Lohrman on Security
MAY 23, 2021
Artificial intelligence is slowly transforming many areas of life — and fast — but we all need to pay attention. Reactions are all over the map, and AI will be used for both good and evil.
Hacker Combat
MAY 27, 2021
What do you do when you wake up one morning and realise that your log in credentials into your system have suddenly become null and void? What actions do you take when it dawns on you that your files have been encrypted with a view of illegally denying you access? Do you want to find out what to do after a ransomware attack? Ransomware attacks have certainly been on the rise since the advent of the information age.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Appknox
MAY 28, 2021
Cyberattacks are getting common and their impact is quite severe. Security breaches are no longer limited to a few large tech companies. Cybercriminals have rapidly altered tactics and started targeting several Small and Medium Enterprises (SMEs) as well.
Troy Hunt
MAY 27, 2021
I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned 's Pwned Passwords. 99.6% of those have come direct from @Cloudflare '
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
MAY 26, 2021
Apostle seems to be a new strain of malware that destroys data. In a post published Tuesday , SentinelOne researchers said they assessed with high confidence that based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian government. While a ransomware note the researchers recovered suggested that Apostle had been used against a critical facility in the United Arab Emirates, the primary target was Israel.
Krebs on Security
MAY 28, 2021
Florian “The Shark” Tudor , the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court. Florian Tudor, at a 2020 press conference in Mexico in which he asserted he was a legitimate businessman and not a mafia boss.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
MAY 24, 2021
Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future.
Schneier on Security
MAY 27, 2021
Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.
Tech Republic Security
MAY 24, 2021
While many employers are tapping technologies to monitor workflows, a new report highlights potential drawbacks and even resentment among surveilled employees.
The Last Watchdog
MAY 26, 2021
We celebrated World Password Day on May 6, 2021. Related: Credential stuffing fuels account takeovers. Did you know that this unconventional celebration got its start in 2013, and that it’s now an official holiday on the annual calendar? Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Troy Hunt
MAY 28, 2021
This week is the culmination of planning that began all the way back in August last year when I announced the intention to start open sourcing the HIBP code base. Today, it's finally happened with Pwned Passwords now completely open to all. That's only been possible with the help of the.NET Foundation because as I've said many times now, this is new territory for me.
Anton on Security
MAY 27, 2021
A SOC Tried To Detect Threats in the Cloud … Your Won’t Believe What Happened Next Now, we all agree that various cloud technologies such as SaaS SIEM help your Security Operations Center (SOC). However, there’s also a need to talk about how traditional SOCs are challenged by the need to monitor cloud computing environments for threats. In this post, I wanted to quickly touch on this very topic and refresh some past analysis of this (and perhaps reminisce on how sad things were in 2012 ).
Tech Republic Security
MAY 28, 2021
We all use container-based images to build applications, but can you trust them? Docker's expansion of its trusted content offering, the Docker Verified Publisher Program, will make it easier.
The Last Watchdog
MAY 24, 2021
Some instructive fresh intelligence about how cyber attacks continue to saturate the Internet comes to us from Akamai Technologies. Related: DHS launches 60-day cybersecurity sprints. Akamai, which happens to be the Hawaiian word for “smart,” recently released its annual State of the Internet security report. As a leading global content delivery network (CDN), Akamai has a birdseye view of what is coursing through cyber space moment-by-moment.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Troy Hunt
MAY 22, 2021
For a week where I didn't think I had much to talk about, I was surprised by what I ended up with by the time I sat down to broadcast. Turns out there's always a lot to discuss, and that's before questions from the live audience as well. As I allude to at the end of this update, next week I'm going to have something really, really cool to announce that has been a long time in the works so keep an eye out for that one ??
Security Boulevard
MAY 28, 2021
Threat actor Nobeliumm, the state-backed Russian group of cybercriminals behind last year’s SolarWinds hacking campaign, has launched a new attack targeting government agencies, think tanks, consultants and non-governmental organizations, according to Microsoft and various news outlets. In a blog post published late Thursday night, Tom Burt, Microsoft’s vice president of customer security and trust, said.
Tech Republic Security
MAY 25, 2021
It's critical to plug cybersecurity vulnerabilities before bad guys get wind of them. To make that happen, businesses should encourage security and developer teams to collaborate, says an expert.
The Last Watchdog
MAY 28, 2021
The same federal agency that makes you take your shoes off and examines your belongings before boarding a flight will begin monitoring cyber incidents at pipeline companies. Related: DHS begins 60-day cybersecurity sprints. The Department of Homeland Security on Thursday issued a directive requiring all pipeline companies to report cyber incidents to DHS’s Transportation Security Administration (TSA.).
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
MAY 26, 2021
Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation is another success of national police in the fight against cybercrime activity in the dark web. It is the third large French-speaking platform seized by the local police after Black Hand in 2018 and French Deep Web Market in 2019.
SecurityTrails
MAY 26, 2021
Find the top shodan dorks to expose critical information collected from publicly available sources.
Tech Republic Security
MAY 24, 2021
The attacks have targeted US healthcare and first responder networks with ransom demands as high as $25 million, says the FBI.
Hot for Security
MAY 25, 2021
Apple Mac users are being advised to update their operating system as a matter of priority, after malicious hackers have discovered a way of bypassing the privacy protections built into Apple Macs. The vulnerability , allows attackers to gain permissions on vulnerable Macs without users’ granting explicit consent. Specifically, as security researchers at Jamf explain , versions of the XCSSET malware hunt for installed apps for which the targeted user may already have granted permission to
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
MAY 25, 2021
Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is aware of a report that this issue may have been actively exploited.” reads the security advisories published by Apple for the abov
Google Security
MAY 25, 2021
Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler Today, we are sharing details around our discovery of Half-Double , a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory. Rowhammer is a DRAM vulnerability whereby repeated accesses to one address can tamper with the data stored at other addresses.
Tech Republic Security
MAY 26, 2021
Recent ransomware attacks indicate that the current model of cybersecurity isn't working. It's time for a wholesale rethink.
Bleeping Computer
MAY 23, 2021
The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website. [.].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
MAY 25, 2021
Cloud security is tough enough, but hybrid cloud adds a few extra challenges, such as visibility between cloud platforms and the difficulty of remaining current with compliance protocols for industry and government regulations. Is zero-trust the answer for hybrid cloud security and its unique challenges? Bill Malik, VP of infrastructure strategies with Trend Micro, addressed.
We Live Security
MAY 25, 2021
You would do well to update to macOS Big Sur 11.4 post-haste. The post Apple fixes macOS zero‑day bug that let malware take secret screenshots appeared first on WeLiveSecurity.
Tech Republic Security
MAY 27, 2021
The hospital chain has been forced to reschedule operations and is working to bring its electronic health record systems back online.
Security Affairs
MAY 22, 2021
QNAP warns customers of updating the HBS 3 disaster recovery app to prevent Qlocker ransomware attack. Taiwanese vendor QNAP is warning its customers of updating the HBS 3 disaster recovery app running on their Network Attached Storage (NAS) devices to prevent Qlocker ransomware infections. At the end of April, experts warned of a new strain of ransomware named Qlocker that was infecting hundreds of QNAP NAS devices on daily bases.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
363 
Let's personalize your content