Lohrman on Security
MAY 23, 2021
Artificial intelligence is slowly transforming many areas of life — and fast — but we all need to pay attention. Reactions are all over the map, and AI will be used for both good and evil.
Hacker Combat
MAY 27, 2021
What do you do when you wake up one morning and realise that your log in credentials into your system have suddenly become null and void? What actions do you take when it dawns on you that your files have been encrypted with a view of illegally denying you access? Do you want to find out what to do after a ransomware attack? Ransomware attacks have certainly been on the rise since the advent of the information age.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Appknox
MAY 28, 2021
Cyberattacks are getting common and their impact is quite severe. Security breaches are no longer limited to a few large tech companies. Cybercriminals have rapidly altered tactics and started targeting several Small and Medium Enterprises (SMEs) as well.
Troy Hunt
MAY 27, 2021
I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned 's Pwned Passwords. 99.6% of those have come direct from @Cloudflare '
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
MAY 26, 2021
Apostle seems to be a new strain of malware that destroys data. In a post published Tuesday , SentinelOne researchers said they assessed with high confidence that based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian government. While a ransomware note the researchers recovered suggested that Apostle had been used against a critical facility in the United Arab Emirates, the primary target was Israel.
Krebs on Security
MAY 28, 2021
Florian “The Shark” Tudor , the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court. Florian Tudor, at a 2020 press conference in Mexico in which he asserted he was a legitimate businessman and not a mafia boss.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
MAY 24, 2021
Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future.
Schneier on Security
MAY 27, 2021
Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.
Security Boulevard
MAY 28, 2021
Threat actor Nobeliumm, the state-backed Russian group of cybercriminals behind last year’s SolarWinds hacking campaign, has launched a new attack targeting government agencies, think tanks, consultants and non-governmental organizations, according to Microsoft and various news outlets. In a blog post published late Thursday night, Tom Burt, Microsoft’s vice president of customer security and trust, said.
Tech Republic Security
MAY 28, 2021
We all use container-based images to build applications, but can you trust them? Docker's expansion of its trusted content offering, the Docker Verified Publisher Program, will make it easier.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Troy Hunt
MAY 28, 2021
This week is the culmination of planning that began all the way back in August last year when I announced the intention to start open sourcing the HIBP code base. Today, it's finally happened with Pwned Passwords now completely open to all. That's only been possible with the help of the.NET Foundation because as I've said many times now, this is new territory for me.
Hot for Security
MAY 25, 2021
Apple Mac users are being advised to update their operating system as a matter of priority, after malicious hackers have discovered a way of bypassing the privacy protections built into Apple Macs. The vulnerability , allows attackers to gain permissions on vulnerable Macs without users’ granting explicit consent. Specifically, as security researchers at Jamf explain , versions of the XCSSET malware hunt for installed apps for which the targeted user may already have granted permission to
Security Boulevard
MAY 25, 2021
Cloud security is tough enough, but hybrid cloud adds a few extra challenges, such as visibility between cloud platforms and the difficulty of remaining current with compliance protocols for industry and government regulations. Is zero-trust the answer for hybrid cloud security and its unique challenges? Bill Malik, VP of infrastructure strategies with Trend Micro, addressed.
Tech Republic Security
MAY 25, 2021
It's critical to plug cybersecurity vulnerabilities before bad guys get wind of them. To make that happen, businesses should encourage security and developer teams to collaborate, says an expert.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
MAY 25, 2021
Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is aware of a report that this issue may have been actively exploited.” reads the security advisories published by Apple for the abov
Google Security
MAY 25, 2021
Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler Today, we are sharing details around our discovery of Half-Double , a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory. Rowhammer is a DRAM vulnerability whereby repeated accesses to one address can tamper with the data stored at other addresses.
Bleeping Computer
MAY 25, 2021
VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. [.].
Tech Republic Security
MAY 27, 2021
Owners and operators will have to identify any gaps in their security and report new incidents to key federal agencies because of the Colonial Pipeline ransomware attack.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
MAY 23, 2021
The Alaska health department website was forced offline by a malware attack, officials are investigating the incident. The website of the Alaska health department was forced offline this week by a malware attack. Local authorities launched an investigation into the attack, at the time of this writing, they did not provide details about the intrusion.
Security Boulevard
MAY 28, 2021
Rowhammer has a new variant. And it’s been made easier: DDR4 memory is getting denser, so the individual bits are physically closer together. The post Grandchild of Rowhammer: ‘Half-Double’ Tactic Flips Farther Bits appeared first on Security Boulevard.
We Live Security
MAY 25, 2021
You would do well to update to macOS Big Sur 11.4 post-haste. The post Apple fixes macOS zero‑day bug that let malware take secret screenshots appeared first on WeLiveSecurity.
Tech Republic Security
MAY 24, 2021
The attacks have targeted US healthcare and first responder networks with ransom demands as high as $25 million, says the FBI.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
MAY 26, 2021
Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation is another success of national police in the fight against cybercrime activity in the dark web. It is the third large French-speaking platform seized by the local police after Black Hand in 2018 and French Deep Web Market in 2019.
Security Boulevard
MAY 22, 2021
This week’s news roundup is all about data. Kicking things off is a recently announced breach at Mercari, predictions for “data poisoning” becoming a big attack vector, and the possibility of a national data breach disclosure law. . Read on for the news. The post Security News In Review: Data Breaches, Data Poison, and Big Data appeared first on Security Boulevard.
We Live Security
MAY 27, 2021
Here’s how easily your phone number could be stolen, why a successful SIM swap scam is only the beginning of your problems, and how you can avoid becoming a victim of the attack. The post I hacked my friend’s website after a SIM swap attack appeared first on WeLiveSecurity.
Tech Republic Security
MAY 28, 2021
Operating in Russia, the Nobelium cybercrime group has targeted 3,000 email accounts across more than 150 organizations, says Microsoft.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Webroot
MAY 25, 2021
If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous term; everyone wants it to be better, but what exactly does that mean? And how do you properly measure it?
Security Boulevard
MAY 24, 2021
Ireland’s Health Service Executive suffered a catastrophic ransomware attack last week. But now the gang seems to have had a change of heart. The post Ransomware Gang Frees Irish Medical Data—but Leak Threat Remains appeared first on Security Boulevard.
Bleeping Computer
MAY 22, 2021
A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service. [.].
Tech Republic Security
MAY 26, 2021
Recent ransomware attacks indicate that the current model of cybersecurity isn't working. It's time for a wholesale rethink.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
360 
Let's personalize your content