Schneier on Security

SEPTEMBER 30, 2021

The NSA and CISA have released a document on how to harden your VPN.

VPN 349

VPN 349

Krebs on Security

SEPTEMBER 28, 2021

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.

Mobile 348

Mobile Phishing Malware Software 348

Troy Hunt

SEPTEMBER 25, 2021

5 years of weekly updates, wow. It's not like anything of much significance has happened in that time, right?! I've done these videos every single week without fail, through high and lows and no matter where I was in the world. As I say early on, they've helped keep me focused and whilst it hasn't always been easy to sit here and create them each week, I'm very glad I've done it.

Encryption 290

Encryption Phishing Government 290

Lohrman on Security

SEPTEMBER 26, 2021

Marc Sokol shares a powerful case study on the benefits of cybersecurity convergence with physical security, an example of measuring risk reduction and other benefits to global enterprises.

Risk 283

Risk Cybersecurity 283

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

SEPTEMBER 28, 2021

These two sites tell you what sorts of information you’re leaking from your browser.

342

342

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

Passwords 342

Passwords Mobile Authentication Banking 342

Bleeping Computer

OCTOBER 1, 2021

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. [.].

Cryptocurrency 145

Cryptocurrency Authentication 145

Schneier on Security

SEPTEMBER 27, 2021

Good article about the current state of cryptocurrency forensics.

Cryptocurrency 336

Cryptocurrency 336

Krebs on Security

OCTOBER 1, 2021

The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity. In a long-overdue notice issued Sept. 30 , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before

Wireless 338

Wireless Mobile Passwords Authentication 338

Tech Republic Security

SEPTEMBER 27, 2021

Commercially-available malware, with minimal modification, is behind attacks against the Indian government, says Cisco's Talos security research group.

Government 218

Government Malware 218

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

SecureList

SEPTEMBER 30, 2021

Download GhostEmperor’s technical details (PDF). While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers.

Malware 145

Malware Engineering Encryption Telecommunications 145

Schneier on Security

OCTOBER 1, 2021

The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. Amid the hack, fewer eyes were on the heart monitors — normally tracked on a large screen at the nurses’ station, in addition to inside the delivery room. Attending obstetrician Katelyn Parnell texted the nurse manager that she would have delivered the baby by caesarean section had she seen the monitor

Ransomware 333

Ransomware Hacking Accountability Healthcare 333

Cisco Security

SEPTEMBER 29, 2021

Protecting privacy continues to be a critical issue for individuals, organizations, and governments around the world. Eighteen months into the COVID-19 pandemic, our health information and vaccination status are needed more than ever to understand the virus, control the spread, and enable safer environments for work, learning, recreation, and other activities.

Artificial Intelligence 145

Artificial Intelligence Government Data privacy Marketing 145

Tech Republic Security

OCTOBER 1, 2021

The SOS program, run by the Linux Foundation, will reward developers with potentially more than $10,000 for enhancing the security of critical open source software.

Software 207

Software 207

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

We Live Security

SEPTEMBER 27, 2021

The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes. The post Google releases emergency fix to plug zero‑day hole in Chrome appeared first on WeLiveSecurity.

145

145

Bleeping Computer

SEPTEMBER 29, 2021

Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet set as a transit card. [.].

145

145

Cisco Security

SEPTEMBER 29, 2021

As we ride the biggest digital wave in history, the internet has become fundamental to how society maintains livelihoods, conducts business, and stays connected. With it, come a constant evolution of risk. Phishing, service disruptions, ransomware, and other attacks hijack data, destroy sources of income, steal identities and invade privacy, derail nations, and change the course of history.

Digital transformation 145

Digital transformation Risk Security Awareness Technology 145

Tech Republic Security

SEPTEMBER 28, 2021

A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.

Phishing 201

Phishing Encryption 201

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

OCTOBER 1, 2021

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.

Malware 145

Malware Hacking 145

Bleeping Computer

SEPTEMBER 29, 2021

A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. [.].

Malware 145

Malware 145

Cisco Security

SEPTEMBER 28, 2021

Cybersecurity affects all of us, but the industry uses complicated terms that make it hard to understand. For example, what is ransomware and how does it work? What does phishing mean? Or zero trust? Let’s discuss these cyber concepts in simple, everyday language. And let’s cover what the good guys are doing to make our online lives safer. What’s ransomware?

Phishing 145

Phishing Ransomware Passwords Cryptocurrency 145

Tech Republic Security

SEPTEMBER 27, 2021

Dubbed TangleBot, the malware can overlay financial apps with its own screens in an attempt to steal your account credentials, says Cloudmark.

Malware 195

Malware Accountability 195

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

SEPTEMBER 25, 2021

The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers. GSS customer care and call center provider has suffered a ransomware attack that crippled its system and paralyzed call centers serving its Spanish-speaking customers. GSS is the Spanish and Latin America division of Covisian, a European giant of customer care and call center providers.

Ransomware 145

Ransomware Backups Hacking Cybercrime 145

Veracode Security

SEPTEMBER 30, 2021

IDEs and build infrastructure are being a target of various threat actors since at least 2015 when XcodeGhost has been discovered - [link] malware-ridden Apple Xcode IDE that enabled attackers to plant malware in iOS applications built using it. Attacks executed through builds abuse trust we have in our build tools, IDEs, and software projects. This is slowly changing (for example Visual Studio Code added Workspace Trust feature in one of the recent releases: [link] yet at the same time,NET 5 a

Malware 145

Malware Software Risk Encryption 145

Cisco Security

SEPTEMBER 30, 2021

Cisco Secure Managed Remote Access is Support Worth a Smile. Chandrodaya Prasad (VP, Network & Application Security Product Management) and AJ Shipley (VP, Product Management, CX Security & Collaboration) discuss the new cloud-delivered managed service offering—Cisco Secure Managed Remote Access (CSMRA)—and the value it delivers enterprise customers.

Marketing 144

Marketing Firewall Cyber threats Cybercrime 144

Tech Republic Security

OCTOBER 1, 2021

The study, from Cisco, comes with the announcement of its New Trust Standard, a benchmark for seeing how trustworthy businesses are as they embrace digital transformation.

Digital transformation 191

Digital transformation 191

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

SEPTEMBER 29, 2021

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access to a vulnerable device can access Notes via Siri/Voice Over.

Mobile 145

Mobile Hacking Information Security Malware 145

Bleeping Computer

SEPTEMBER 28, 2021

A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. Even better, the script also works on virtual machines, allowing you to upgrade to the latest Windows Insider build. [.].

144

144

Zero Day

SEPTEMBER 29, 2021

Guardicore's zero-trust solutions brought it to the attention of the CDN.

Cybersecurity 143

Cybersecurity 143

Tech Republic Security

SEPTEMBER 30, 2021

Microsoft has just released its most recent Windows Server platform. Check out the improved hybrid cloud features, beefed up security and improved support for large on-premises applications.

191

191

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk