Security Boulevard
MARCH 22, 2021
The cybersecurity landscape changed drastically on two fronts in 2020: volume and supply chain complexities. Attack surfaces expanded and softened as employees migrated off well-protected corporate networks and logged on from home. As a result, the number of incidents and the money cybercriminals made from exploits like ransomware skyrocketed, growing 311% to $350M.
InfoWorld on Security
MARCH 23, 2021
Oh, what a cloud year 2020 was. Cloud spending grew by 37% in the first quarter of 2020 alone as many quickly understood that COVID-19 would leave them vulnerable if they were still using traditional data centers. Seeing a hockey stick in revenue and enjoying the urgency to drive processes remotely and securely, cloud service providers had an unexpectedly successful year.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Daniel Miessler
MARCH 24, 2021
This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? People like moving up rankings, so let’s use that! How to use this model. The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene.
Schneier on Security
MARCH 26, 2021
Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger problem in the near future.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
MARCH 23, 2021
A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Schneier on Security
MARCH 22, 2021
This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. There’s a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, and then that they’ve mistyped a dollar amount and have received a large refund that they didn’t deserve.
Troy Hunt
MARCH 20, 2021
A slow start this week as the camera refused to be recognised by any browser. The problem, of course, was that I'd plugged in a new DAC for the replacement speakers ????? Despite the slow start, there's a heap in this week's update on all sorts of different things as I find myself continually drawn in different directions. But that's also what I love about this industry, that there's so much variety and always something to scratch every itch ??
Krebs on Security
MARCH 22, 2021
Remember Norse Corp. , the company behind the interactive “pew-pew” cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch , which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services.
Tech Republic Security
MARCH 22, 2021
HR and recruiting experts offer unique ways to find and hire cybersecurity talent.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Schneier on Security
MARCH 24, 2021
It’s not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used. Listen to Your Key: Towards Acoustics-based Physical Key Inference. Abstract: Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raise
Troy Hunt
MARCH 26, 2021
This ?????? DAC! I mean it's a lovely device, but it's just impossible to use it as an audio source in the browser without it killing the camera. I'm very close to being out of ideas right now, only remaining thing I can think of is to set everything up on the laptop and see if it suffers a similar fate to what's happening on my desktop. The last thing I feel like doing now is burning more precious hours, but it's getting to that point.
Adam Shostack
MARCH 26, 2021
Microsoft AutoUpdate for Mac has gotten exceptionally aggressive about running. Even if you use launchctl to disable it, you get a pop up roughly every 15 minutes of using an Office program. That’s probably a good thing, overall. There’s plenty of evidence that update failures leave folks vulnerable. Note that I’m saying “update failures,” rather than “failure to update”, because updates fail.
Tech Republic Security
MARCH 23, 2021
The 8 top trends cited will enable rapid reinvention, including the skills gap, cybersecurity mesh and identity-first security.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
MARCH 23, 2021
A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software. The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application — using antiquated technology and set for retirement
Security Affairs
MARCH 26, 2021
The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives.
Malwarebytes
MARCH 24, 2021
We’ve been tracking a fraudulent scheme involving renewal notifications for several months now. It came to our attention because the Malwarebytes brand as well as other popular names were being used to send fake invoices via email. The concept is simple but effective. You receive an invoice for a product you may or may not have used in the past for an usually high amount.
Tech Republic Security
MARCH 23, 2021
With most of the world still not vaccinated against COVID-19, criminals are hawking fake vaccine documents, says Check Point Research.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Zero Day
MARCH 24, 2021
The malware’s new worm capabilities have resulted in a rapidly-increasing infection rate.
Security Affairs
MARCH 26, 2021
Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020. .
Hot for Security
MARCH 24, 2021
Clop ransomware gang exploited Accellion flaws to steal data Customers angry that their details were breached, even after closing their accounts long ago. Things don’t get much worse than having to admit to your employees that a gang of cybercriminals have broken into your infrastructure, stolen the private details (social security numbers, names and home addresses) of your staff, and are demanding that your company pays a ransom before further sensitive data is leaked.
Tech Republic Security
MARCH 23, 2021
Jack Wallen offers up his take on the recent issue surrounding Android's WebView.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Quick Heal Antivirus
MARCH 23, 2021
Zloader aka Terdot – a variant of the infamous Zeus banking malware is well known for aggressively using. The post Zloader: Entailing Different Office Files appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Security Boulevard
MARCH 26, 2021
The new 50 Pound note honors Alan Turing. Breaker of Nazi encryption and father of computing. The post Alan Turing, WWII Cryptanalyst and Computer Pioneer, on New £50 Note appeared first on Security Boulevard.
The Hacker News
MARCH 23, 2021
Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. Tracked as CVE-2020-11261 (CVSS score 8.
Tech Republic Security
MARCH 25, 2021
As attackers increasingly target less traditional users, accounts and assets, organizations should consider such a process to tighten security, says CyberArk.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Zero Day
MARCH 22, 2021
As API attacks rise, the security surrounding their usage is now firmly on the radar.
Security Boulevard
MARCH 21, 2021
The Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. The declaration, according to the FCC, is in.
CyberSecurity Insiders
MARCH 21, 2021
Just because you are running a small business doesn’t mean you are out of the reach of cybercriminals and hackers. In fact, small businesses are more susceptible to security breaches and cyberattacks because most often they dont expect the attack, thus are unprepared to handle the situation. Back in 2018, almost two-thirds of the small businesses suffered from cyber security attacks. .
Tech Republic Security
MARCH 26, 2021
New leader is also making changes to the software development process to make it harder for attackers to find vulnerabilities.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
141 
Let's personalize your content