Lohrman on Security

SEPTEMBER 5, 2021

For more than a decade there have been calls to merge physical and cybersecurity in global organizations. Is this the right time? What are the benefits?

Cybersecurity 362

Cybersecurity 362

Krebs on Security

SEPTEMBER 8, 2021

Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

Software 353

Software Engineering Internet Internet 353

Troy Hunt

SEPTEMBER 6, 2021

For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API. Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them.

Government 347

Government Data breaches Internet Internet 347

Schneier on Security

SEPTEMBER 7, 2021

Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network. I blogged about a previous prototype here.

Wireless 343

Wireless Hacking 343

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

SEPTEMBER 9, 2021

IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a "thankless task" and that they're the "bad guys" for implementing these rules.

Cybersecurity 218

Cybersecurity 218

Krebs on Security

SEPTEMBER 10, 2021

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.

IoT 338

IoT DDOS Internet Internet 338

Schneier on Security

SEPTEMBER 10, 2021

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.

Data collection 342

Data collection 342

Tech Republic Security

SEPTEMBER 9, 2021

Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate.

Phishing 218

Phishing 218

Security Affairs

SEPTEMBER 9, 2021

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as M?ris. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown.

DDOS 145

DDOS Internet Internet IoT 145

Troy Hunt

SEPTEMBER 10, 2021

An early one today as I made space in the schedule to get out on the water 😎 I'm really liking the new Apple AirTags, I'm disliking some of the international media coverage about Australia's COVID situation, another gov onto HIBP and a blog post I've wanted to write for a long time on biometrics. That last one in particularly I felt was really important as time and time again, I hear these irrational statements from people about the perceived "risks" of biomet

Password Management 245

Password Management Media Passwords Risk 245

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Schneier on Security

SEPTEMBER 9, 2021

We knew the basics of this story , but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.

Hacking 339

Hacking Firewall 339

Tech Republic Security

SEPTEMBER 8, 2021

Only 33% of users surveyed by NordPass changed the default passwords on their IoT devices, leaving the rest susceptible to attack.

IoT 218

IoT Malware Passwords 218

Bleeping Computer

SEPTEMBER 8, 2021

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. [.].

VPN 145

VPN Passwords Accountability 145

CSO Magazine

SEPTEMBER 7, 2021

COVID-19 has changed the face of security forever. The perimeter defense model, which had been slowly crumbling, has now been shattered. Employees are working from home, many of them permanently. Applications are shifting to the cloud at an accelerating pace. Enterprise security today is all about secure remote access and protecting cloud-based assets.

Cybersecurity 145

Cybersecurity CISO 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

SEPTEMBER 8, 2021

Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse. Here’s a link to an archived version.

Risk 337

Risk 337

Tech Republic Security

SEPTEMBER 9, 2021

Cyberattacks have surged during the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious office docs have been on the rise for months, per a new report.

Ransomware 217

Ransomware 217

Security Affairs

SEPTEMBER 5, 2021

The Irish Data Protection Commission has fined WhatsApp €225 million over data sharing transparency for European Union users’ data with Facebook. The Irish Data Protection Commission has fined WhatsApp €225 million for the lack of transparency on how it shares European Union users’ data with Facebook companies. The instant messaging company violated the actual General Data Protection Regulation (GDPR). “The Data Protection Commission (DPC) has today announced a conclusion to a

Hacking 145

Hacking Information Security 145

Trend Micro

SEPTEMBER 9, 2021

Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger.

145

145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

SEPTEMBER 6, 2021

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but according to two of the manufacturers NRK have spoken to, these models are being phased out. “The products in your line-up, Elite Active 65t, Elite 65e and Evolve 75e, will be going out of production

Wireless 325

Wireless Marketing Manufacturing Risk 325

Tech Republic Security

SEPTEMBER 8, 2021

Supervised and unsupervised machine learning are good ways to detect threats. But what's the difference?

Cybersecurity 217

Cybersecurity 217

The Hacker News

SEPTEMBER 4, 2021

The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system.

145

145

Security Affairs

SEPTEMBER 6, 2021

A Russian man accused of being a member of the infamous TrickBot gang was arrested while trying to leave South Korea. A Russian man accused of being a member of the TrickBot gang was arrested last week at the Seoul international airport. The man has remained stuck in the Asian country since February 2020 due to the COVID-19 lockdown imposed by the local government and the cancelation of international travel.

Malware 144

Malware Banking Hacking Government 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

SEPTEMBER 7, 2021

ug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners. [.].

Passwords 144

Passwords 144

Tech Republic Security

SEPTEMBER 8, 2021

Technology is not the only answer: An expert suggests improving the human cyber capacity of a company's workforce plus cybersecurity technology offers a better chance of being safe.

Cybersecurity 216

Cybersecurity Technology 216

We Live Security

SEPTEMBER 9, 2021

The university suffered a ransomware attack, however there is no evidence so far of data being accessed or stolen. The post Howard University suffers cyberattack, suspends online classes in aftermath appeared first on WeLiveSecurity.

Ransomware 144

Ransomware Cybersecurity 144

Security Affairs

SEPTEMBER 10, 2021

Microsoft has fixed the Azurescape issue, a flaw in Azure Container Instances that allows to take over containers of other platform users. Microsoft has addressed a vulnerability in Azure Container Instances (ACI) called Azurescape that could have allowed a malicious container to take over containers belonging to other users. An attacker could exploit the vulnerability to execute commands in the containers of other users and access to their data.

Hacking 144

Hacking Information Security 144

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

SEPTEMBER 6, 2021

Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats. [.].

143

143

Tech Republic Security

SEPTEMBER 8, 2021

Making predictions about data is the next frontier in terms of identifying risk in your infrastructure, expert says. But is it right for your organization?

Cybersecurity 195

Cybersecurity Risk 195

Cisco Security

SEPTEMBER 8, 2021

Cisco Secure Firewall provides industry-leading firewall capabilities for Amazon Virtual Private Cloud (VPC)and resources deployed inside. Customers use these firewalls to protect north-south and east-west traffic. Typically, we provide north-south traffic inspection in AWS infrastructure by deploying a load balancer and adding firewalls behind it. Another approach uses Amazon VPC Ingress Routing to steer traffic to Cisco Secure Firewalls.

Firewall 143

Firewall 143

Security Affairs

SEPTEMBER 4, 2021

FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7. The messages used weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript backdoor, in an attack aimed at a US point-of-sale (PoS) service provider.

Cybercrime 144

Cybercrime Retail Phishing Hacking 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk