Security Boulevard
APRIL 15, 2021
There hasn’t been much good news in cybersecurity lately. In the first three months of 2021, organizations have been exposed by zero-days in Microsoft Exchange and Accellion’s secure file transfer appliance, and there have been revelations of three more malware strains related to the SolarWinds Orion product. This brings the total number of malware related.
ZoneAlarm
APRIL 12, 2021
It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. But knowing which emails are real and which are phishing emails is crucial and can save you money and problems … The post Is it Real or not?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CSO Magazine
APRIL 15, 2021
Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d be close. “Qwerty” is another contender for the dubious distinction, but the champion is the most basic, obvious password imaginable: “123456.” Yes, tons of people still use “123456” as a password, according to NordPass's 200 most common passwords of the year for 2020, which is based on analysis of passwords exposed by data breaches.
Schneier on Security
APRIL 14, 2021
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
APRIL 12, 2021
Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. KrebsOnSecurity first heard about the breach from Gemini Advisory , a New York City based threat intelligence firm that keeps a close eye on the cybercrime forums.
Troy Hunt
APRIL 12, 2021
This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020. Their message began as follows: I am currently in the process of claiming compensation for a severe data breach which occurred on the 20th February 2020 Now I'll be honest - I had to Google this one.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
APRIL 15, 2021
The office of the Director of National Intelligence released its “ Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity.
Krebs on Security
APRIL 13, 2021
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.
Tech Republic Security
APRIL 12, 2021
The cybersecurity poverty line is a term that can help companies understand security gaps and build better awareness. Learn more about it and how it applies to your organization.
The Last Watchdog
APRIL 13, 2021
The second Tuesday of April has been christened “ Identity Management Day ” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses. Related: The role of facial recognition. Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
APRIL 13, 2021
News : President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD). I know them both, and think they’re both good choices. More news.
Malwarebytes
APRIL 15, 2021
Two weeks after Google launched a trial to replace run-of-the-mill online user tracking with new-fangled online user tracking, several companies and organizations have pushed back, criticizing the new technology—called FLoC —which is designed to respect people’s privacy more, as a detriment to user privacy. The good news is that, if you want to escape Google’s silent experiment into how it thinks you should be tracked across websites , you now have several options.
Tech Republic Security
APRIL 14, 2021
From remote work and social media to ergonomics and encryption, TechRepublic has dozens of ready-made, downloadable IT policy templates.
Security Boulevard
APRIL 15, 2021
Words have meaning. When I was writing policies, it was imperative that ‘shall’, ‘will’, ‘may’ and ‘must’ be used correctly. The significance of a statement is dependent upon the word selected. With this in mind, it may be time to consider promoting ‘cyber safety’ instead of ‘cybersecurity.’ This is something I contemplate because I, personally, The post Wordsmithing: Cybersecurity or Cyber Safety?
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Schneier on Security
APRIL 16, 2021
Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. (If you are one of the 134K people who read me from Twitter, “hi.”).
The Hacker News
APRIL 14, 2021
Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack.
Tech Republic Security
APRIL 16, 2021
Cyber insurance is gaining favor in the business world. An expert offers tips on how to get what's needed for the best price.
SecureList
APRIL 13, 2021
While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
APRIL 16, 2021
Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday , there are four in Microsoft Exchange that were disclosed by the NSA.
Hot for Security
APRIL 13, 2021
Company hit with ransomware was unable to deliver food to supermarkets Firm’s director says he suspects hackers exploited Microsoft Exchange Server flaw. Shoppers at Dutch supermarkets may have noticed that some cheeses were in short supply last week, and it was cybercriminals who are to blame. Branches of Albert Heijn, the largest supermarket chain in the Netherlands, suffered from food shortages after a ransomware attack hit food transportation and logistics firm Bakker Logistiek over th
Tech Republic Security
APRIL 15, 2021
The banks are being exploited in attacks targeting people filing taxes, getting stimulus checks and ordering home deliveries, says Check Point.
The Hacker News
APRIL 13, 2021
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
APRIL 14, 2021
This is a current list of where and when I am scheduled to speak: I’m keynoting the (all-virtual) RSA Conference 2021 , May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning (via Zoom), July 8-9, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. The list is maintained on this page.
Security Boulevard
APRIL 13, 2021
Familiarising With The Term Cyber Security You must have heard of the word cyber security, making headlines in the news, internet, social media, The post 5 Major Reasons for “Why is Cyber Security Important?” appeared first on Kratikal Blog. The post 5 Major Reasons for “Why is Cyber Security Important?” appeared first on Security Boulevard.
Tech Republic Security
APRIL 14, 2021
Investors pumped almost $8 billion into cybersecurity firms last year, according to Crunchbase.
The Hacker News
APRIL 12, 2021
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Webroot
APRIL 15, 2021
At Webroot, we could go on and on about user experience (UX) design. The study of the way we interact with the tools we use has spawned entire industries, university programs and professions. A Google Scholar search of the term returns over 300 thousand results. Feng Shui, Leonardo Davinci and Walt Disney are all described as important precedents for modern UX.
Security Affairs
APRIL 16, 2021
Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices. Cybersecurity vendor Juniper Networks addressed a critical vulnerability in Junos OS , tracked as CVE-2021-0254, that could allow an attacker to remotely hijack or disrupt affected devices.
Tech Republic Security
APRIL 12, 2021
These bots grab some of the limited stock of the PS5 and Xbox on eBay and Amazon and then resell them at huge markups, says PerimeterX.
Security Boulevard
APRIL 11, 2021
There is nothing better than learning from the experts when it comes to Cybersecurity. Gaining insights from the industry’s top influencers can prove to be crucial in optimizing your Application Security strategy. Without further adieu, we are glad to share […]. The post Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021 appeared first on Reflectiz.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
145 
Let's personalize your content