Schneier on Security

JANUARY 7, 2021

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.” Abstract: It has become common to publish large (billion parameter) language models that have been trained on private datasets.

Internet 364

Internet Internet Cybersecurity 364

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a d

Computers and Electronics 363

Computers and Electronics Software Engineering Accountability 363

Joseph Steinberg

JANUARY 7, 2021

While much of the security-oriented focus regarding the storming of the Capitol building by protesters yesterday has rightfully been on the failure of the Capitol Police to prevent the breach of security, the country also faces a potentially serious cyber-threat as a result of the incident. Laptops, smartphones, printers, and other computing devices that were left behind in offices and other areas by elected officials, staffers, and others as they retreated from the advancing protesters all must

Malware 363

Malware Cyber threats Risk Cybersecurity 363

Tech Republic Security

JANUARY 7, 2021

People with experience in application development security are in the highest demand but cloud expertise commands the biggest paycheck.

Cybersecurity 218

Cybersecurity 218

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

JANUARY 4, 2021

From an interview with an Amazon Web Services security engineer: So when you use AWS, part of what you’re paying for is security. Right; it’s part of what we sell. Let’s say a prospective customer comes to AWS. They say, “I like pay-as-you-go pricing. Tell me more about that.” We say, “Okay, here’s how much you can use at peak capacity.

Engineering 363

Engineering Internet Internet 363

Jane Frankland

JANUARY 7, 2021

Every year, around this time, I start to reflect. Chances are, you do too. Most people are starting to think about what they want for the coming year. They’re setting goals, getting clear on what they want to resolve, and embracing fresh starts and new ways of being. Personally, I love taking time between Christmas and New Year, or maybe even a little time beyond it, like I’m doing now, to think about the progress I’ve made, the lessons I’ve learnt, and what I want to accomplish in the year ahea

CISO 189

CISO Cybersecurity Education Banking 189

Tech Republic Security

JANUARY 5, 2021

Most successful cybercrimes leverage known human weaknesses. Isn't it time we stop getting psyched by the bad guys? Here are five steps cybersecurity pros can take now.

Cybersecurity 218

Cybersecurity Cybercrime 218

Schneier on Security

JANUARY 4, 2021

The NSA has just declassified and released a redacted version of Military Cryptanalytics , Part III, by Lambros D. Callimahos, October 1977. Parts I and II, by Lambros D. Callimahos and William F. Friedman, were released decades ago — I believe repeatedly, in increasingly unredacted form — and published by the late Wayne Griswold Barker’s Agean Park Press.

362

362

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into the memory of the infected machine, without writing any file to disk.

Malware 145

Malware Encryption Passwords Antivirus 145

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Malware 145

Malware Software Engineering Information Security 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

JANUARY 7, 2021

Cyberattacks are inevitable. Find out why experts suggest focusing on cyber-resilience instead of piling on more cybersecurity solutions.

Cybersecurity 216

Cybersecurity 216

Schneier on Security

JANUARY 5, 2021

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points: The breach is far broader than first believed.

Hacking 361

Hacking System Administration Software Surveillance 361

Security Affairs

JANUARY 7, 2021

The Ryuk ransomware had a disruptive impact on multiple industries around the world, operators already earned more than $150 million. The Ryuk ransomware gang is one of the most prolific criminal operations that caused destruction in multiple industries around the world. According to a joint report published by security firms Advanced-intel and HYAS, Ryuk operators already earned more than $150 million worth of Bitcoin from ransom paid by their victims.

Ransomware 145

Ransomware Cryptocurrency Antivirus Banking 145

Threatpost

JANUARY 7, 2021

In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.

Software 145

Software 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JANUARY 6, 2021

A joint statement from the FBI, NSA, and other federal agencies says the cyber incident was likely Russian in origin.

Government 212

Government 212

Schneier on Security

JANUARY 6, 2021

This is bad : More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. […]. Installing patches removes the backdoor account, which, according to Eye Control researchers, uses the “zyfwp” username and the “PrOw!

Firewall 353

Firewall VPN Passwords Accountability 353

Security Affairs

JANUARY 7, 2021

The US Federal Bureau of Investigation (FBI) issued a security alert warning private sector companies of Egregor ransomware attacks. The US FBI has issued a Private Industry Notification (PIN) to warn private organizations of Egregor ransomware attacks. The Egregor ransomware first appeared on the threat landscape in September 2020, since then the gang claimed to have compromised over 150 organizations.

Ransomware 145

Ransomware Authentication Phishing Passwords 145

Threatpost

JANUARY 7, 2021

Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

143

143

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JANUARY 7, 2021

Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.

DDOS 211

DDOS 211

Schneier on Security

JANUARY 8, 2021

This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten (also known as APT 35 or OilRig) is a skilled navigator of vast online networks, maneuvering deftly across an array of organizations, including those in aerospace, energy, finance, government, hospitality, and telecommunications.

Telecommunications 246

Telecommunications Phishing Government Hacking 246

Security Affairs

JANUARY 3, 2021

Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. Below a list of top incidents: There were a number of major data breaches that took place in 2020, in many cases stolen records flooded the cybercrime underground and were used credential stuffing attacks. Below the list of top data breaches that took place in the last 12 months: May 2020 – CAM4 adult cam site leaked 11B database records including emails, private c

Data breaches 145

Data breaches Cybercrime Hacking Passwords 145

Dark Reading

JANUARY 6, 2021

There's a fine line between protecting against suspicious, malicious, or unwanted activity and making users jump through hoops to prove themselves.

142

142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 8, 2021

Mindfulness is all about being aware, so why not incorporate that in your cybersecurity practices?

Information Security 203

Information Security Cybersecurity 203

WIRED Threat Level

JANUARY 8, 2021

A pop-up notification has alerted the messaging app's users to a practice that's been in place since 2016.

141

141

Security Affairs

JANUARY 6, 2021

WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving them no choice. This is bad news for WhatsApp users and their privacy, the company is notifying them that starting February 8, 2021, they will be requested to share their data with Facebook companies. Curiously the announcement comes a few days after the company has updated its Privacy Policy and Terms of Service. ,, “Respect for your privacy is coded into our DNA,

Accountability 145

Accountability Advertising Mobile Hacking 145

eSecurity Planet

JANUARY 6, 2021

Forescout Research Labs last month released a 14-page white paper and a 47-page research report detailing 33 vulnerabilities affecting millions of Internet of Things (IoT), Operational Technology (OT), and IT devices. Dubbed AMNESIA:33, these newly identified vulnerabilities include four broadly used TCP/IP stacks and have left more than 150 vendors potentially compromised.

IoT 141

IoT DNS Internet Internet 141

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JANUARY 6, 2021

If you're looking for a way to easily warn your admins to use caution when working with sudo, Jack Wallen has a sure-fire method.

Passwords 201

Passwords 201

Threatpost

JANUARY 3, 2021

Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.

Mobile 136

Mobile Cybersecurity Artificial Intelligence IoT 136

Security Affairs

JANUARY 2, 2021

The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of ‘swatting’ attacks. The FBI has recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called “swatting” attacks. Swatting attacks consist of hoax calls made to emergency services, typically reporting an immediate threat to human life, to trigger an immediate response from law enforcement and the S.W.A.T. team to a specific

Passwords 144

Passwords Surveillance Manufacturing Accountability 144

Adam Levin

JANUARY 6, 2021

The Cyber Unified Coordination Group (UCG), a task force composed of U.S. cybersecurity, intelligence, and law enforcement agencies, announced earlier this week that Russia was “likely” responsible for the 2020 SolarWinds data breach. In a joint statement , the Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI), NSA, and FBI announced that “an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or

Government 130

Government Telecommunications Data breaches Hacking 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk