Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a d

Computers and Electronics 363

Computers and Electronics Software Engineering Accountability 363

Joseph Steinberg

JANUARY 7, 2021

While much of the security-oriented focus regarding the storming of the Capitol building by protesters yesterday has rightfully been on the failure of the Capitol Police to prevent the breach of security, the country also faces a potentially serious cyber-threat as a result of the incident. Laptops, smartphones, printers, and other computing devices that were left behind in offices and other areas by elected officials, staffers, and others as they retreated from the advancing protesters all must

Cyber threats 363

Cyber threats Malware Risk Cybersecurity 363

Schneier on Security

JANUARY 7, 2021

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.” Abstract: It has become common to publish large (billion parameter) language models that have been trained on private datasets.

Internet 363

Internet Internet Cybersecurity 363

Tech Republic Security

JANUARY 5, 2021

Most successful cybercrimes leverage known human weaknesses. Isn't it time we stop getting psyched by the bad guys? Here are five steps cybersecurity pros can take now.

Cybersecurity 218

Cybersecurity Cybercrime 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Jane Frankland

JANUARY 7, 2021

Every year, around this time, I start to reflect. Chances are, you do too. Most people are starting to think about what they want for the coming year. They’re setting goals, getting clear on what they want to resolve, and embracing fresh starts and new ways of being. Personally, I love taking time between Christmas and New Year, or maybe even a little time beyond it, like I’m doing now, to think about the progress I’ve made, the lessons I’ve learnt, and what I want to accomplish in the year ahea

CISO 189

CISO Cybersecurity Education Banking 189

Joseph Steinberg

JANUARY 4, 2021

Uninstall Adobe Flash Player From any devices on which you still have it running. Flash was once the dominant platform for rendering multimedia content in web browsers, but, as Adobe has terminated support for Flash as of the end of 2020, and, as Flash has created serious security problems in the past, now is the time to get rid of Flash once and for all.

Technology 246

Technology Mobile Internet Internet 246

Tech Republic Security

JANUARY 7, 2021

People with experience in application development security are in the highest demand but cloud expertise commands the biggest paycheck.

Cybersecurity 218

Cybersecurity 218

Adam Levin

JANUARY 6, 2021

The Cyber Unified Coordination Group (UCG), a task force composed of U.S. cybersecurity, intelligence, and law enforcement agencies, announced earlier this week that Russia was “likely” responsible for the 2020 SolarWinds data breach. In a joint statement , the Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI), NSA, and FBI announced that “an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or

Government 130

Government Telecommunications Data breaches Hacking 130

Security Affairs

JANUARY 7, 2021

The US Federal Bureau of Investigation (FBI) issued a security alert warning private sector companies of Egregor ransomware attacks. The US FBI has issued a Private Industry Notification (PIN) to warn private organizations of Egregor ransomware attacks. The Egregor ransomware first appeared on the threat landscape in September 2020, since then the gang claimed to have compromised over 150 organizations.

Ransomware 145

Ransomware Authentication Phishing Passwords 145

Schneier on Security

JANUARY 4, 2021

The NSA has just declassified and released a redacted version of Military Cryptanalytics , Part III, by Lambros D. Callimahos, October 1977. Parts I and II, by Lambros D. Callimahos and William F. Friedman, were released decades ago — I believe repeatedly, in increasingly unredacted form — and published by the late Wayne Griswold Barker’s Agean Park Press.

337

337

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JANUARY 7, 2021

Cyberattacks are inevitable. Find out why experts suggest focusing on cyber-resilience instead of piling on more cybersecurity solutions.

Cybersecurity 203

Cybersecurity 203

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Malware 145

Malware Software Engineering Information Security 145

Security Affairs

JANUARY 7, 2021

The U.S. government is going to launch the ‘Hack the Army 3.0’ bug bounty program in collaboration with the HackerOne platform. The U.S. government launched Hack the Army 3.0, the third edition of its bug bounty program, in collaboration with the HackerOne platform. The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform.

Hacking 144

Hacking Government Cybersecurity Information Security 144

Schneier on Security

JANUARY 5, 2021

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points: The breach is far broader than first believed.

Hacking 330

Hacking System Administration Software Surveillance 330

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 6, 2021

If you're looking for a way to easily warn your admins to use caution when working with sudo, Jack Wallen has a sure-fire method.

Passwords 203

Passwords 203

eSecurity Planet

JANUARY 6, 2021

Forescout Research Labs last month released a 14-page white paper and a 47-page research report detailing 33 vulnerabilities affecting millions of Internet of Things (IoT), Operational Technology (OT), and IT devices. Dubbed AMNESIA:33, these newly identified vulnerabilities include four broadly used TCP/IP stacks and have left more than 150 vendors potentially compromised.

IoT 141

IoT DNS Internet Internet 141

Security Affairs

JANUARY 2, 2021

The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of ‘swatting’ attacks. The FBI has recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called “swatting” attacks. Swatting attacks consist of hoax calls made to emergency services, typically reporting an immediate threat to human life, to trigger an immediate response from law enforcement and the S.W.A.T. team to a specific

Passwords 144

Passwords Surveillance Manufacturing Accountability 144

Schneier on Security

JANUARY 6, 2021

This is bad : More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. […]. Installing patches removes the backdoor account, which, according to Eye Control researchers, uses the “zyfwp” username and the “PrOw!

Firewall 309

Firewall VPN Passwords Accountability 309

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 7, 2021

Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.

DDOS 211

DDOS 211

Threatpost

JANUARY 3, 2021

Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.

Mobile 136

Mobile Cybersecurity Artificial Intelligence IoT 136

Security Affairs

JANUARY 4, 2021

A British court has rejected the request of the US government to extradite Wikileaks founder Julian Assange to the country. WikiLeaks founder Julian Assange should not be extradited to the US to stand trial, the Westminster Magistrates’ Court has rejected the US government’s request to extradite him on charges related to illegally obtaining and sharing classified material about national security.

Government 142

Government Risk Passwords Hacking 142

Schneier on Security

JANUARY 8, 2021

This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten (also known as APT 35 or OilRig) is a skilled navigator of vast online networks, maneuvering deftly across an array of organizations, including those in aerospace, energy, finance, government, hospitality, and telecommunications.

Telecommunications 224

Telecommunications Phishing Government Hacking 224

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JANUARY 6, 2021

A joint statement from the FBI, NSA, and other federal agencies says the cyber incident was likely Russian in origin.

Government 206

Government 206

Threatpost

JANUARY 7, 2021

Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

143

143

Security Affairs

JANUARY 7, 2021

An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack. Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could be exploited by attackers to hack into corporate networks.

Hacking 140

Hacking Firewall Technology Information Security 140

Dark Reading

JANUARY 6, 2021

There's a fine line between protecting against suspicious, malicious, or unwanted activity and making users jump through hoops to prove themselves.

142

142

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JANUARY 8, 2021

In organizations, Apple's App Privacy data can start a conversation about privacy-respecting apps as well as help IT leaders stop the use of apps that collect more data than necessary.

162

162

Threatpost

JANUARY 8, 2021

Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds.

Hacking 136

Hacking Government Malware 136

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into the memory of the infected machine, without writing any file to disk.

Malware 145

Malware Encryption Antivirus Passwords 145

WIRED Threat Level

JANUARY 6, 2021

WikiLeaks successor DDoSecrets has amassed a controversial new collection of corporate secrets and is sharing them in the name of transparency.

Ransomware 140

Ransomware 140

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity