Krebs on Security
NOVEMBER 26, 2021
A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones.
Schneier on Security
NOVEMBER 22, 2021
I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
NOVEMBER 21, 2021
As global travel returns, airline rules, checks and tests are hard to track. But get ready for more as travel returns for the holidays and 2022. Here’s the latest.
The Last Watchdog
NOVEMBER 22, 2021
More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
NOVEMBER 22, 2021
In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.
Schneier on Security
NOVEMBER 24, 2021
Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Javvad Malik
NOVEMBER 22, 2021
I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. But I do observe CISO’s very closely, and as a result I have figured out how to be an awesome CISO.
Bleeping Computer
NOVEMBER 26, 2021
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. [.].
Schneier on Security
NOVEMBER 26, 2021
Following California’s lead, a new UK law would ban default passwords in IoT devices.
Tech Republic Security
NOVEMBER 23, 2021
Though the feds haven't identified any specific known threats, criminals are prone to strike when key employees are traveling or spending time with family and friends.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
NOVEMBER 25, 2021
Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection. Security researchers from Sansec have discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. Threat actors hides the malware in the task names, then the malicious code is constructed using several layers of compression and base64 decoding.
Bleeping Computer
NOVEMBER 26, 2021
Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling. [.].
Graham Cluley
NOVEMBER 25, 2021
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. Read more in my article on the Tripwire State of Security blog.
Tech Republic Security
NOVEMBER 23, 2021
Third-party app trackers have become a real problem on Android, and DuckDuckGo is doing something about it. Find out why Jack Wallen believes this is the browser you need to use.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
NOVEMBER 26, 2021
Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.
Security Boulevard
NOVEMBER 23, 2021
Although the vast majority of businesses are making multi-cloud a strategic priority in 2022 and keeping security top-of-mind, many feel they lack the tools and skills needed to execute on these plans. In fact, additional security complexities have prevented IT leaders from moving to multiple cloud platforms, even though the majority of organizations know that.
Malwarebytes
NOVEMBER 23, 2021
Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission (SEC) that it had suffered a security breach. In the notice, it explained it had been compromised via an “unauthorized third-party access to our Managed WordPress hosting environment.” The unknown culprit behind the attack stole up to 1.2 million active and inactive customer data, including email addresses, original WordPress admin passwords, Secure File Transfer Pro
Tech Republic Security
NOVEMBER 22, 2021
The hosting company has revealed a security incident that exposed the email addresses and customer numbers of 1.2 million Managed WordPress customers.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Naked Security
NOVEMBER 22, 2021
GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.
Security Affairs
NOVEMBER 22, 2021
Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious approach to block access to victims’ files. The ransomware copies files into password-protected WinRAR archives, it uses a renamed freeware version of the legitimate file utility WinRAR.
The Hacker News
NOVEMBER 22, 2021
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis.
Tech Republic Security
NOVEMBER 22, 2021
Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
NOVEMBER 22, 2021
GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [.].
Security Affairs
NOVEMBER 23, 2021
Researchers spotted dozens of games on Huawei’s AppGallery catalog containing the Android.Cynos.7.origin trojan. Researchers from Dr. Web AV discovered 190 games on Huawei’s AppGallery catalog (i.e. simulators, platformers, arcades, strategies, and shooters) that were containing the Android.Cynos.7.origin trojan. They estimated that the malicious apps were installed on at least 9.300.00 Android devices.
We Live Security
NOVEMBER 22, 2021
Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed. The post What to do if you receive a data breach notice appeared first on WeLiveSecurity.
Tech Republic Security
NOVEMBER 22, 2021
When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Bleeping Computer
NOVEMBER 22, 2021
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. [.].
Security Affairs
NOVEMBER 21, 2021
Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks.
Malwarebytes
NOVEMBER 24, 2021
Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO (fear of missing out) is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after the game launches. There’s a lot of big titles hitting digital storefronts at the moment.
Tech Republic Security
NOVEMBER 24, 2021
Safari is a good browser, but it could be better. Unfortunately, one area that requires improvement is the un-Mac-ifying of the privacy settings. Find out what Jack Wallen means by this.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
72 
Let's personalize your content