Insiders
AUGUST 11, 2021
Yes, what you’ve ready is absolutely right! Only 5 percent of the total data and virtual files stored across the world are secure and so the Cybersecurity business is said to reach a valuation of $170.3 billion to 2023. A survey conducted by Gartner in 2019 said that 88% of companies operating worldwide were hit by a cyber attack and out of those, 51% of them experienced the incident for password steal.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
AUGUST 11, 2021
Tom Merritt lists the most lucrative ransomware gangs and why they're dangerous.
Heimadal Security
AUGUST 10, 2021
A new criminal carding marketplace promoted itself by leaking data for one million credit cards that have been stolen between 2018 and 2019. Carding can be defined as the trafficking and use of stolen credit cards. Credit cards usually get stolen through point-of-sale malware, magecart attacks on websites, and by using information-stealing trojans. The credit cards are sold […].
Cisco Security
AUGUST 11, 2021
There is always excitement in the air throughout the Security community at this time of year; usually we excitedly approach “Hacker Summer Camp.” This year, like last, was a little different from what we have become used to over the last 24 years. Cisco Security was honored to be a sponsor of the 24th Black Hat USA 2021 Conference – the internationally recognized cybersecurity event series providing the security community with the latest cutting-edge research, developments and traini
We Live Security
AUGUST 9, 2021
How peering into the innards of a future satellite can make cybersecurity in space more palatable. The post DEF CON 29: Satellite hacking 101 appeared first on WeLiveSecurity.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 13, 2021
Responsibilities are complex and require different job descriptions, reduced bias and a variety of skill sets, industry leaders say.
eSecurity Planet
AUGUST 9, 2021
A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers. The executives said the “malvertising” campaign – which was uncovered by GeoEdge’s security research team with AdTech partners InMobi and Verve Group – came out of Ukraine and Slovenia and reached as fa
Cisco Security
AUGUST 10, 2021
The adoption of electronic health records (EHRs) and even faster adoption of wireless medical devices and telemedicine has made patient information more accessible by more people. Over the past year and a half that’s been tremendously beneficial. The shift to remote care and the widespread adoption of EHR solutions by health systems have shaped digital transformation in healthcare.
Zero Day
AUGUST 9, 2021
Surveillance isn't just the purview of nation-states and government agencies -- sometimes, it's closer to home.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
AUGUST 12, 2021
Access to secured networks is regularly sold on the Dark Web and 45% of those sales are less than $1,000.
Bleeping Computer
AUGUST 7, 2021
Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [.].
Security Affairs
AUGUST 11, 2021
Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators, the group announced the hack on its leak site, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider.
CyberSecurity Insiders
AUGUST 12, 2021
A French luxury brand named Chanel has apologized to all of its customers for failing to protect the information of its users from hackers. The Korean based company that is into the business of perfume and clothes selling said that the data leak took place on August 8th, 2021 and was because of a cyber attack on a cloud based data storage firm. Prima facie has revealed that the stolen data includes birth dates, customer names, gender details, password, phone numbers and shopping & payment hi
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
364 
Let's personalize your content