Krebs on Security
SEPTEMBER 28, 2021
The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.
Schneier on Security
OCTOBER 1, 2021
The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. Amid the hack, fewer eyes were on the heart monitors — normally tracked on a large screen at the nurses’ station, in addition to inside the delivery room. Attending obstetrician Katelyn Parnell texted the nurse manager that she would have delivered the baby by caesarean section had she seen the monitor
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
SEPTEMBER 26, 2021
Marc Sokol shares a powerful case study on the benefits of cybersecurity convergence with physical security, an example of measuring risk reduction and other benefits to global enterprises.
Troy Hunt
SEPTEMBER 25, 2021
5 years of weekly updates, wow. It's not like anything of much significance has happened in that time, right?! I've done these videos every single week without fail, through high and lows and no matter where I was in the world. As I say early on, they've helped keep me focused and whilst it hasn't always been easy to sit here and create them each week, I'm very glad I've done it.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
SEPTEMBER 29, 2021
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.
Schneier on Security
SEPTEMBER 28, 2021
These two sites tell you what sorts of information you’re leaking from your browser.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
OCTOBER 1, 2021
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. [.].
Krebs on Security
OCTOBER 1, 2021
The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity. In a long-overdue notice issued Sept. 30 , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before
Schneier on Security
SEPTEMBER 30, 2021
The NSA and CISA have released a document on how to harden your VPN.
Tech Republic Security
SEPTEMBER 30, 2021
Microsoft has just released its most recent Windows Server platform. Check out the improved hybrid cloud features, beefed up security and improved support for large on-premises applications.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Bleeping Computer
SEPTEMBER 29, 2021
A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. [.].
Veracode Security
SEPTEMBER 30, 2021
IDEs and build infrastructure are being a target of various threat actors since at least 2015 when XcodeGhost has been discovered - [link] malware-ridden Apple Xcode IDE that enabled attackers to plant malware in iOS applications built using it. Attacks executed through builds abuse trust we have in our build tools, IDEs, and software projects. This is slowly changing (for example Visual Studio Code added Workspace Trust feature in one of the recent releases: [link] yet at the same time,NET 5 a
Schneier on Security
SEPTEMBER 27, 2021
Good article about the current state of cryptocurrency forensics.
Tech Republic Security
OCTOBER 1, 2021
The study, from Cisco, comes with the announcement of its New Trust Standard, a benchmark for seeing how trustworthy businesses are as they embrace digital transformation.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
SEPTEMBER 28, 2021
A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. Even better, the script also works on virtual machines, allowing you to upgrade to the latest Windows Insider build. [.].
SecureList
SEPTEMBER 28, 2021
FinSpy, also known as FinFisher or Wingbird , is an infamous surveillance toolset. Kaspersky has been tracking deployments of this spyware since 2011. Historically, its Windows implant was distributed through a single-stage installer. This version was detected and researched several times up to 2018. Since that year, we observed a decreasing detection rate of FinSpy for Windows.
Security Boulevard
SEPTEMBER 30, 2021
After a year spent managing increased business risks—including security, IT resiliency and cybersecurity concerns—business leaders need to adjust their mindset when it pertains to risk management and avoid the more traditional approach to crisis management and business continuity planning. The past year has also changed the inherent risks companies, both globally and here in the.
Tech Republic Security
OCTOBER 1, 2021
The SOS program, run by the Linux Foundation, will reward developers with potentially more than $10,000 for enhancing the security of critical open source software.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
SEPTEMBER 26, 2021
Microsoft announced that Basic Authentication will be turned off for all protocols in all tenants starting October 1st, 2022, to protect millions of Exchange Online users. [.].
The Hacker News
OCTOBER 1, 2021
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
We Live Security
SEPTEMBER 27, 2021
The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes. The post Google releases emergency fix to plug zero‑day hole in Chrome appeared first on WeLiveSecurity.
Tech Republic Security
SEPTEMBER 27, 2021
Dubbed TangleBot, the malware can overlay financial apps with its own screens in an attempt to steal your account credentials, says Cloudmark.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
SEPTEMBER 29, 2021
Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet set as a transit card. [.].
Cisco Security
SEPTEMBER 29, 2021
Protecting privacy continues to be a critical issue for individuals, organizations, and governments around the world. Eighteen months into the COVID-19 pandemic, our health information and vaccination status are needed more than ever to understand the virus, control the spread, and enable safer environments for work, learning, recreation, and other activities.
CyberSecurity Insiders
OCTOBER 1, 2021
This article was written by an independent guest author. As the threat landscape evolves faster than we can keep up with, organizations must be aware of the type of threats they may face. Certain threat types, like ransomware and malware, are more prominent and therefore must be fought with the appropriate resources. On the other hand, some threat types are not prevalent and pose significantly less risk.
Tech Republic Security
SEPTEMBER 28, 2021
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
SEPTEMBER 30, 2021
The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months. Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues.
Security Affairs
SEPTEMBER 29, 2021
The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access to a vulnerable device can access Notes via Siri/Voice Over.
Security Boulevard
OCTOBER 1, 2021
On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) once again threatened sanctions against companies for paying ransom in the event that their data or systems were hijacked by hackers. In a new advisory, the federal agency noted that paying ransom strengthens adversaries, encourages more ransomware attacks and facilitates future.
Tech Republic Security
SEPTEMBER 29, 2021
Not all organizations have a team or even staffers who can focus solely on vulnerability management, says Trustwave.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
342 
Let's personalize your content